Microsoft Windows is prone to a vulnerability that may allow a DLL file to be automatically loaded because the software fails to handle LNK files properly.

Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted LNK file can cause Windows to automatically execute code that is specified by the shortcut file.

This vulnerability is the result of an incomplete fix for MS10-046 (CVE-2010-2568).



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a vulnerability in Internet Explorer 10/11 by downgrading the encryption from TLS 1.x to SSLv3.

After that, part of the encrypted text plain will be decrypted.

This update includes a module that executes a program designed to test a buffer overflow in glibc's __nss_hostname_digits_dots function. The function is used by the gethostbyname*() functions family used for name resolution. Under some circumstances, the use of those functions when the vulnerable underlying function is present, may lead to remote code execution, privilege escalation, or information disclosure.

This update includes a module that executes a program designed to test a buffer overflow in glibc's __nss_hostname_digits_dots function. The function is used by the gethostbyname*() functions family used for name resolution. Under some circumstances, the use of those functions when the vulnerable underlying function is present, may lead to remote code execution, privilege escalation, or information disclosure.

This update introduces improvements and fixes to classes related to DHCP servers.

This update makes a new version of DLLMaker library available to exploits.



New features and fixes:

+ Compatibility with PROCESS_MITIGATION_ASLR_POLICY process creation flags.

+ fixes IAT inconsistencies

+ new sections: .reloc, .rsrc.

+ adds VS_VERSION_INFO resource

This update includes a module implementing a DHCP server that'll attack querying hosts using the GNU Bash Environment Variables Injection vulnerability.

This module checks for vulnerabilities in UPnP-enabled systems. It sends a SSDP "M-SEARCH" packet to the multicast group (239.255.255.250) and checks for known banners corresponding to vulnerable UPnP SDK versions.

A Buffer overflow against the com_print_typeinfo function in PHP running on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types.

The SSL protocol encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack on an HTTPS session.



This module attacks the SSLv3 implementation in the Oracle Java Runtime Enviroment. The module is capable of obtaining encrypted cookies from browsers running the affected Java Runtimes.