This module exploits a memory corruption in the DNS Client Service by sending a specially crafted LLMNR broadcast query to crash the service.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

DATAC RealWin is prone to a buffer overflow vulnerability when handling

On_FC_CTAGLIST_FCS_ADDTAGMS packets with an overly long string.

DATAC RealWin is prone to a buffer overflow vulnerability when handling On_FC_SCRIPT_FCS_STARTPROG packets with an overly long string.

This module exploits a vulnerability in the BarcodeWiz.dll module included in the Barcodewiz application. The exploit is triggered when the LoadProperties() method processes a malformed argument resulting in a memory corruption. This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

This version fixes a bug in the classname of the onelink feature.

Adobe Flash Player is prone to a memory corruption vulnerability when parsing a specially crafted .SWF file, which can be exploited by remote attackers to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a malicious web site.

This vulnerability has been found exploited in-the-wild during April 2011.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a memory corruption in Windows Media Player when parsing a malformed DVR-MS file. This update fixes an issue in the agent connector.

This update fixes some mistakes in the module documentation.



This module exploits a vulnerability on Microsoft Windows SMTP Server 64 bits sending a malformed DNS response from a spoofed DNS Server.

This module exploits a stack-based buffer overflow in the Intel Alert Handler Service.

The DBA Management Server component of EnterpriseDB Postgres Plus Advanced Server does not restrict access to the underlying JBoss JMX Console. This can be abused by remote, unauthenticated attackers to execute arbitrary code on the vulnerable server.

An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI.