This module exploits a memory corruption vulnerability. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This module runs a web server waiting for vulnerable clients (Mozilla Firefox) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a XSS vulnerability in JOnAS which allows CORE Core Impact to perform remote command injection impersonating an administrator and uploading a plugin to the JOnAS server. This module runs a web server waiting for a JOnAS administrator to connect to it. When the client connects, it will retrieve the JOnAS administrator cookie and try to install an agent on the JOnAS server by installing a custom plugin in JOnAS.
This module exploits a configuration issue that exists in WebKit's use of libxslt. Arbitrary files can be created with the privileges of the user, which may lead to arbitrary code execution. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will strategically place a file in the victim's OS so an agent will be deployed when Terminal is executed.
This module exploits a vulnerability in Java QuickTime (QtJava.dll),specifically the routine toQTPointer() exposed through quicktime.util.QTHandleRef. A lack of sanity checking on the parameters passed to this routine, through the Java Virtual Machine (JVM), allows an attacker to write arbitrary values to memory. This module runs a web server waiting for vulnerable clients (In Windows ,Opera, Firefox and Internet Explorer and in Mac Os X in Safari Browser) to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in ATSServer through Quicklook/Safari/Apple Mail/Preview, which allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering. The module will send an e-mail with an attached .pdf file. This file will deploy an agent when opened by the user. Additionally, the module will allow users to download the malformed .pdf file from Core Impact's Web Server. Also, this module can drop a specially crafted PDF file in a local folder of the user's choice. This file can later be placed in a shared folder. Exploitation will occur in the first case just by visiting the folder in which the file is stored.
Apple iTunes is prone to a buffer-overflow vulnerability when handling playlists because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting this vulnerability.
This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in collectEmailInfo() method in EScript.api. This can be exploited to cause a stack-based buffer overflow when a specially crafted PDF file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.
Subscribe to Mac OS X