Corel Paint Shop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file.
This module exploits a Use-After-Free vulnerability in Adobe Reader when handling a specially crafted PDF file.
This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.
This updates improves the reliability of Microsoft Internet Explorer Tabular Data Control ActiveX Exploit.
This modules exploits a Windows kernel vulnerability in "nfssvr.sys" by sending a NFS file renaming crafted request to the target.
This update adds support to Microsoft Windows Server 2012 and IPv6 attacks.
This update adds support to Microsoft Windows Server 2012 and IPv6 attacks.
The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 holds a memory corruption vulnerability that allows the bypassing of "dataOffsets[]" boundary checks. This module exploits such vulnerability allowing for remote code execution.
An error in the way the GetSanitizedParametersFromNonQuotedCmdLine() function in the Internet Explorer broker process handles command-line arguments when trying to launch a program can be exploited to escape from the Internet Explorer Protected Mode sandbox.
This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.
This module allows an agent running in the context of iexplore.exe with Low Integrity Level to escalate privileges in order to install a new agent that will run with Medium Integrity Level.
This module exploits a vulnerability in "Microsoft Windows Active Directory Lightweight Directory" service by sending UDP requests to the LDAP port (usually 389) and then sending ICMP error messages producing a LDAP Stop Responding behavior.
This module exploits a vulnerability in Windows kernel ("ndproxy.sys" driver) by calling to the "DeviceIoControl" function with crafted parameters.
This module exploits a vulnerability in Mac OS X Samba server.
When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow.
This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ).
Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions.
When a specially crafted call to "NetWkstaTransportEnum" RPC function is processed by the Samba server, it produces a heap overflow.
This update adds support to Mac OSX 10.6.0 to 10.6.7 ( Server and not server versions ).
Besides, this update improves the exploitation by reverting the Samba server impersonation and installing an agent with root privileges in all Mac OSX supported versions.
This module exploits a Buffer Overflow on HP System Management. The vulnerability exists when handling a crafted iprange parameter on a request against /proxy/DataValidation.