This module exploits a null pointer vulnerability in the OpenLDAP service when parsing a malformed requests. The vulnerability is exploited remotely by sending a specially crafted packet to write an existing value with an empty one. The service will be automatically restarted after 1-2 minutes. To keep the service down set KEEP_TRYING parameter true
This module exploits a vulnerability in BIND 9 when parsing dynamic update messages containing a record of type "ANY" and where at least one RRset for this FQDN exists on the server, causing the service to exit.
This module exploits a vulnerability in VideoLan Media Player (VLC). A memory corruption vulnerability in the MKV demuxer plugin (ibmkv_plugin) in VLC Media Player 1.1.6.1 and earlier allowing remote attackers to execute arbitrary code via a MKV media file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. If target system does not have either the ActiveX plugin (Internet Explorer) or the Mozilla plugin (Firefox, Opera), when the user clicks on the e-mail link the browser will download a file in order to be executed so agent can be deployed. Otherwise, remote file will be executed directly.
The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method. Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability.
Subscribe to Mac OS X