VUPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in VUPlayer when handling .CUE files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .CUE file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Vortex Light Alloy is prone to a buffer overflow vulnerability when handling .M3U files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Various VMware products are prone to a stack overflow when parsing a specially crafted ISO file.
This module exploits a vulnerability in VMware OVF Tool. The vulnerability is caused due to boundary error in the processing of .OVF files. This can be exploited to cause a format string when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module exploits a vulnerability in the tsgetxu71ex552.dll module included in the VMWare Infrastructure Client application. The exploit is triggered when Internet Explorer instantiates this module. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in the vielib.dll of the VMWare application. The module will run a malicious website in the Core Impact console and wait for a user to connect and trigger the exploit. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A stack-based buffer overflow in VideoLAN VLC media player allows remote attackers to execute arbitrary code via a crafted MMS:// stream. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
VLC Media Player is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder than .MP3 file. The attacker must entice a victim into opening a specially crafted .MP3 file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in VideoLan Media Player (VLC). Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
VLC Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling crafted .XSPF files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.