3S-Smart Software Solutions GmbH CODESYS Web Server is prone to upload a crafted configuration file and it produce a buffer-overflow vulnerability when handling a XML tag content, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with same privileges than server.
Ichitaro Office is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .XLS document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Disk Sorter Enterprise server is prone to a buffer-overflow vulnerability when handling a crafted login request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
VIPA Controls WinPLC7 is prone to a buffer-overflow vulnerability when handling a crafted package, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with normal user privileges.
ConQuest DICOM server is prone to a buffer-overflow vulnerability when handling a crafted package, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with normal user privileges.
Dup Scout server is prone to a buffer-overflow vulnerability when handling a crafted login request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Disk Savvy server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
This module exploits a vulnerability in the WebEx extension for Chrome. The module will start a web server and serve a specially crafted page. The page will execute a series of PowerShell commands to download an executable file from Impact's web server and execute it. The vulnerability requires that the attack web page be served using HTTPS. See "Special comments" for futher detail.
This module exploits a use after free vulnerability while manipulating DOM events and removing audio elements due to errors in the handling of node adoption in Mozilla Firefox. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a use-after-free vulnerability in SVG Animation, part of "xul.dll".