This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
VLC Media Player is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .S3M file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. If target system does not have either the ActiveX plugin (Internet Explorer) or the Mozilla plugin (Firefox, Opera), when the user clicks on the e-mail link the browser will download a file in order to be executed so agent can be deployed. Otherwise, remote file will be executed directly.
VLC is able to handle the subtitles automatically in a very simple way,it just checks the presence of SSA files with the same name of the loaded video and a possible subtitles folder. The functions which handle the MicroDVD, SSA and VPlayer subtitle formats are vulnerable to some stack based buffer-overflow vulnerabilities which can allow an attacker to execute malicious code. This module runs a web server waiting for vulnerable clients (Internet Explorer, Opera or Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A code execution vulnerability exists in the way that VLC handles specially crafted .AMV files when opening in Internet Explorer 6 or 7 This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is due to an error while parsing Parts field in ABC files which can result in an integer overflow in the libmodplug library used by VLC Media Player. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in the PDWizard.ocx of the Visual Studio application. The module will run a malicious website in the Core Impact console and wait for a user to connect and trigger the exploit. This module runs a web server waiting for vulnerable clients (Internet Explorer 5 or 6) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is caused due to a boundary error in VisiWave Site Survey Report when handling report files. This can be exploited to cause a stack based buffer overflow via a specially crafted .VWR file. This module bypass DEP using ROP techniques. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
VideoSpirit Pro is prone to a buffer overflow when parsing a .VISPRJ project file that contains an overly long "MP3" value. The vulnerability is caused due to a wrong check of the data before it is passed to strcpy(). This can be exploited to cause a stack-based buffer overflow via a specially crafted .VISPRJ file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Subscribe to Impact