This module exploits a memory corruption in Windows Media Player when parsing a malformed DVR-MS file.

Windows Media Player is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .ASF file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a stack-based buffer overflow in the wmex.dll ActiveX Control included in Microsoft Windows Media Encoder 9. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a memory corruption in Windows Media Runtime in wmspdmod.dll, when handling the sample rate for a Windows Media Voice frame. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Microsoft Windows Mail is prone to a vulnerability that may allow execution of wab32res.dll if this dll is located in the same folder than .NWS file. The attacker must entice a victim into opening a specially crafted .NWS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. The attacker must entice a victim into viewing a specially crafted shortcut. The shortcut file and the associated binary may be delivered to a user through removable drives, over network shares or remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. The attacker must entice a victim into viewing a specially crafted shortcut. The shortcut file and the associated binary may be delivered to a user through removable drives, over network shares or remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

Microsoft Windows is prone to a vulnerability that may allow a file to automatically run because the software fails to handle 'LNK' files properly. Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted 'LNK' file can cause Windows to automatically execute code that is specified by the shortcut file. The attacker must entice a victim into viewing a specially crafted shortcut. The shortcut file and the associated binary may be delivered to a user through removable drives, over network shares or remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

This module exploits a heap overflow vulnerability in the OpenColorProfileW function of mscms.dll through a malformed EMF file embedded in an HTML file.

This module implements the NTLM Relay attack through HTTP Services to install an agent in the target machine. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.