diff --git a/modules/exploits/windows/browser/windvd7_applicationtype.rb b/modules/exploits/windows/browser/windvd7_applicationtype.rb index 97457a7a69..f17e6e490b 100644 --- a/modules/exploits/windows/browser/windvd7_applicationtype.rb +++ b/modules/exploits/windows/browser/windvd7_applicationtype.rb @@ -13,8 +13,8 @@ class MetasploitModule < Msf::Exploit::Remote super(update_info(info, 'Name' => 'WinDVD7 IASystemInfo.DLL ActiveX Control Buffer Overflow', 'Description' => %q{ - This module exploits an stack buffer overflow in IASystemInfo.dll ActiveX - control in InterVideo WinDVD 7. By sending a overly long string + This module exploits a stack buffer overflow in IASystemInfo.dll ActiveX + control in InterVideo WinDVD 7. By sending an overly long string to the "ApplicationType()" property, an attacker may be able to execute arbitrary code. }, diff --git a/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb b/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb index 09d1a9a522..82bbcc2541 100644 --- a/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb +++ b/modules/exploits/windows/email/ms10_045_outlook_ref_only.rb @@ -24,9 +24,9 @@ class MetasploitModule < Msf::Exploit::Remote streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These - files can be local files, but also file stored remotely for example on a file share. - Exploitation is limited by the fact that it is not possible for attackers to supply - command line options. + files can be local files, but also files stored remotely (on a file share, for example) + can be used. Exploitation is limited by the fact that it is not possible for attackers + to supply command line options. }, 'Author' => 'Yorick Koster ', 'References' => diff --git a/modules/exploits/windows/fileformat/dvdx_plf_bof.rb b/modules/exploits/windows/fileformat/dvdx_plf_bof.rb index 83c7e9fc90..3b14db3dd2 100644 --- a/modules/exploits/windows/fileformat/dvdx_plf_bof.rb +++ b/modules/exploits/windows/fileformat/dvdx_plf_bof.rb @@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a - buffer overflow, and results arbitrary code execution under the context of the user. + buffer overflow, and results in arbitrary code execution under the context of the user. This module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7. diff --git a/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb b/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb index 2f6272a79d..00b0a02650 100644 --- a/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb +++ b/modules/exploits/windows/fileformat/ms11_021_xlb_bof.rb @@ -16,7 +16,7 @@ class MetasploitModule < Msf::Exploit::Remote By supplying a malformed .xlb file, an attacker can control the content (source) of a memcpy routine, and the number of bytes to copy, therefore causing a stack- based buffer overflow. This results in arbitrary code execution under the context of - user the user. + the user. }, 'License' => MSF_LICENSE, 'Author' => diff --git a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb index 9b33304e7d..2470394aa7 100644 --- a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb +++ b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb @@ -13,7 +13,7 @@ class MetasploitModule < Msf::Exploit::Remote 'Name' => 'Orbit Downloader URL Unicode Conversion Overflow', 'Description' => %q{ This module exploits a stack-based buffer overflow in Orbit Downloader. - The vulnerability is due to Orbit converting an URL ascii string to unicode + The vulnerability is due to Orbit converting a URL ascii string to unicode in an insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option. diff --git a/modules/exploits/windows/fileformat/winamp_maki_bof.rb b/modules/exploits/windows/fileformat/winamp_maki_bof.rb index 32780f1b02..de79640252 100644 --- a/modules/exploits/windows/fileformat/winamp_maki_bof.rb +++ b/modules/exploits/windows/fileformat/winamp_maki_bof.rb @@ -15,9 +15,9 @@ class MetasploitModule < Msf::Exploit::Remote 'Description' => %q{ This module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, - where memmove is used with in an insecure way with user controlled data. + where memmove is used in an insecure way with user controlled data. - To exploit the vulnerability the attacker must convince the attacker to install the + To exploit the vulnerability the attacker must convince the victim to install the generated mcvcore.maki file in the "scripts" directory of the default "Bento" skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1. diff --git a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb index 7de94b20ae..590eabf90b 100644 --- a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb +++ b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb @@ -14,8 +14,8 @@ class MetasploitModule < Msf::Exploit::Remote 'Name' => 'FTPShell 5.1 Stack Buffer Overflow', 'Description' => %q{ This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets - triggered when the ftp client tries to process an overly response to a PWD command. - This will overwrite the saved EIP and structured exception handler. + triggered when the ftp client tries to process an overly long response to a PWD + command. This will overwrite the saved EIP and structured exception handler. }, 'Author' => [ diff --git a/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb b/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb index 99cf90476f..deac206ed2 100644 --- a/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb +++ b/modules/exploits/windows/http/ibm_tivoli_endpoint_bof.rb @@ -19,7 +19,7 @@ class MetasploitModule < Msf::Exploit::Remote This issue can be triggered by sending a specially crafted HTTP POST request to the service (lcfd.exe) listening on TCP port 9495. To trigger this issue authorization is required. This exploit makes use of a second vulnerability, a hardcoded account - (Tivoli/boss) is used to bypass the authorization restriction. + (tivoli/boss) is used to bypass the authorization restriction. }, 'Author' => [ diff --git a/modules/exploits/windows/local/ms10_015_kitrap0d.rb b/modules/exploits/windows/local/ms10_015_kitrap0d.rb index 6c7d64db39..f195409a4f 100644 --- a/modules/exploits/windows/local/ms10_015_kitrap0d.rb +++ b/modules/exploits/windows/local/ms10_015_kitrap0d.rb @@ -18,7 +18,7 @@ class MetasploitModule < Msf::Exploit::Local 'Name' => 'Windows SYSTEM Escalation via KiTrap0D', 'Description' => %q{ This module will create a new session with SYSTEM privileges via the - KiTrap0D exploit by Tavis Ormandy. If the session is use is already + KiTrap0D exploit by Tavis Ormandy. If the session in use is already elevated then the exploit will not run. The module relies on kitrap0d.x86.dll, and is not supported on x64 editions of Windows. },