Vulnerabilities exist within methods exposed by gwcls1.dll which accept pointer and perform operations on the potentially malicious pointer without validation. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Nokia PC Suite is prone to a vulnerability that may allow execution of wintab32.dll if this dll is located in the same folder than .VCF file. The attacker must entice a victim into opening a specially crafted .VCF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Nokia Multimedia Player is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .NPL file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the NIS 2004 (ISLALERT.DLL) Activex vulnerability. You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability if the client uses Outlook Express to read their mails. In order to successfully exploit this vulnerability, the outlook express option "Internet zone (Less secure, but more functional)" in "Options->SECURITY" must be enabled. By default this option comes disabled, if the victim receives the exploit's mail with this option disabled, he will see the following warning: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly.".
This module exploits a vulnerability in CNC_Ctrl.dll included in the Net-i Viewer application. The exploit is triggered when the BackupToAvi() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Nero CoverDesigner is prone to a vulnerability that may allow the execution of any library file named ThreadRegister.dll, if this dll is located in the same folder than a .CDC file. The attacker must entice a victim into opening a specially crafted .CDC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
This module exploits a vulnerability in the NeoTraceExplorer ActiveX Control (NeoTraceExplorer.dll). The exploit is triggered when a long string argument is processed by the TraceTarget() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in the NCTAudioFile2.AudioFile ActiveX Control (NCTAudioFile2.dll) used by various multimedia applications. The exploit is triggered when a long string argument is processed by the SetFormatLikeSample() method resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Music Animation Machine MIDI Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in MAM Player when handling misleading MIDI files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This vulnerability can be exploited via a specially crafted .mamx file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Subscribe to Windows