EUVD-2003-0301

Malware in sbrugna...

EUVD-2006-3966

Malware in sbrugna...

EUVD-2002-2253

Malware in sbrugna...

Published Explorer.exe and other applications close instantly after launch

When a published application such as Explorer is started, it closes instantly. Please note: this can also apply to many other applications that exhibit this behavior and not excluded to just explorer.exe. This is a built-in timer in Terminal Services which dictates if a session is not fully...

Researchers Warn of 'Raspberry Robin' Malware Spreading via External Drives

Cybersecurity researchers have discovered a new Windows malware with worm-like capabilities and is propagated by means of removable USB devices. Attributing the malware to a cluster named "Raspberry Robin," Red Canary researchers noted that the worm "leverages Windows Installer to reach out to...

Backdoor.Win32.VB.afu Insecure Transit

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6ba7fcb9eb9bdd7e081e2e84e784dcbB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.afu Vulnerability: Insecure Transit Password Disclosure Description: The malware...

Backdoor.Win32.VB.afu Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c6ba7fcb9eb9bdd7e081e2e84e784dcb.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.VB.afu Vulnerability: Insecure Permissions Description: The malware writes an .EXE wi...

Virus.Win32.Shodi.e Remote Command Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Unauthenticated Remote Command Execution Description: The virus...

Trojan.Win32.Agent.zfgh Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/a2017b547da2f06c6d7c02398cc481f6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.zfgh Vulnerability: Insecure Permissions Description: Agent.zfgh creates an hidde...

Backdoor.Win32.Agent.xs Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/6c51a5ba17ffd317ad08541e20131ef3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Agent.xs Vulnerability: Insecure Permissions Description: The malware creates a hidde...

Nextcloud: Memory Leak in OCUtil.dll library in Desktop client can lead to DoS

The function IsChildFileconst wchart rootFolder, const wchart file in FileUtil.cpp allocates memory on line 42 and fails to free it. The following PoC code can provide evidence. The code and the PoC executable is attached to this report. Also OCUtils.dll and OCUtilsx64.dll library which is...

RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

Introduction Through FireEye Dynamic Threat Intelligence DTI, we observed RIG Exploit Kit EK delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner similar activity has been reported by Trend Micro. Apart from leveraging a...

Windows Manage Privilege Based Process Migration

This module will migrate a Meterpreter session based on session privileges. It will do everything it can to migrate, including spawning a new User level process. For sessions with Admin rights: It will try to migrate into a System level process in the following order: ANAME if specified,...

Microsoft Windows XP Explorer.EXE Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9924/info Microsoft Windows Explorer for Windows XP has been reported to be prone to a remote denial of service vulnerability. This issue is due to a failure of the application to properly validate user-supplied input via...

Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11202/info Explorer.exe that ships with Microsoft Windows XP prior to Windows XP SP2 is reported prone to a denial of service vulnerability. The vulnerability is reported to exist when Explorer.exe handles certain TIFF...

Windows Explorer 6.0.2900.5512 (Shmedia.dll 6.0.2900.5512) AVI Preview DoS PoC

No description provided by source. done by BraniX [email protected] www.hackers.org.pl found: 2011.03.27 published: 2011.03.29 tested on: Windows XP SP3 Home Edition tested on: Windows XP SP3 Professional Edition App: Windows Explorer 6.0.2900.5512 Shmedia.dll 6.0.2900.5512 App Url:...

CVE-2013-6486

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2013-6486

gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction of an explorer.exe command. NOTE: this vulnerability exists because of an incomplete fix for...

Windows Service Pack 2 (explorer.exe) Memory Corruption

Exploit for windows platform in category local exploits This is private exploit. You can buy it at https://0day.today...

Microsoft Windows Explorer 6.0.2900.5512 - 'Shmedia.dll 6.0.2900.5512' AVI Preview Denial of Service (PoC)

done by BraniX www.hackers.org.pl found: 2011.03.27 published: 2011.03.29 tested on: Windows XP SP3 Home Edition tested on: Windows XP SP3 Professional Edition App: Windows Explorer 6.0.2900.5512 Shmedia.dll 6.0.2900.5512 App Url: http://www.micro$oft.com Shmedia.dll 6.0.2900.5512 MD5:...