This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Windows ActiveX Help Control Vulnerability. When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. This exploit relies on a flaw in Windows ActiveX Help Control that allows untrusted content to access the Local Zone.
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by sending a specially crafted HTML page which exploits the Internet Explorer Drag and Drop vulnerability. The exploit needs the user using the vulnerable browser client to scroll down the scrollbar in order to successfully install the agent. An agent executable file is installed in the startup folder when the vulnerability is exploited, so you will have to wait or induce the target machine to be rebooted in order to successfully execute the agent. You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability if the client uses Outlook Express to read their mails. In order to successfully exploit this vulnerability, the outlook express option "Internet zone (Less secure, but more functional)" in "Options->SECURITY" must be enabled. By default this option comes disabled, if the victim receives the exploit's mail with this option disabled, he will see the following warning: "Your current security settings prohibit running ActiveX controls on this page. As a result, the page may not display correctly.".
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by triggering a race condition in the way IE handles appendChild(). When Outlook Express is used as mail user agent, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack. This exploit relies in a vulnerability that allows attackers to cause Internet Explorer to execute arbitrary code via DHTML objects.
This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by abusing a createTextRange() call on a checkbox object. When a mail user agent is used, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.
An integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field. You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability when read by Outlook or Outlook Express. When the victim reads the HTML message a .ANI file is requested to the exploit's web server. If the system is vulnerable an agent is installed exploiting a buffer overflow in the function that parses such file.
This module exploits a vulnerability in the GenVersion.dll module included in the Iconics Genesis 32 application. The exploit is triggered when the SetActiveXGUID() method processes a malformed argument resulting in a memory corruption. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
IcoFX is prone to a buffer overflow vulnerability when handling ICO files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in isig.dll included in the IBM Tivoli Provisioning Manager application. The exploit is triggered when the RunAndUploadFile() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Subscribe to Windows