Impact | Core Security

The vulnerability is caused due to boundary errors in wordperfect within the processing of WPD files. Wordperfect X3 fails to check the length of the printer selection (.PRS) filename stored inside Wordperfect documents, allowing an attacker to cause a stack overflow in order to execute arbitrary code.

WM Downloader contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in WM Downloader when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

This module exploits a vulnerability in the WBEMSingleView.ocx control included in the WMI Tools ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the way WMF metafile images are handled by Microsoft Window's graphic rendering engine. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. Also, this module can drop a specially crafted WMF file in a local folder of the user's choice. This file can later be embedded into a Microsoft Office document or placed in a shared folder. Exploitation will occur in the first case when the user opens the document, and in the second case when the user double clicks on the image file, or simply browses the folder in Thumbnail View. Note that the file does not need to have the .wmf extension to work correctly, as Windows will detect the correct file type by examining it's contents.

This module exploits a stack buffer overflow in Wireshark when opening a crafted .PCAP file, resulting in arbitrary code execution. This module bypass DEP using ROP techniques. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a vulnerability to make WireShark run an arbitrary LUA script using a method similar to DLL hijacking when opening a .PCAP file. The attacker must entice a victim into opening a .PCAP file. This file and the associated LUA script may be delivered to a user through remote WebDAV shares.

Wireshark is prone to a vulnerability that may allow execution of airpcap.dll if this dll is located in the same folder than .PCAP file. The attacker must entice a victim into opening a specially crafted .PCAP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the WinZip FileView ActiveX control vulnerability.

The ATT Windows VNC client ships with a remotely exploitable buffer overflow. By providing a specially crafted response a malicious server has the ability to obtain access to the client machine and execute arbitrary commands as the user running the client software.

Subscribe to Impact

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum