InduSoft Web Studio SCADA is prone to a vulnerability that may allow execution of REVERB1 if this dll is located in the same folder than .APP file. The attacker must entice a victim into opening a specially crafted .APP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in the ISSymbol.ocx control included in the InduSoft Web Studio ActiveX application. The exploit is triggered when the OpenScreen() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Incredimail IMMenuShellExt ActiveX control vulnerability.
ImgBurn is prone to a vulnerability that may allow execution of dwmapi.dll if this dll is located in the same folder as a .CUE file. The attacker must entice a victim into opening a specially crafted .CUE file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in the ImageViewer2.ocx module included in the Viscom Image Viewer application. The exploit is triggered when the TifMergeMultiFiles() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in the ImageViewer2.ocx module included in the Viscom Image Viewer application. The exploit is triggered when the Image2PDF() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a buffer overflow vulnerability in the Image22 ActiveX Control. The exploit is triggered when the DrawIcon() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Microsoft XML Core Services. This flaw is due to a memory corruption error in the XMLHTTP ActiveX Control when processing specially crafted arguments passed to a "setRequestHeader()" method, which is used to install an agent in the target host. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The module starts a HTTP server in the source agent, when the victim system tries to retrieve any file, it sends a malicious HTML page that installs an agent in the victim's machine, bypassing sandbox restrictions. Taking into account the nature of this exploit, exploitation reliability depends on the browser configuration (scripting has to be enabled, by default is enabled) and other factors such as system load. This exploit needs to open some windows in the target client system, so the exploitation attempt may be noticed by a trained user. If an agent is installed, it will remain persistent and must be removed manually.
Subscribe to Impact