The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

The vulnerability is caused due to boundary errors in lzh.fmt within the processing of LHA archives. This can be exploited to cause a stack-based buffer overflow when a specially crafted file with an overly long filename is opened.

This module exploits a vulnerability located in the parameter parser of the Microsoft Windows WinHLP facility. This facility is used by the Microsoft Internet Explorer web browser.

WinHex is prone to a vulnerability that may allow the execution of any library file named hash.dll, if this dll is located in the same folder as a .WHX file. The attacker must entice a victim into opening a specially crafted .WHX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a heap-based buffer overflow in the Microsoft Windows Movie Maker application by sending a specially crafted .MSWMM file.

Windows Media Encoder is prone to a vulnerability that may allow the execution of any library file named wmerrorENU.dll, if this dll is located in the same folder as a .PRX file. The attacker must entice a victim into opening a specially crafted .PRX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Windows Live Mail is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .EML file. The attacker must entice a victim into opening a specially crafted .EML file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

The vulnerability is on IDF entry of tif/tiff image format, the Kodak Image Viewer reserves a insufficient buffer in the stack for write the entry to it. When Kodak Image Viewer opens the file, it produces a stack overflow and install an agent.

This module exploits a buffer overflow in the Microsoft Color Management Module via an jpeg image with crafted ICC profile format tags and installs an agent.

This module exploits a buffer overflow in the Microsoft Internet Explorer when calling the 'setSlice' method of the WebViewFolderIcon.WebViewFolderIcon.1 ActiveX object with the first parameter set to 0x7ffffffe. This causes an invalid memory copy and may result in arbitrary code execution and/or a loss of availability for the browser.