COM-Hunter - COM Hijacking VOODOO

COM Hijacking VOODOO COM-hunter is a COM Hijacking persistnce tool written in C. This tool was inspired during the RTO course of @zeropointsecltd Features Finds out entry valid CLSIDs in the victim's machine. Finds out valid CLSIDs via Task Scheduler in the victim's machine. Finds out if someone...

Microsoft Windows ActiveX Control Multiple Vulnerabilities (2820197)

This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Cisco Products ActiveX Control Multiple Vulnerabilities

This host is installed with Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbciscoprdtsactivexmultvuln.nasl 7172 2017-09-18 11:07:34Z cfischer $ Cisco Products ActiveX Control Multiple Vulnerabilities Authors:...

Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)

This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)

This host is missing a critical security update according to Microsoft Bulletin MS08-032. OpenVAS Vulnerability Test $Id: gbms08-032.nasl 5362 2017-02-20 12:46:39Z cfi $ Description: Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability 950760 Authors: Madhuri D...

Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)

This host is missing a critical security update according to Microsoft Bulletin MS08-032. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Data Analyzer ActiveX Control Vulnerability (978262)

This host is missing a critical security update according to Microsoft Bulletin MS10-008. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Office Web Components ActiveX Control 'msDataSourceObject()' Code Execution Vulnerability

Description Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC10.Spreadsheet ActiveX control. The control is identified by the following CLSIDs: 0002E541-0000-0000-C000-000000000046 0002E559-0000-0000-C000-000000000046 An attacker could exploit...

RealNetworks RealPlayer rmoc3260 ActiveX Control Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control exposed through the following CLSIDs:...

AOL Radio AOLMediaPlaybackControl.exe stack buffer overflow

Overview The AOL AOLMediaPlaybackControl application contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description AOL Radio includes several ActiveX controls to stream audio in web pages. The AOL AmpX and...

SupportSoft ActiveX controls contain multiple buffer overflows

Overview The SupportSoft ActiveX controls contain multiple buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SupportSoft provides multiple ActiveX packages that are used by third party vendors to...

Microsoft Windows WebViewFolderIcon ActiveX integer overflow

Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft WebViewFolderIcon object is an ActiveX control that comes with...

CVE-2005-2831

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of t...

CVE-2005-2127

CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...

CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...

CVE-2005-1990

CVE-2005-1990 affects Internet Explorer 5.0, 5.5, and 6.0. The vulnerability arises from improper instantiation of certain COM objects as ActiveX controls, causing a buffer/memory corruption in the host process and potentially enabling command execution or a crash. Affected components include a s...

CVE-2005-2087

CVE-2005-2087 affects Internet Explorer on Windows, via the JView Profiler (Javaprxy.dll) COM object. The vulnerability is a heap overflow when the COM object is instantiated from a crafted web page, potentially allowing arbitrary code execution or a crash in the user’s context. Exploitation requ...