14 matches found
Fake Software Update Abuses NetSupport Remote Access Tool
Over the last few months, FireEye has tracked an in-the-wild campaign that leverages compromised sites to spread fake updates. In some cases, the payload was the NetSupport Manager remote access tool RAT. NetSupport Manager is a commercially available RAT that can be used legitimately by system...
WinDBG and JavaScript Analysis
This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...
Internet Explorer 8-11, IIS, CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialize
A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and execute arbitrary code. This includes all versions of Microsof...
Microsoft Internet Explorer 8/9/10/11 / IIS / CScript.exe/WScript.exe VBScript - CRegExp..Execute Use of Uninitialized Memory (MS14-080/MS14-084)
!-- Source: http://blog.skylined.nl/20161107001.html Synopsis A specially crafted script can cause the VBScript engine to access data before initializing it. An attacker that is able to run such a script in any application that embeds the VBScript engine may be able to control execution flow and...
CVE-2007-5653
The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...
Microsoft Windows Script Host 'wshesn.dll' DLL装载任意代码执行漏洞
Bugtraq ID: 49436 Windows Scripting Host是一款Windows操作系统脚本语言程序。 Windows Scripting Host wscript.exe不安全装载wshesn.dll库,攻击者可以诱使用户在远程WebDAV或SMB共享上打开js, jse, vbe, vbs, wsf, wsh文件,可以以用户安全上下文装载任意库。 Microsoft Windows Script Host 5.6 厂商解决方案 目前没有详细解决方案提供: http://www.microsoft.com...
Microsft COFEE v1.1.2 DLL Hijacking Exploit
=========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit =========================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 / / / / / / 1 1 / / 0 0 ////// //...
Microsft COFEE v1.1.2 DLL Hijacking Exploit
Exploit for windows platform in category local exploits =========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit =========================================== =========================================== Microsft COFEE v1.1.2 DLL Hijacking Exploit...
Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)
===================================================================== Founded By: Kamran Safaei Tabrizik4mr4nstatyahoodotcom Securitylab Security Research Team Website: http://www.securitylab.ir Special Thanks: Mazo shinozuki, BangoDragon...
Microsoft Windows wscript.exe DLL Hijacking Exploit
===================================================================== Founded By: Kamran Safaei Tabrizik4mr4nstatyahoodotcom Securitylab Security Research Team Website: http://www.securitylab.ir Special Thanks: Mazo shinozuki, BangoDragon...
Microsoft Windows wscript.exe (XP) DLL Hijacking Exploit (wshfra.dll)
Exploit for windows platform in category local exploits ===================================================================== Microsoft Windows wscript.exe XP DLL Hijacking Exploit wshfra.dll ===================================================================== Microsoft Windows wscript.exe XP DL...
wscript.exe DLL Hijacking Exploit
wscript.exe XP DLL Hijacking Exploit wshfra.dll Author : Mohamed Clay Greetz : linuxac.org && isecur1ty.org && security4arabs.com && v4-team.com && all My Friends note : EveryOne is happy with DLL Hijacking YooooPiiii!!!! Tested on: Windows XP How to use : Place a .jse file and wshfra.dll in same...
Find Windows Admin Tools over WMI if IIS installed (win)
If IIS installed, find Windows Admin Tools over WMI: arp.exe, at.exe, atsvc.exe, cacls.exe, cmd.exe, cscript.exe, debug.exe, edit.com, edlin.exe, ftp.exe, finger.exe, ipconfig.exe, net.exe, netsh.exe, netstat.exe, nslookup.exe, ping.exe, poledit.exe, posix.exe, qbasic.exe, rcp.exe, rdisk.exe,...
CVE-2007-5653
The Component Object Model COM functions in PHP 5.x on Windows do not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control...