224 pages of spelling issues left
parent
6289cc0b70
commit
7339658ba9
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Name' => 'MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling',
|
||||
'Description' => %q{
|
||||
This module exploits a code execution vulnerability in Microsoft XML Core Services which
|
||||
exists in the XMLHTTP ActiveX control. This module is the modifed version of
|
||||
exists in the XMLHTTP ActiveX control. This module is the modified version of
|
||||
http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully
|
||||
tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6
|
||||
+ Microsoft XML Core Services 4.0 SP2.
|
||||
|
|
|
@ -18,7 +18,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a code execution vulnerability that occurs when a user
|
||||
presses F1 on MessageBox originated from VBscript within a web page. When the
|
||||
user hits F1, the MessageBox help functionaility will attempt to load and use
|
||||
user hits F1, the MessageBox help functionality will attempt to load and use
|
||||
a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server.
|
||||
|
||||
This particular version of the exploit implements a WebDAV server that will
|
||||
|
|
|
@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'MS10-026 Microsoft MPEG Layer-3 Audio Stack Based Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a buffer overlow in l3codecx.ax while processing a
|
||||
This module exploits a buffer overflow in l3codecx.ax while processing a
|
||||
AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite
|
||||
with 0's so the three least significant bytes of EIP saved on stack are
|
||||
overwritten and shellcode is mapped using the .NET DLL memory technique pioneered
|
||||
|
|
|
@ -22,12 +22,12 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'MS10-090 Microsoft Internet Explorer CSS SetUserClip Memory Corruption',
|
||||
'Description' => %q{
|
||||
Thie module exploits a memory corruption vulnerability within Microsoft's
|
||||
This module exploits a memory corruption vulnerability within Microsoft's
|
||||
HTML engine (mshtml). When parsing an HTML page containing a specially
|
||||
crafted CSS tag, memory corruption occurs that can lead arbitrary code
|
||||
execution.
|
||||
|
||||
It seems like Microsoft code inadvertantly increments a vtable pointer to
|
||||
It seems like Microsoft code inadvertently increments a vtable pointer to
|
||||
point to an unaligned address within the vtable's function pointers. This
|
||||
leads to the program counter being set to the address determined by the
|
||||
address "[vtable+0x30+1]". The particular address depends on the exact
|
||||
|
|
|
@ -37,7 +37,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
handler we want to abuse - the "onpropertychange" event. Since the CBlockElement is a child
|
||||
of CTextArea, if we do a node swap of CBlockElement in "onselect", this will trigger
|
||||
"onpropertychange". During "onpropertychange" event handling, a free of the CDisplayPointer
|
||||
object can be forced by using an "Unslect" (other approaches also apply), but a reference
|
||||
object can be forced by using an "Unselect" (other approaches also apply), but a reference
|
||||
of this freed memory will still be kept by CDoc::ScrollPointerIntoView, specifically after
|
||||
the CDoc::GetLineInfo call, because it is still trying to use that to update
|
||||
CDisplayPointer's position. When this invalid reference arrives in QIClassID, a crash
|
||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX
|
||||
Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004.
|
||||
By sending a overly long string to the "Get()" method, an attacker may be
|
||||
By sending an overly long string to the "Get()" method, an attacker may be
|
||||
able to execute arbitrary code.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -14,9 +14,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => "IBM Lotus Notes Client URL Handler Command Injection",
|
||||
'Description' => %q{
|
||||
This modules exploits a command injection vulnerability in the URL handler for
|
||||
This module exploits a command injection vulnerability in the URL handler for
|
||||
for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with
|
||||
an specially crafted notes:// URL to execute arbitrary commands with also arbitrary
|
||||
a specially crafted notes:// URL to execute arbitrary commands with also arbitrary
|
||||
arguments. This module has been tested successfully on Windows XP SP3 with IE8,
|
||||
Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.
|
||||
},
|
||||
|
|
|
@ -14,7 +14,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a stack buffer overflow in Oracle Document Capture 10g (10.1.3.5.0).
|
||||
Oracle Document Capture 10g comes bundled with a third party ActiveX control
|
||||
emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress"
|
||||
emsmtp.dll (6.0.1.0). When passing an overly long string to the method "SubmitToExpress"
|
||||
an attacker may be able to execute arbitrary code.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => "Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution",
|
||||
'Description' => %q{
|
||||
This modules exploits a vulnerability found in the Oracle WebCenter Content
|
||||
This module exploits a vulnerability found in the Oracle WebCenter Content
|
||||
CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where
|
||||
user controlled input is used to call ShellExecuteExW(). This module abuses the
|
||||
control to execute an arbitrary HTA from a remote location. This module has been
|
||||
|
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Name' => 'Orbit Downloader Connecting Log Creation Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack buffer overflow in Orbit Downloader 2.8.4. When an
|
||||
attacker serves up a malicious web site, abritrary code may be executed.
|
||||
attacker serves up a malicious web site, arbitrary code may be executed.
|
||||
The PAYLOAD windows/shell_bind_tcp works best.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
|
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'Real Networks Arcade Games StubbyUtil.ProcessMgr ActiveX Arbitrary Code Execution',
|
||||
'Description' => %q{
|
||||
This module exploits a vulnerability in Real Networks Acrade Game's ActiveX control. The "exec"
|
||||
This module exploits a vulnerability in Real Networks Arcade Game's ActiveX control. The "exec"
|
||||
function found in InstallerDlg.dll (v2.6.0.445) allows remote attackers to run arbitrary commands
|
||||
on the victim machine.
|
||||
},
|
||||
|
|
|
@ -12,7 +12,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'RealNetworks RealPlayer CDDA URI Initialization Vulnerability',
|
||||
'Description' => %q{
|
||||
This module exploits a initialization flaw within RealPlayer 11/11.1 and
|
||||
This module exploits an initialization flaw within RealPlayer 11/11.1 and
|
||||
RealPlayer SP 1.0 - 1.1.4. An abnormally long CDDA URI causes an object
|
||||
initialization failure. However, this failure is improperly handled and
|
||||
uninitialized memory executed.
|
||||
|
|
Loading…
Reference in New Issue