This module exploits a buffer overflow in the Microsoft Internet Explorer via a Stack-based buffer overflow in Microsoft Internet Explorer allowing remote attackers to execute arbitrary code via a long fill parameter within a rect tag in a Vector Markup Language (VML) file.
A remote code execution vulnerability exists in the way that Windows handles cursor, animated cursor, and icon formats. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message (MS07-017)
This module exploits a vulnerability in Winamp Player when parsing the Ultravox Streaming metadata. This module runs a web server waiting for vulnerable clients (Internet Explorer, Opera or Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Winamp is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .MID file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in order to install an agent via crafted samples in an Impulse Tracker file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
A stack-based buffer overflow in Winamp allows an attacker to execute arbitrary code via crafted .MAKI file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Winamp is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder than a .CDA file. The attacker must entice a victim into opening a specially crafted .CDA file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the way .PLS (Play List) files are handled by Winamp 5.12. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. Also, this module can drop a specially crafted PLS file in a local folder of the user's choice.
Subscribe to Impact