A flaw exists within the way the IBM Tivoli Provisioning Manager Express for Software ActiveX Control parses data supplied to the RunAndUploadFile function. The ActiveX control is used to create an Asset Information file for the local system to be uploaded to the IBM Tivoli Provisioning Manager Express Server.

This update corrects the CVE number, adds support for Internet Explorer 8 and disables DEP.

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the SamrChangePassword function, when the "username map script" smb.conf option is enabled.

This update adds Solaris support.

This module exploits an error in the PAM authentication code and installs an agent into the target host.

This update improves the reliability of the exploit.

This module allows remote attackers to place arbitrary files on a users file system by abusing the "CacheDocumentXMLWithId" method from the "XMLCacheMgr" class in the HP Easy Printer HPTicketMgr.dll ActiveX Control (HPTicketMgr.dll 2.7.2.0). Code execution can be achieved by first uploading the payload to the remote machine embeddeding a vbs file, and then upload another mof file, which enables Windows Management Instrumentation service to execute the vbs.

This module exploits a buffer overflow vulnerability in HP Data Protector by sending a specially crafted EXEC_CMD request.

This module exploits a remote stack-based buffer overflow vulnerability in the Preboot Service component of Novell ZENworks Configuration Management, by sending a specially crafted packet to the port 998/TCP.

This update adds support to Microsoft Windows 2003 64 bits edition ( DoS ), Microsoft Windows Vista 64 bits edition ( DoS ), Microsoft Windows 2008 64 bits edition ( DoS ) and Microsoft Windows Seven 64 bits edition ( DoS ).



This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters.



When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption.

A stack-based buffer overflow in CyberLink Power2Go allows an attacker to execute arbitrary code via an overly long name attribute in a .P2G file.

This update adds support to Microsoft Windows Vista and Microsoft Windows 7 ( only DoS ).



This module exploits a Windows kernel vulnerability by loading a fake keyboard layout through a call to "NtUserLoadKeyboardLayoutEx" function with crafted parameters.



When the keyboard layout is processed by win32k.sys, it produces a kernel heap memory corruption.

The vulnerability is caused due to a boundary error in the CNC_Ctrl.dll ActiveX control when handling the BackupToAvi() method.