This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by abusing a createTextRange() call on a checkbox object. When a mail user agent is used, Internet Explorer can be exploited through sending the target an e-mail that contains a link to the specially designed HTML page that triggers the attack.
An integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field. You can force vulnerable clients to connect to the web server automatically by using this module to send them an specially designed e-mail to exploit this vulnerability when read by Outlook or Outlook Express. When the victim reads the HTML message a .ANI file is requested to the exploit's web server. If the system is vulnerable an agent is installed exploiting a buffer overflow in the function that parses such file.
This module exploits a vulnerability in the GenVersion.dll module included in the Iconics Genesis 32 application. The exploit is triggered when the SetActiveXGUID() method processes a malformed argument resulting in a memory corruption. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
IcoFX is prone to a buffer overflow vulnerability when handling ICO files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a vulnerability in isig.dll included in the IBM Tivoli Provisioning Manager application. The exploit is triggered when the RunAndUploadFile() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
A vulnerability when assign a malformed string to the ColComboList property, the module Vsflex8l does not properly check the size before copies the string into a static buffer. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
A vulnerability when assign a malformed string to the ColComboList property, the module Vsflex8l does not properly check the size before copies the string into a global buffer in the data section with a static size of 0x64. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
A vulnerability exists in C1sizer.ocx when handling the TabCaption buffer: C1sizer.ocx does not properly check the size before running lstrcatA and therefore will cause a buffer overflow. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it.
IBM Rational ClearQuest ActiveX control Cqole.dll is vulnerable to a buffer overflow, caused by a function prototype mismatch in the RegisterSchemaRepoFromFileByDbSet() function. This module runs a web server waiting for vulnerable clients (Internet Explorer 6 or 7) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a buffer overflow in IBM Personal Communications which allows attackers to execute arbitrary code via a crafted .ws (aka workspace) file.