This module exploits a stack-based buffer overflow vulnerability in the PostScript processor included in GNOME Evince. The vulnerability is caused by the get_next_text() function not properly validating overly long fields in aPostScript file. The exploit is triggered when an unsuspecting user opens a specially crafted file distributed via an email.

This module abuses the scripting functionality in Blender to trigger remote code execution via a specially crafted file.

This module abuses the scripting functionality in Autodesk Softimage to trigger remote code execution via a project with an embedded script.

This module abuses the scripting functionality in Autodesk Maya to trigger remote code execution via a specially crafted maya file.

The ExceptionDelegator component of the XWork framework, part of the Apache Struts 2 web framework, as shipped with Atlassian FishEye, interprets parameters values as OGNL expressions when handling a type conversion error. This can be exploited to execute arbitrary code on the vulnerable server by tricking a logged-in user with administrator privileges within the FishEye site to visit a specially crafted web page.

This module exploits a vulnerability in Adobe Reader and Adobe Acrobat Professional .PDF files. The vulnerability is caused due to boundary errors in the customdictionaryopen() method in Javascript api. This can be exploited to cause a stack overflow when a specially crafted PDF file is opened. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.

This module exploits a command injection in Adobe Flash Player triggered when processing a specially crafted SWF file. This module runs a malicious web site on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site. This exploit works only with Adoble flash player for Linux V 10.0.12.36 (Flash player 9 is not supported).