The vulnerability is caused due to boundary errors in PlaybackModule2.dll within the processing of SRT subtitles. This can be exploited to cause a stack-based buffer overflow when the victim opens a specially crafted file with an overly long subtitle line.
This module exploits a vulnerability in Diamond Programmer. The vulnerability is caused due to boundary error in the processing of xcf files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Destiny Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Destiny Media Player when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The CrazyTalk4Native.dll bundled with Dell Webcam Central is prone to a buffer overflow which is exploited by this module. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. Note that the affected ActiveX component may be present on other DELL products. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is caused due to boundary errors in dBpowerAMP within the processing of M3U files. dBpowerAMP fails to check the length of the string in M3U playlist archives, allowing an attacker to cause a stack overflow in order to execute arbitrary code.
Daemon Tools Lite is prone to a vulnerability that may allow execution of MFC80LOC.DLL if this dll is located in the same folder than .MDS file. The attacker must entice a victim into opening a specially crafted .MDS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in Cytel StatXact. The vulnerability is caused due to boundary error within the processing of .CY3 project files. This can be exploited to cause a stack-based buffer overflow when a specially crafted .CY3 file is opened. This module runs a malicious website on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the website.
This module exploits a vulnerability in Cytel LogXact. The vulnerability is caused due to boundary error within the processing of .CY3 project files. This can be exploited to cause a stack-based buffer overflow when a specially crafted .CY3 file is opened. This module runs a malicious website on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the website.
This module exploits a vulnerability in the ChartFX.ClientServer.Core.dll module included in the CYME ChartFX application. The exploit is triggered when the ShowPropertiesDialog() method processes a crafted argument resulting in a memory corruption. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 and 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Impact