Advantech Webaccess suffers from an ActiveX buffer overflow. The specific flaw exists within the Connect method in webeye.ocx module.The control does not check the length of an attacker-supplied string in the Connect method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8 to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
By providing an overly long string to the GetColor parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8) to connect to it.
By providing an overly long string to the NodeName parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8) to connect to it.
By providing an overly long string to the AccessCode2 parameter, an attacker may be able to overflow the static stack buffer. The attacker may then execute code on the target device remotely. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8 or 9) to connect to it.
Advantech Studio ISSymbol ActiveX control ISSymbol.ocx is vulnerable to a buffer overflow, caused by a long bstrFileName argument to the InternationalOrder method. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability exists in AdamView when handling a specially crafted GNI file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Advantage Data Architect is prone to a vulnerability that may allow the execution of any library file named wfapi.dll, if this dll is located in the same folder than a .ADT file. The attacker must entice a victim into opening a specially crafted .ADT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in Adrenalin Player .WAX files. The vulnerability is caused due to lack of boundary checks in exporting a WAX file witch causes an Buffer Overflow of the stack and a SEH attack is possible due to a vulnerable DLL included in the software. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in Adrenalin Player .ASX files. The vulnerability is caused due to lack of boundary checks in exporting an ASX file witch causes an Buffer Overflow of the stack and a SEH attack is possible due to a vulnerable DLL included in the software. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in Adobe Shockwave triggered when processing a specially crafted .DIR file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.