26 matches found
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...
MS14-060 Microsoft Windows OLE Package Manager Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Windows Object Packager Insecure Execution
Added: 01/24/2012 CVE: CVE-2012-0009 BID: 51297 OSVDB: 78212 Background Windows Object Packager is a tool that can be used to create a package that can be inserted into a file. Problem A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on networ...
Microsoft Windows multiple security vulnerabilities
SafeSEH protection bypass, Windows Object Packager code execution, CSRSS privilege escalation, DirectShow / Windows Media memory corruption, Windows Packager code execution, SSL/TLS information leakage...
Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
This host is missing an important security update according to Microsoft Bulletin MS12-002. OpenVAS Vulnerability Test $Id: secpodms12-002.nasl 5341 2017-02-18 16:59:12Z cfi $ Microsoft Windows Object Packager Remote Code Execution Vulnerability 2603381 Authors: Madhuri D Copyright: Copyright c...
CVE-2012-0009
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file...
Design/Logic Flaw
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file...
CVE-2012-0009
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file...
CVE-2012-0009
CVE-2012-0009 affects Windows Object Packager handling in Windows XP SP2/SP3 and Windows Server 2003 SP2. The vulnerability stems from how Object Packager registers/implements packages stored on network shares, WebDAV, and UNC paths, allowing local privilege escalation via a Trojan horse executab...
Microsoft Windows Object Packager Insecure Executable Launching (MS12-002; CVE-2012-0009)
A remote code execution has ben reported in Microsoft Windows...
MS12-002: Vulnerability in Windows Object Packager Could Allow Remote Code Execution (2603381)
The remote host is affected by a remote code execution vulnerability when handling files with embedded packaged objects. An attacker can exploit this vulnerability by tricking a user into opening a legitimate file with an embedded packaged object file that is located in the same network directory...
Microsoft Windows Object Packager Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affect...
Microsoft Windows Object Packager dialog spoofing
Code execution with .RTF or .WRI file embedded object...
Spoofing security dialog in object packager - 2
A few months ago, I found that in all versions of windows xp are vulnerable: In object packager, if one created a command line, eg "format a: /X" and wanted to hide it, leave the icon and label to anything, really, and change the command line to 'cmd /c format a: /X ..securitylog.txt'. It will...
Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing
I knew about this particular flaw for some time . honestly I found it by accident, like I think the the security researcher from secunia did...or maybe it leaked from where I posted it?!?!?!!! :P. This could be a bit more critical if : 1 a '' not a '/' was placed at the end of the command line...
Secunia Research: Microsoft Windows Object Packager Dialog Spoofing
====================================================================== Secunia Research 11/10/2006 - Microsoft Windows Object Packager Dialog Spoofing - ====================================================================== Table of Contents Affected...
CVE-2006-4692
Argument injection vulnerability in the Windows Object Packager packager.exe in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" slash character in the filename of the Command Line...