Buffer overflow in Csound exists when trying to import a malicious hetro file in tabular format. In order to achieve exploitation the user should import the malicious file through csound with a console command like: csound -U het_import project.csd file.het. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
This module exploits a heap based buffer overflow vulnerability in the PrintControl module included in the Crystal Reports Viewer application. The exploit is triggered when the ServerResourceVersion property processes a crafted argument. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer 6, 7, 8 and 9) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in the CTSUEng.ocx control included in the Creative Software AutoUpdate application. The exploit is triggered when the CacheFolder property processes a long string argument resulting in a stack-based buffer overflow. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This module runs a web server waiting for vulnerable clients (Internet Explorer) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
Corel VideoStudio Pro X7 and Corel FastFlix are prone to a vulnerability that may allow the loading and execution of any library file named u32ZLib.dll, if this dll is located in the same folder where a .VSP or .VFP file is. The attacker must entice a victim into opening a specially crafted .VSP or .VFP file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Corel PHOTO-PAINT is prone to a vulnerability that may allow execution of crlrib.dll if this dll is located in the same folder than .CPT file. The attacker must entice a victim into opening a specially crafted .CPT file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Corel PDF Fusion is prone to a stack-based buffer overflow vulnerability when parsing long names in ZIP directory entries within an XPS file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Corel PDF Fusion is prone to a vulnerability that may allow the loading and execution of any library file named quserex.dll, if this dll is located in the same folder where a .PDF file is. The attacker must entice a victim into opening a specially crafted .PDF file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The vulnerability is caused due to a boundary error within the handling of .PNG files and can be exploited to cause a stack-based buffer overflow via a specially crafted .PNG file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Corel PaintShop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file. The attacker must entice a victim into opening a specially crafted .JPG file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Subscribe to Windows