2 matches found
IcoFX ICO处理缓冲区溢出漏洞
BUGTRAQ ID:64221 CVE ID:CVE-2013-4988 IcoFX是一款免费的图标设计编辑工具。 IcoFX在读取ICONDIRENTRY结构时存在一个边界错误,允许攻击者利用漏洞构建恶意ICO文件,如ICONDIR结构中包含超大"idCount"值,诱使用户解析,可触发基于栈的缓冲区溢出。远程攻击者可以利用漏洞可使应用程序崩溃或可执行任意代码。 0 IcoFX IcoFX 2.5 目前没有详细解决方案提供: http://www.icofx.ro/ This module requires Metasploit:...
GestioIP Remote Command Execution
This module exploits a command injection flaw to create a shell script on the filesystem and execute it. If GestioIP is configured to use no authentication, no password is required to exploit the vulnerability. Otherwise, an authenticated user is required to exploit. This module requires...