Kingsoft Writer is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .DOC document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Kingsoft Writer is prone to a Buffer Overflow when handling font names via a specially crafted WPS file with an overly long font name. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Kingsoft Writer 2010 is prone to a vulnerability that may allow execution of plgpf.dll if this dll is located in the same folder than .WPS file. The attacker must entice a victim into opening a specially crafted .WPS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Kingsoft Writer is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .WPS document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
KeePass Password Safe is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .KDBX file. The attacker must entice a victim into opening a specially crafted .KDBX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The vulnerability is caused due to a boundary error within the parsing of .SSA files, this can be exploited to cause a stack-based buffer overflow via a .SSA file with an overly long file string. Kantaris uses a vulnerable library that was originally shipped by VideoLAN VLC 0.8.6d. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a XSS vulnerability in JOnAS which allows CORE Core Impact to perform remote command injection impersonating an administrator and uploading a plugin to the JOnAS server. This module runs a web server waiting for a JOnAS administrator to connect to it. When the client connects, it will retrieve the JOnAS administrator cookie and try to install an agent on the JOnAS server by installing a custom plugin in JOnAS.
This module exploits a vulnerability in the JetAudio ActiveX Control (JetFlExt.dll). The exploit is triggered when a special string argument is processed by the DownloadFromMusicStore() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
IZArc is prone to a vulnerability that may allow the execution of any library file named wintab32.dll, if this dll is located in the same folder than a .ARJ file. The attacker must entice a victim into opening a specially crafted .ARJ file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Subscribe to Impact