This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group.
This module exploits a vulnerability in the Linux Kernel. The futex_requeue function in kernel/futex.c in the Linux kernel does not ensure that calls have two different futex addresses, which allows local attackers to gain privileges via a crafted FUTEX_REQUEUE command.
This update makes a new version of DLLMaker library available to exploits.
New features and fixes:
+ Compatibility with PROCESS_MITIGATION_ASLR_POLICY process creation flags.
+ fixes IAT inconsistencies
+ new sections: .reloc, .rsrc.
+ adds VS_VERSION_INFO resource
New features and fixes:
+ Compatibility with PROCESS_MITIGATION_ASLR_POLICY process creation flags.
+ fixes IAT inconsistencies
+ new sections: .reloc, .rsrc.
+ adds VS_VERSION_INFO resource
This module exploits a vulnerability in "schannel.dll" by sending a crafted certificate packet to the "Internet Information Services" server via TLS protocol producing a heap overflow in the critical LSASS Windows process.
This update reduces the time of the target exploitation.
Besides, all targets supported are added in the documentation.
This update reduces the time of the target exploitation.
Besides, all targets supported are added in the documentation.
A use after free vulnerability exists in Internet Explorer. The vulnerability is due to accessing a freed CInput object in memory.
A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.
A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.
This module exploits a vulnerability in "schannel.dll" by sending a crafted certificate packet to the "Internet Information Services" server via TLS protocol producing a heap overflow in the critical LSASS Windows process.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released versionin order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released versionin order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
The specific flaw exists within the Connect method in webeye.ocx module.The control does not check the length of an attacker-supplied string in the Connect method before copying it into a fixed length buffer on the stack. This allows an attacker to execute arbitrary code in the context of the browser process.
ADAMView is prone to a buffer overflow when handling specially crafted GNI files
An integer overflow in OLE allows remote code execution. This update contains a module exploiting the vulnerability by hosting a web site and epxloiting connecting Internet Explorer browsers.
Eudora Qualcomm WorldMail IMAPd Service is prone to a buffer overflow SEH gets overwritten when using UID command.