HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an insecure deployment of the RMI Registry service used to manage and monitor the Java Virtual Machine.
The CG6Service Service has the SetPeLauncherState method which allows a user to launch a debugger automatically for a determined process. This can be abused by an attacker to gain SYSTEM privileges by attaching to a SYSTEM process.
3S-Smart Software Solutions GmbH CODESYS Web Server is prone to upload a crafted configuration file and it produce a buffer-overflow vulnerability when handling a XML tag content, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with same privileges than server.
Ichitaro Office is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .XLS document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Disk Sorter Enterprise server is prone to a buffer-overflow vulnerability when handling a crafted login request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
VIPA Controls WinPLC7 is prone to a buffer-overflow vulnerability when handling a crafted package, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with normal user privileges.
ConQuest DICOM server is prone to a buffer-overflow vulnerability when handling a crafted package, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with normal user privileges.
Dup Scout server is prone to a buffer-overflow vulnerability when handling a crafted login request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
Disk Savvy server is prone to a buffer-overflow vulnerability when handling a crafted GET request, this can trigger an overflow in a finite-sized internal memory buffer, and install an agent with SYSTEM privileges.
This module exploits a vulnerability in the WebEx extension for Chrome. The module will start a web server and serve a specially crafted page. The page will execute a series of PowerShell commands to download an executable file from Impact's web server and execute it. The vulnerability requires that the attack web page be served using HTTPS. See "Special comments" for futher detail.