Tweakz, yo.
Pearce Barry
parent
30f833f684
commit
8de6fa79c1
|
|
@ -13,8 +13,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
super(update_info(info,
|
||||
'Name' => 'WinDVD7 IASystemInfo.DLL ActiveX Control Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits an stack buffer overflow in IASystemInfo.dll ActiveX
|
||||
control in InterVideo WinDVD 7. By sending a overly long string
|
||||
This module exploits a stack buffer overflow in IASystemInfo.dll ActiveX
|
||||
control in InterVideo WinDVD 7. By sending an overly long string
|
||||
to the "ApplicationType()" property, an attacker may be able to
|
||||
execute arbitrary code.
|
||||
},
|
||||
|
|
|
|||
|
|
@ -24,9 +24,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
streams with certain MAPI attachment properties, it is possible to set a path name
|
||||
to files to be executed. When a user double clicks on such an attachment or message,
|
||||
Outlook will proceed to execute the file that is set by the path name value. These
|
||||
files can be local files, but also file stored remotely for example on a file share.
|
||||
Exploitation is limited by the fact that it is not possible for attackers to supply
|
||||
command line options.
|
||||
files can be local files, but also files stored remotely (on a file share, for example)
|
||||
can be used. Exploitation is limited by the fact that it is not possible for attackers
|
||||
to supply command line options.
|
||||
},
|
||||
'Author' => 'Yorick Koster <yorick[at]akitasecurity.nl>',
|
||||
'References' =>
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
Standard. By supplying a long string of data in a plf file (playlist), the
|
||||
MediaPlayerCtrl.dll component will attempt to extract a filename out of the string,
|
||||
and then copy it on the stack without any proper bounds checking, which causes a
|
||||
buffer overflow, and results arbitrary code execution under the context of the user.
|
||||
buffer overflow, and results in arbitrary code execution under the context of the user.
|
||||
|
||||
This module has been designed to target common Windows systems such as:
|
||||
Windows XP SP2/SP3, Windows Vista, and Windows 7.
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
By supplying a malformed .xlb file, an attacker can control the content (source)
|
||||
of a memcpy routine, and the number of bytes to copy, therefore causing a stack-
|
||||
based buffer overflow. This results in arbitrary code execution under the context of
|
||||
user the user.
|
||||
the user.
|
||||
},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' =>
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Name' => 'Orbit Downloader URL Unicode Conversion Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack-based buffer overflow in Orbit Downloader.
|
||||
The vulnerability is due to Orbit converting an URL ascii string to unicode
|
||||
The vulnerability is due to Orbit converting a URL ascii string to unicode
|
||||
in an insecure way with MultiByteToWideChar.
|
||||
The vulnerability is exploited with a specially crafted metalink file that
|
||||
should be opened with Orbit through the "File->Add Metalink..." option.
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Description' => %q{
|
||||
This module exploits a stack based buffer overflow in Winamp 5.55. The flaw
|
||||
exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file,
|
||||
where memmove is used with in an insecure way with user controlled data.
|
||||
where memmove is used in an insecure way with user controlled data.
|
||||
|
||||
To exploit the vulnerability the attacker must convince the attacker to install the
|
||||
To exploit the vulnerability the attacker must convince the victim to install the
|
||||
generated mcvcore.maki file in the "scripts" directory of the default "Bento" skin,
|
||||
or generate a new skin using the crafted mcvcore.maki file. The module has been
|
||||
tested successfully on Windows XP SP3 and Windows 7 SP1.
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
'Name' => 'FTPShell 5.1 Stack Buffer Overflow',
|
||||
'Description' => %q{
|
||||
This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets
|
||||
triggered when the ftp client tries to process an overly response to a PWD command.
|
||||
This will overwrite the saved EIP and structured exception handler.
|
||||
triggered when the ftp client tries to process an overly long response to a PWD
|
||||
command. This will overwrite the saved EIP and structured exception handler.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
This issue can be triggered by sending a specially crafted HTTP POST request to
|
||||
the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization
|
||||
is required. This exploit makes use of a second vulnerability, a hardcoded account
|
||||
(Tivoli/boss) is used to bypass the authorization restriction.
|
||||
(tivoli/boss) is used to bypass the authorization restriction.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
'Name' => 'Windows SYSTEM Escalation via KiTrap0D',
|
||||
'Description' => %q{
|
||||
This module will create a new session with SYSTEM privileges via the
|
||||
KiTrap0D exploit by Tavis Ormandy. If the session is use is already
|
||||
KiTrap0D exploit by Tavis Ormandy. If the session in use is already
|
||||
elevated then the exploit will not run. The module relies on kitrap0d.x86.dll,
|
||||
and is not supported on x64 editions of Windows.
|
||||
},
|
||||
|
|
|
|||
Loading…
Reference in New Issue