Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution...

Internet Explorer 'winhlp32.exe' 'MsgBox()' Remote Code Execution Vulnerability

No description provided by source. Microsoft Internet Explorer is prone to a remote code execution vulnerability. Source iSEC Security Research: http://isec.pl/vulnerabilities10.html Attackers can exploit this issue to execute arbitrary code in the context of the user running the application...

Internet Explorer winhlp32.exe 'MsgBox()'远程代码执行漏洞

BUGTRAQ ID: 38463 CVECAN ID: CVE-2010-0483 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 用户可以使用VBScript从IE调用winhlp32.exe服务，如果向该服务传送了恶意的.HLP文件就会导致执行任意命令。 必需一些用户交互才可以触发这个漏洞，在显示MsgBox弹出框时用户需要按下F1。以下是MsgBox函数的句法： MsgBoxprompt,buttons,title,helpfile,context...

Stack overflow

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument aka helpfile argument to the MsgBox function,...

Design/Logic Flaw

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a 1 local pathname, 2 UNC share pathname, or 3 WebDAV server with a...

CVE-2010-0483

CVE-2010-0483 targets VBScript.dll in VBScript 5.1/5.6/5.7/5.8 on Windows 2000 SP4, XP SP2/SP3, and Server 2003 SP2. When Internet Explorer is used, referencing a crafted .hlp file via the MsgBox function’s helpfile argument (local, UNC, or WebDAV) can lead to code execution via winhlp32.exe if t...

Internet Explorer 'winhlp32.exe' 'MsgBox()' Code Execution Vulnerability

Exploit for unknown platform in category remote exploits =============================================================================== Internet Explorer 'winhlp32.exe' 'MsgBox' Remote Code Execution Vulnerability ===============================================================================...

Microsoft VBScript MsgBox Call with Malicious HLP File (CVE-2010-0483)

A remote code execution vulnerability has been discovered in the way that VBScript interacts with Windows Help files when using Internet Explorer. The vulnerability is due to the VBScript functionality available from within Internet Explorer that exposes the MsgBox function, allowing script on a...

Microsoft Windows CSRSS MSGBox远程代码执行漏洞

Microsoft Windows是一款商业性质的操作系统。 Microsoft Windows客户端/服务端实时子系统处理存在问题，远程攻击者可以利用漏洞以系统进程权限执行任意指令。 由于CSRSS服务处理错误消息存在问题，攻击者通过构建特殊的应用程序来触发此漏洞，可导致以系统进程权限执行任意指令。目前没有详细漏洞细节提供。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microso...

Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability

Description Microsoft Windows CSRSS client/server run-time subsystem MsgBox is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Note that this issue can also be exploited locally by an authenticated user to...

CVE-2006-4732

The CVE concerns Microsoft Visual Basic 6 (VB6). A vulnerability arises in a project containing a specific Click event procedure (demonstrated with msgbox and VB.Label) that causes an unspecified overflow. The affected component is the VB6 runtime/IDE context where the Click event triggers the ov...