218 matches found
Internet Bug Bounty: Adobe Flash Player Race Condition Vulnerability
Adobe Flash Player is prone to a race condition vulnerability which leads to Use After Free. COM Object will be initialized twice and uninitialized when the count number decrement to zero by the main thread. As we could force the second initialization being called by a Worker thread, the...
Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007)
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC docume...
Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)
Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll MS15-132 Source: https://code.google.com/p/google-security-research/issues/detail?id=556 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially...
Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)
Source: https://code.google.com/p/google-security-research/issues/detail?id=514 It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the late...
Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation
Source: https://code.google.com/p/google-security-research/issues/detail?id=437 Windows: CreateObjectTask SettingsSyncDiagnostics Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in earlier Windows versions Class: Elevation of Privilege Summary: The...
MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit
No description provided by source. % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%...
MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer
MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh Unhandled Pointer % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoin...
MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit
Exploit for windows platform in category remote exploits % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD =...
MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer
% Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%u" & MidstrTmp, 5, 2 & MidstrTmp, 7...
Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1224/info The DocumentComplete function in IE does not properly validate origin domains. Therefore it is possible for a remote webserver to gain read access to local files on the machine of any website visitor or email...
MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow
No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File...
Softwin BitDefender AvxScanOnlineCtrl COM Object Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10175/info Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by an information disclosure vulnerability. This issue is due to a design error that allows a remote user to execute a method in the offending...
Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19521/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs because the application fails to load a DLL library when instantiated as an ActiveX control. An attacker may exploit...
Softwin BitDefender AvxScanOnlineCtrl COM Object Remote File Upload And Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10174/info Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded a...
Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14594/info Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a buffer overflow that is exposed during COM object instantiation. The list of vulnerabl...
MW6 Technologies DataMatrix ActiveX (Data param) - Buffer Overflow
No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow PROBABLY leading to arbitrary code execution. COM Object - DE7DA0B5-7D7B-4CEA-8739-65CF600D511E MW6DataMatrix Class File...
Mcafee FreeScan CoMcFreeScan Browser Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10077/info Reportedly the Mcafee FreeScan 'McFreeScan.CoMcFreeScan.1' COM object is prone to a remote information disclosure vulnerability. This issue is due to a failure of the object to properly validate information...
Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/19636/info Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues may be remotely triggered through Internet Explorer. The...
Flash Player (Flash6.ocx) AllowScriptAccess DoS PoC
No description provided by source. !-- Title : Flash Player Flash6.ocx AllowScriptAccess DoS PoC Found By : DrIDE Tested on : Windows XPSP3 VM + IE7 COM Object ID : D27CDB6E-AE6D-11cf-96B8-444553540000 Shockwave Flash Object COM Object Filename : C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx File...
Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19572/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability that occurs when instantiating Visual Studio COM objects. The vulnerability arises because of the way Internet Explorer tries to...