A code execution vulnerability exists in the Login method of Sunway ForceControl YRWXls.ocx. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a stack-based buffer overflow vulnerability in Java Web Start (javaws.exe), a program installed with the Java Runtime Environment responsible for managing Java applications. The exploit is triggered when a user downloads a specially crafted JNLP file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
The vulnerabilities in SumatraPDF are caused due to boundary errors within the "pdf_loadtype4shade()", "pdf_loadtype5shade()", "pdf_loadtype6shade()", and "pdf_loadtype7shade()" functions. This can be exploited to cause stack-based buffer overflows. The module will send an e-mail with an attached .PDF file. This file will deploy an agent when opened by the user. Additionally, the module will allow users to download the malformed zipped .PDF file from Core Impact's Web Server.
This module exploits a vulnerability in XVoice.dll included in the Microsoft Text to Speech Control. The exploit is triggered when the FindEngine() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Sothink SWF Decompiler is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .FLV file. The attacker must entice a victim into opening a specially crafted .FLV file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Sorax PDF Reader is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PDF file. The attacker must entice a victim into opening a specially crafted .HEX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Sony Sound Forge Pro is prone to a vulnerability that may allow the execution of any library file named MtxParhVegasPreview.dll, if this dll is located in the same folder as a .SFW file. The attacker must entice a victim into opening a specially crafted .SFW file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Subscribe to Windows