Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007)

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC docume...

Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)

Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll MS15-132 Source: https://code.google.com/p/google-security-research/issues/detail?id=556 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially...

Microsoft Office / COM Object - 'els.dll' DLL Planting (MS15-134)

Source: https://code.google.com/p/google-security-research/issues/detail?id=514 It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the late...

Microsoft Windows - CreateObjectTask SettingsSyncDiagnostics Privilege Escalation

Source: https://code.google.com/p/google-security-research/issues/detail?id=437 Windows: CreateObjectTask SettingsSyncDiagnostics Elevation of Privilege Platform: Windows 8.1 Update I don’t believe it’s available in earlier Windows versions Class: Elevation of Privilege Summary: The...

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

No description provided by source. % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%...

MS SQL Server 2000/2005 SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer Exploit

Exploit for windows platform in category remote exploits % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD =...

MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

MS SQL Server 20002005 - SQLNS.SQLNamespace COM Object Refresh Unhandled Pointer % Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoin...

MS SQL Server 2000/2005 - SQLNS.SQLNamespace COM Object Refresh() Unhandled Pointer

% Function PaddingintLen Dim strRet, intSize intSize = intLen/2 - 1 For I = 0 To intSize Step 1 strRet = strRet & unescape"%u4141" Next Padding = strRet End Function Function PackDWORDstrPoint strTmp = replacestrPoint, "0x", "" PackDWORD = PackDWORD & UnEscape"%u" & MidstrTmp, 5, 2 & MidstrTmp, 7...

Softwin BitDefender AvxScanOnlineCtrl COM Object Remote File Upload And Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10174/info Reportedly the BitDefender AvxScanOnlineCtrl COM object is affected by a file upload and execution vulnerability. This issue is due to a design error that allows a remote user to specify a file to be uploaded a...

Microsoft Internet Explorer 6.0 IMSKDIC.DLL Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19521/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs because the application fails to load a DLL library when instantiated as an ActiveX control. An attacker may exploit...

Flash Player (Flash6.ocx) AllowScriptAccess DoS PoC

No description provided by source. !-- Title : Flash Player Flash6.ocx AllowScriptAccess DoS PoC Found By : DrIDE Tested on : Windows XPSP3 VM + IE7 COM Object ID : D27CDB6E-AE6D-11cf-96B8-444553540000 Shockwave Flash Object COM Object Filename : C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx File...

MW6 Technologies Aztec ActiveX (Data param) - Buffer Overflow

No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - F359732D-D020-40ED-83FF-F381EFE36B54 MW6Aztec Class File...

Internet Explorer 4.0/5.0/5.5 preview/5.0.1 - DocumentComplete() Cross Frame Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1224/info The DocumentComplete function in IE does not properly validate origin domains. Therefore it is possible for a remote webserver to gain read access to local files on the machine of any website visitor or email...

Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14594/info Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a buffer overflow that is exposed during COM object instantiation. The list of vulnerabl...

Microsoft Internet Explorer 6.0 - Multiple COM Object Color Property Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19640/info Microsoft Internet Explorer is prone to multiple denial-of-service vulnerabilities that occur when instantiating COM objects. The vulnerabilities arise because of the way Internet Explorer tries to instantiate...

Microsoft Internet Explorer 6.0 Visual Studio COM Object Instantiation Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19572/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability that occurs when instantiating Visual Studio COM objects. The vulnerability arises because of the way Internet Explorer tries to...

Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19636/info Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues may be remotely triggered through Internet Explorer. The...

Symantec Security Check Virus Detection COM Object Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10069/info Symantec Virus Detection is a web based service that detects viruses and trojan horses. It is a freely available service that can be run via Microsoft Internet Explorer, Netscape Communicator or Apple Safari we...

Mcafee FreeScan CoMcFreeScan Browser Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10077/info Reportedly the Mcafee FreeScan 'McFreeScan.CoMcFreeScan.1' COM object is prone to a remote information disclosure vulnerability. This issue is due to a failure of the object to properly validate information...

MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow

No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File...