This module exploits a vulnerability in Honestech VHS to DVD Products. The vulnerability is caused due to boundary error in the processing of ilj files. This can be exploited to cause a stack-based buffer overflow when a specially crafted file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

Help and Manual is prone to a vulnerability that may allow the execution of any library file named ijl15.dll, if this dll is located in the same folder than a .HMXP file. The attacker must entice a victim into opening a specially crafted .HMXP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

GSM SIM Utility contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in GSM SIM Editor when handling misleading .sms files. When opening such files an error message is shown and then a buffer overflow occurs. This situation allows an attacker to overwrite an SEH Pointer and control the execution flow. This vulnerability can be exploited via a specially crafted .sms file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

Google Sketchup fails to validate the input when parsing an crafted skp file with Pict texture, leading to an arbitrary stack offset overwrite and finally to an arbitrary code execution. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

Google Earth is prone to a vulnerability that may allow execution of quserex.dll if this dll is located in the same folder than .KMZ file. The attacker must entice a victim into opening a specially crafted .KMZ file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

The vulnerability is caused due to a boundary error within the handling of a .ASX file with a long URI in the "ref href" tag. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ASX file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

This module exploits a vulnerability in the GomWeb3.dll control included in the GoM Player ActiveX application. The exploit is triggered when the OpenURL() method processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.

CuteZIP is prone to a stack based buffer overflow when opening specially crafted ZIP files. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.

GE Proficy Historian is prone to a Code execution vulnerability in the KeyScript ActiveX control from keyhelp.ocx. The function LaunchTriPane use the -decompile option and can be abused to write arbitrary files on the remote system. The attacker must entice a victim into browsing a specially crafted web page. The LaunchTriPane ActiveX method request crafted chm files and write the embeded binaries in a controlled location may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.

GetRight is prone to a vulnerability that may allow the execution of any library file named SvcTagLib.dll, if this dll is located in the same folder than a .GRX file. The attacker must entice a victim into opening a specially crafted .GRX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.