This module exploits a vulnerability in Microsoft Office Word (.DOC files). The vulnerability is caused due to a boundary error in winword.exe within the processing of DOC files. This can be exploited to cause a memory corruption when a specially crafted file is opened. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a memory corruption in Microsoft Word is caused due to an error within the TabStrip ActiveX control (MSCOMCTL.OCX) object, embedded in a RTF crafted file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption.

A malformed Microsoft Word document allows an attacker to execute arbitrary code. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

Microsoft Word is prone to a vulnerability that may allow execution of ehTrace.dll if this dll is located in a special named folder than .DOC file. The attacker must entice a victim into opening a specially crafted .DOC file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a memory corruption vulnerability on the Word 97 Text Converter component of Microsoft WordPad while parsing a malformed Word 97 .DOC file.

This module exploits a stack based buffer overflow vulnerability in WordPad when handling a specially crafted Word97 file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

Microsoft Windows is prone to a vulnerability that may allow the execution of an arbitrary attacker specified executable file, if this file is located in the same folder as a .THEME file. The attacker must entice a victim into opening a specially crafted .THEME file and go to screensaver tag or push apply and wait default minutes without interaction, with display properties opened. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Windows Shell Briefcase is prone to an integer overflow when accesing a crafted briefcase using webdav, allowing remote users execute arbitrary code.

Microsoft Remote Desktop is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder as an .RDP file. The attacker must entice a victim into opening a specially crafted .RDP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.