This module exploits a vulnerability in McAfee Virtual Technician MVTControl, which can be abused by using the GetObject() function to load unsafe classes, therefore allowing remote code execution under the context of the user. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a buffer overflow vulnerability in the McAfee Subscription Manager (MCSUBMGR.DLL) ActiveX control. The exploit is triggered when the IsOldAppInstalled () method processes an overly long string argument allowing remote attackers to execute arbitrary code. This client-side exploit is dependent on a user visiting a malicious web-site hosted by Core Impact to distribute the exploit and install an agent. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module exploits a vulnerability in SiteManager ActiveX Control (sitemanager.dll). When the ExportSiteList() method process a long string argument, a stack based buffer overflow occurs. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

Maya Studio EO Video contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error when handling .EOP files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a buffer overflow vulnerability in Lotus Notes 8.0 when parsing a malformed, specially crafted WPD (Word Perfect Document) file.

This module exploits a buffer overflow vulnerability in Lotus Notes 8.5 when parsing a malformed, specially crafted WK3 (SpreadSheet Lotus 1-2-3 Document) file.

The buffer overflow occurs within lasr.dll when parsing an AMI Pro document (.sam) file. In several places within the DLL, the unsafe "lstrcpy()" function is used to copy each line read from the file into fixed sized stack and heap buffers. There are no length checks before performing the string copy operation. Hence, it is possible to create an AMI Pro file that contains overly long lines that will trigger the buffer overflow when viewed within Lotus Notes.

The buffer overflow hen parsing an LZH compressed file. Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.

This module exploits a buffer overflow vulnerability in Lotus Notes 8.5.2 when parsing a malformed, specially crafted AS (Applix Spreadsheet) file.

The module sends an email with a malformed png file attached, when the mail is read with a vulnerable mail client an agent will be installed. The exploit code is specially crafted to avoid the user from detecting the exploitation. The number of agents installed depends in how many times the user reads the mail, a new thread is created for each one.