293 matches found
Gateway CWebLaunchCtl ActiveX控件远程栈溢出漏洞
BUGTRAQ ID: 27193 Gateway是美国一个著名的电脑品牌,产品包括PC、笔记本、外围设备等。 Gateway电脑所带的ActiveX控件实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 Gateway电脑中所安装的CWebLaunchCtl ActiveX控件(weblaunch.ocx)没有正确地验证对DoWebLaunch函数的输入,如果用户受骗访问了恶意网页并向该函数传送了超长参数的话,就可能触发栈溢出,导致执行任意指令。 Gateway weblaunch.ocx 1.0.0.1 临时解决方法: 在IE中禁用CWebLaunchCtl...
StreamAudio ChainCast ProxyManager - ccpm_0237.dll Remote Buffer Overflow
StreamAudio ChainCast ProxyManager - ccpm0237.dll Remote Buffer Overflow StreamAudio ChainCast ProxyManager ccpm0237.dll SEH Overwrite Exploit function Check var buf = 'A'; while buf.length = 242 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2...
Microsoft FoxServer - vfp6r.dll 6.0.8862.0 ActiveX Command Execution
Microsoft FoxServer - vfp6r.dll 6.0.8862.0 ActiveX Command Execution ----------------------------------------------------------------------------- Microsoft FoxServer vfp6r.dll 6.0.8862.0 Remote Command Execution url: http://www.microsoft.com Author: shinnai mail: shinnaiatautisticidotorg site:...
HP Info Center HPInfoDLL.DLL ActiveX控件多个任意代码执行漏洞
HP Info Center是一款设计用于HP笔记本用户快速查询信息信息和硬件配置的程序。 HP Info Center包含的HPInfoDLL.dll ActiveX控件存在设计问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 HPInfoDLL.dll的CLSID为: 62DDEB79-15B2-41E3-8834-D3B80493887A 默认包含于"Safe for Scripting" OLE组件,默认路径为C:\Program Files\Hewlett-Packard\HP Info Center,这个控件包含如下不安全方法: VARIANT...
迅雷5 pplayer.dll 组件漏洞
出现严重0-Day漏洞,病毒作者可利用该漏洞编写恶意网页,当用于浏览这些网页的时候,就会感染病毒,进而该病毒可以盗窃用户的帐号和密码,从而使用户遭受到损失。 与上次的不同,这次有漏洞的程序出现在迅雷看看(Thunder KanKan)上,pplayer.dll 组件版本号:1.2.3.49,CLSID:F3E70CEA-956E-49CC-B444-73AFE593AD7F. 该组件内的一个函数FlvPlayerUrl上,存在边界检查不严格的问题,当向其传递过长参数时,会导致程序溢出。病毒作者可以利用这个缺陷,精心编写Shellcode,溢出,然后可以下载任意恶意病毒文件。 迅雷5...
The next is you! PPlive 0Day net horse exposure! - Vulnerability warning-the black bar safety net
According to a recent malicious URL detection results, and found there part of the network Marley with the latest PPlive 0Day vulnerabilities in the spread, although the current number is not much, but I believe will soon become a net Horse the main force, and with the thunder, Baidu search PA,...
EasyMail MessagePrinter Object - emprint.dll 6.0.1.0 Remote Buffer Overflow
EasyMail MessagePrinter Object - emprint.dll 6.0.1.0 Remote Buffer Overflow pwnin'... //add su one, user: sun pass: tzu shellcode =...
Sun jre1.6.0_X isInstalled.dnsResolve Function Overflow PoC
No description provided by source. html body center Sun jre1.6.0X isInstalled.dnsResolve function overflow PoCbr Bug founded and code released by Yag Kohha. br Greetz to: br Shinnai, Str0ke br /center object classid="CLSID:5852F5ED-8BF4-11D4-A245-0080C6F74284" id="target"/OBJECT SCRIPT...
Photo Upload Plugin ActiveX控件多个缓冲区溢出漏洞
BUGTRAQ ID: 25685 CVECAN ID: CVE-2007-0326 Photo Upload Plugin ActiveX控件允许用户使用Internet Explorer上传数码相片。 Photo Upload Plugin ActiveX控件中存在多个缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 如果用户受骗浏览了恶意的HTML文档的话,就可能触发这些溢出,导致以当前用户的权限执行任意指令或浏览器崩溃。 PhotoChannel Networks Inc Photo Upload Plugin 2.0.0.9 临时解决方法: 在IE中禁用Photo...
Microsoft MFC Library - CFileFind::FindFile Buffer Overflow
Microsoft MFC Library - CFileFind::FindFile Buffer Overflow source: https://www.securityfocus.com/bid/25697/info The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of...
Microsoft MFC Library - CFileFind::FindFile Buffer Overflow
source: https://www.securityfocus.com/bid/25697/info The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of user-supplied input. Successfully exploiting this issue may allo...
HP - ActiveX 'hpqutil.dll' ListFiles Remote Heap Overflow (PoC)
:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: ActiveX hpqutil!ListFiles hpqutil.dll - Remote heap overflow. ============================================================= Internal ID: VULWAR200706041 introduction ------------ GOODFELLAS security research team has...
Callisto PhotoParade Player PhPInfo ActiveX control buffer overflow
Overview The Callisto PhotoParade Player PhPInfo ActiveX control contains a buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Callisto PhotoParade Player includes an ActiveX control called PhPinfo. The ActiveX control...
McAfee VirusScan 10.0.21 ActiveX control Stack Overflow PoC
Exploit for unknown platform in category dos / poc =========================================================== McAfee VirusScan 10.0.21 ActiveX control Stack Overflow PoC =========================================================== Proof of Concept - Mc Afee Viruscan Stack Overflow v10.0.21 Proof ...
Telecom Italy Alice Messenger Remote registry key manipulation Exploit
No description provided by source. !-- 04.50 20/08/2007 Telecom Italy Alice Messenger Hp.Revolution.RegistryManager.dll v.1 remote arbitrary registry key manipulation I mean this one: http://aiuto.alice.it/offerte/messenger/installazione.html this was 0day for a while, but ... who knows? the new...
Broderbund Expressit 3DGreetings Player ActiveX control buffer overflows
Overview The Broderbund Expressit 3DGreetings Player ActiveX control contains multiple buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The 3DGreetings Player is an ActiveX control that displays 3D greeting cards...
Yahoo! Messenger (YVerInfo.dll <= 2007.8.27.1) ActiveX BoF Exploit
No description provided by source. !-- Yahoo! Messenger YVerInfo.dll = 2007.8.27.1 ActiveX Control Buffer Overflows update YM : http://messenger.yahoo.com/securityupdate.php?id=082907 Functions : fvcom or info; RegKey Safe for Script: True RegKey Safe for Init: True - that functions are safely...
Yahoo! Messenger - 'YVerInfo.dll 2007.8.27.1' ActiveX Buffer Overflow
that functions are safely scriptable and exploitable by HeapSpray Technique Tested : Windows XP Professional SP2 all patched,Internet Explorer 7 That functions within this class can only be called if the control believes it is being run from the yahoo.com domain. - I used "Simple DNS Plus" for...
vmware-vielib-exec.txt
:. GOODFELLAS Security Research TEAM .: :. http://goodfellas.shellcode.com.ar .: vielib.dll 2.2.5.42958 VmWare Inc version 6.0.0 Remode Code Execution Exploit ============================================================================= Internal ID: VULWAR200707290. ----------- Introduction...
VMware Inc 6.0.0 CreateProcess Remote Code Execution Exploit
Exploit for unknown platform in category remote exploits ============================================================ VMware Inc 6.0.0 CreateProcess Remote Code Execution Exploit ============================================================ :. GOODFELLAS Security Research TEAM .: :...