This module runs a web server waiting for vulnerable clients to connect to it. When the client connects, it will try to install an agent by exploiting a vulnerability in VLC, which allows user-assisted remote attackers to execute code via a crafted OGG file that triggers format string and overwrites a subroutine pointer during rendering. The module will send an e-mail with a specially crafted HTML page waiting for victim users to connect through it. If target system does not have either the ActiveX plugin (Internet Explorer) or the Mozilla plugin (Firefox, Opera), when the user clicks on the e-mail link the browser will download a file in order to be executed so agent can be deployed. Otherwise, remote file will be executed directly.
The specific flaw exists within the code responsible for ensuring proper privileged execution of methods. If an untrusted method in an applet attempts to call a method that requires privileges, Java will walk the call stack and for each entry verify that the method called is defined within a class that has that privilege. However, this does not take into account an untrusted object that has extended the trusted class without overwriting the target method. Additionally, this can be bypassed by abusing a similar trust issue with interfaces. An attacker can leverage these insecurities to execute vulnerable code under the context of the user invoking the JRE. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Java Runtime. Authentication is not required to exploit this vulnerability.
Ston3DWebPlayer and Ston3DStandalonePlayer are vulnerable to a remote command injection vulnerability via an specially crafted STK file.
The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messagess. This can be exploited to cause a stack-based buffer overflow without user interaction.
In error.php, PhpMyAdmin permits users to insert text and restricted tags (like BBCode). With the tag [a@url@page]Click Me[/a] you can insert your own page, and redirect all users to that page. This can be used to direct users to a page hosting an OS agent.
This module exploits a integer overflow vulnerability in the xpdf and libpoppler software included in most linux distributions. The vulnerability is caused by a integer overflow in the predictor calculation, which causes a buffer overflow in the stack of the StreamPredictor::getNextLine() function. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email.
This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native storeImageArray() function inside jre/bin/awt.dll
The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 holds a memory corruption vulnerability that allows the bypassing of "dataOffsets[]" boundary checks. This module exploits such vulnerability allowing for remote code execution.
The Rhino Script Engine of Oracle Java fails to properly check for permissions on JavaScript error objects. This flaw allows an unprivileged applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.
This module exploits a vulnerability in Oracle Java. Abusing the insecure invoke() method of the ProviderSkeleton class that allows to call arbitrary static methods with user supplied arguments it is possible to execute arbitrary code.