Yahoo! Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Yahoo! Player when handling .YPL files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .YPL file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the Yahoo Music Jukebox ActiveX Control(datagrid.dll). When the AddButton() method processes a long string argument, a stack based buffer overflow occurs allowing execution of arbitrary code. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Xnview is prone to a stack based buffer overflow which can be exploited through a specially crafted image layer within an XCF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A security vulnerability with the way XnView processes TAAC files may allow a remote unprivileged user who provides a TAAC document that is opened or previewed by a local user to execute arbitrary commands on the system with the privileges of the user running XnView. This can be exploited to cause a buffer overflow when a specially crafted file is opened or previewed. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Xnview is prone to a stack based buffer overflow which can be exploited through a specially crafted PSP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
XMPlay contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in XMPlay when handling .ASX, .M3U and .PLS files. This exploit uses a crafted .M3U to cause a stack-based buffer overflow. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The vulnerability is caused due to a boundary error in Xion when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Buffer overflow in Xenorate exists when opening a crafted XPL file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The vulnerability is caused due to boundary errors in Word List Builder 1.0 within the processing of DIC files. This can be exploited to cause a stack-based buffer overflow when the victim opens a specially crafted file with an overly long supplied data.
The vulnerability is caused due to boundary errors in Wordtrainer 3.0 within the processing of ORD files. This can be exploited to cause a stack-based buffer overflow when the victim opens a specially crafted file with an overly long supplied data.