Microsoft Win32k - Keyboard Layout (MS10-073)

Microsoft Win32k - Keyboard Layout MS10-073 // My koala is staring at you CºgºD // Source: http://reversemode.com/index.php?option=comcontent&task=view&id=71&Itemid=1 include include include define MAGICOFFSET 0x6261 define InitializeUnicodeStrp,s \ p-Length= wcslens2; \ p-MaximumLength =...

MOXA Device Manager Tool 2.1 - Remote Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MOXA Device Manager Tool 2.1 Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in MOXA MDM Tool 2.1. When sending ...

MOXA Device Manager Tool 2.1 - Buffer Overflow (Metasploit)

MOXA Device Manager Tool 2.1 - Buffer Overflow Metasploit. CVE-2010-4741. Local exploit for Windows platform This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MOXA Device Manager Tool 2.1 Buffer...

Apple QuickTime 7.6.7 _Marshaled_pUnk Code Execution

$Id: applequicktimemarshaledpunk.rb 10196 2010-08-30 21:52:45Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft - MSHTML.dll CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak

Microsoft - MSHTML.dll CTIMEOUTEVENTLIST::INSERTINTOTIMEOUTLIST Memory Leak mshtml.dll CTimeoutEventList::InsertIntoTimeoutList Timer ID Pointer leak - Rubén Santamarta www.reversemode.com var i = 1; // counter function LeakOrDie var t; t=setInterval"foo",2000; t-=i;...

MS Windows (NtClose DeadLock) Vulnerability PoC (MS06-030)

No description provided by source. //////////////////////////////////////////////////////////////////////////////// ///////// MRXSMB.SYS NtClose DEADLOCK exploit/////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// //November 19,2005...

[Reversemode Advisory] CheckPoint ZoneLabs Vsdatant.sys multiple local privilege escalation vulnerabilities

CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Ruben Santamarta rubenatreversemodedotcom 08.20.2007 Affected Products: ZoneAlarm 7.0.362 Vsdatant.sys is exposed via “.vsdatant”. The permissive ACL allows everyone to invoke privileged IOCTLs implemented in the...

Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure

Microsoft Windows - NtRaiseHardError Csrss.exe Memory Disclosure ///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrss.exe memory disclosure ///////////////////////////////////////// ///// Ruben Santamarta /////...

Microsoft Windows - NtRaiseHardError 'Csrss.exe' Memory Disclosure

///////////////////////////////////////// ///////////////////////////////////////// ///// Microsoft Windows NtRaiseHardError ///// Csrss.exe memory disclosure ///////////////////////////////////////// ///// Ruben Santamarta ///// ruben at reversemode dot com ///// www.reversemode.com...

[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.

Computer Associates "Host Intrusion Prevention System" Engine Drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges. Two drivers are affected, kmxstart.sys and...

[Reversemode Advisory] Kaspersky Anti-Virus Privilege Escalation

Hi, Kaspersky Products are prone to a local privilege escalation. Unprivileged users can exploit this flaw in order to execute arbitrary code with Kernel privileges. Kaspersky implements its NDIS-TDI Hooking Engine using two drivers, which rely on an internal system of plugins. Plugin registering...

[Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation

Symantec Antivirus Engine is prone to a local privilege escalation vulnerability. Two Device Drivers are affected: NAVEX15.sys, NAVENG.sys. NAVEX15.sys LOW CONSTANT VALUE PAGE:0004B611 sub edx, 222AD3h PAGE:0004B617 push esi PAGE:0004B618 jz short loc4B63C loc4B63C: mov edx, ecx+3Ch PAGE:0004B63F...

Microsoft Windows XP/2000 - 'Mrxsmb.sys' Local Privilege Escalation (MS06-030)

/////////////////////////////////////////////////////////////////////////////////////// // Mrxsmb.sys XP & 2K Ring0 Exploit 6/12/2005 // Tested on XP SP2 && 2K SP4 // Disable ReadOnly Memory protection // HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\EnforceWriteProtecti...

Microsoft Windows - NtClose DeadLock (MS06-030)

Microsoft Windows - NtClose DeadLock MS06-030 //////////////////////////////////////////////////////////////////////////////// ///////// MRXSMB.SYS NtClose DEADLOCK exploit/////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// //Novemb...

Microsoft Windows - NtClose DeadLock (MS06-030)

//////////////////////////////////////////////////////////////////////////////// ///////// MRXSMB.SYS NtClose DEADLOCK exploit/////////////////////////////////// //////////////////////////////////////////////////////////////////////////////// //November 19,2005...