A vulnerability exists within the WkWin32.dll module when processing the DisplayMessageDialog() method. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
By properly setting the ProjectURL property, it is possible for an attacker to download an arbitrary dll file from a remote location and run the code in the dll in the context of the target process. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is a buffer overflow and exists within the Webgate WESP SDK WESPMonitor Module ActiveX control's LoadLibrary property. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8 to connect to it.
Watermark Master is prone to a buffer overflow vulnerability when handling WCF files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Multiple stack buffer overflow vulnerabilities have been discovered in Amaya, which can be exploited by malicious people to compromise a users system. This module runs a web server waiting for vulnerable clients (W3C Amaya Web Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .CUE files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .CUE file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Vortex Light Alloy is prone to a buffer overflow vulnerability when handling .M3U files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Various VMware products are prone to a stack overflow when parsing a specially crafted ISO file.
This module exploits a vulnerability in VMware OVF Tool. The vulnerability is caused due to boundary error in the processing of .OVF files. This can be exploited to cause a format string when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.