The module starts a HTTP server in the source agent, when the victim system tries to retrieve any file, it sends a malicious HTML page that installs an agent in the victim's machine, bypassing sandbox restrictions. Taking into account the nature of this exploit, exploitation reliability depends on the browser configuration (scripting has to be enabled, by default is enabled) and other factors such as system load. This exploit needs to open some windows in the target client system, so the exploitation attempt may be noticed by a trained user. If an agent is installed, it will remain persistent and must be removed manually.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by instancing TLBINF32.DLL (sometimes installed as VSTLBINF.DLL) with a malicious DLL (IMPActiveX.ocx) as parameter. IMPActiveX.ocx has a helpstringdll property pointing to itself, and implements DLLGetDocumentation to install an agent.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by triggering a race condition in the way IE handles the call to Window function inside a javascript Onload event. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. This exploit relies in a vulnerability that allows attackers to cause Internet Explorer to execute arbitrary code via a Javascript Onload event that calls the window() function.

Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 and Windows XP SP1 contains a vulnerability when viewing a web site using the HTTP 1.1 protocol. If the web site uses HTTP 1.1 compression and contains an overly long URL, a buffer overflow can occur. This vulnerability was introduced with the first release of the MS06-042. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability of the urlmon.dll library. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the "javaprxy.dll" COM object when instantiated in Internet Explorer via a specially crafted HTML tag. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in the "devenum.dll" COM object when instantiated in Internet Explorer via a specially crafted HTML tag. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.

This module exploits a vulnerability caused due to a boundary error when canonicalize URLs. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Internet Explorer Object Data Tag vulnerability. You can force vulnerable clients to connect to the web server automatically by using this module to send them a specially designed e-mail to exploit this vulnerability if the client uses Outlook Express to read their mails. In order to successfully exploit this vulnerability, the outlook express option "Internet zone (Less secure, but more functional)" in "Options->SECURITY" must be enabled. By default this option comes disabled, if the victim receives the exploit's mail with this option disabled, he will see the following warning: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly.".

This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Windows Media Player IE Zone Access Control Bypass Vulnerability. You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability if the client uses Outlook Express in the Internet Zone to read their mails. This exploit relies on a flaw in Windows Media Player that allows for untrusted content to access the Local Zone.

A vulnerability in Internet Explorer 6 is caused due to a boundary error in the handling of certain attributes ( "SRC" and "NAME" ) in the