Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014.
Quick View Plus contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Quick View Plus when handling .MDB files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .MDB file.
This module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to it by opening the crafted MDB file with Quick View Plus.
This module runs a malicious web server on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to it by opening the crafted MDB file with Quick View Plus.
An error within the MPEG file parser can be exploited to cause a buffer overflow via a specially crafted packet trace file.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing CATIA.
The vulnerability is caused due to a boundary error when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded.
The vulnerability is caused due to a boundary error when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded.
When a crafted configuration file is parsed by the client, it may cause a buffer overflow allowing the configuration file execute code on the target PC.
The vulnerability is a buffer overflow caused due to an error related to the ComboList property within the vsflex8l ActiveX Control.
This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters.
This module is an update of the original "Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit" module.
Besides, this module adds support to Windows 2003 SP2 64 bits edition.
This module is an update of the original "Microsoft Windows NDProxy DeviceIoControl Vulnerability Exploit" module.
Besides, this module adds support to Windows 2003 SP2 64 bits edition.
Publish-It is prone to a buffer overflow when handling specially crafted PUI files.
This module exploits a vulnerability in Adobe Flash Player triggered when processing a SWF file and this load a crafted dll module. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This update improves the reliability of the exploit.
This update improves the reliability of the exploit.
This module exploits a vulnerability in Apache Struts. The specific vulnerability is in the ParametersInterceptor, which allows a direct manipulation of the ClassLoader and as a result an attacker can execute arbitrary Java code in the target machine.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.