This module exploits a memory corruption vulnerability. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
The vulnerability is caused due to a boundary error in MoviePlay when handling .LST files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits an improper bound checking in MoreAmp when importing a MAF (song list) file. This causes a stack based overflow and allows code execution on the targeted system with the privileges of the user which is running the application. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This exploit takes advantage of a vulnerability that allows attackers to cause mIRC to execute arbitrary code via a malformed IRC PWD response.
The vulnerability is caused due to a boundary error in Mini-Stream Ripper when handling M3U files with overly long lines. This can be exploited to cause a stack-based buffer overflow via a specially crafted M3U file.. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Millennium MP3 Studio contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Millennium MP3 Studio when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in the wkimgsrv.dll control shipped with Microsoft Works and many Microsoft Office Suites. The exploit is triggered when the WksPictureInterface() method processes a number as argument resulting in a memory corruption. The WksPictureInterface(), in certain circumstances, points to an invalid memory address that can be controlled to gain code execution. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Microsoft Office (.WPS files). The vulnerability is caused due to boundary errors within the processing of WPS files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Buffer overflow in Microsoft Office allows remote attackers to execute arbitrary code via crafted TIFF data in an Office document, leading to improper memory allocation.
This module exploits a vulnerability in Microsoft Word 2010 when parsing a specially crafted RTF file. This vulnerability was found being exploited in-the-wild during March 2014.