This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.
59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71ebThis Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead to code execution. This vulnerability exists because an attacker can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.
fcc3f4d138a7fb7352da3e6cb2038a1b4776153656e84bcdef4857dab28eac23Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.
fa22daaea0233f0b687f938d605627bbae7fbc5bb28632e8d17422cd0cf0af81COMMAX UMS Client ActiveX Control version 1.7.0.2 suffers from a heap buffer overflow vulnerability.
e327f8ce34f952bbed55392b1785a9ab4b15bb16ed92be4015504e303d2002c1COMMAX WebViewer ActiveX Control version 2.1.4.5 suffers from a buffer overflow vulnerability.
66c11a5f5881cde4082cee18bde6149185ba1f5723e3fc7de7923c14cd71f29aAdobe Flash Active-X plugin version 28.0.0.137 remote code execution proof of concept exploit.
bb0fa282b90482503dc72b2186a6d3ff87113e77589dafc39357d24810e7b3faG DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.
a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0scrrun.dll on Microsoft Windows 10 suffers from file creation, folder creation, and folder deletion vulnerabilities.
49d89dc88ed2402a8520c7ee5184247e2f4e65960a730130ea9da0661c4a4a8aBarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.
6101e91a84aee00fafb0cebb5718a2df43f7b5c55b823edf4cf69caa14768177Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability.
7a763fcbbba221c4d0f3a6119bfab51308deda0cbd736da60d91585f0d089872UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.
ab4bfbe01de8884e92fde956506ce90ff8b75920f8923dace877792e43cd3b3bMicro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability.
c79368afc2366c417c9c7e601de6a8543ba47d00308cedc97805983a7b31a5adLEADTOOLS Active-X control suffers from multiple DLL side loading vulnerabilities.
5765a786f5fa25578ee0bc6a814af69b28abb785455fb61a51f48c7d3739e0e5Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.
675e8f8ab88e9c12215588d7fd0ea9ed4240581e811774c53a4d540b46b2fe91A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models. While password-based authentication is used by the ActiveX component to protect the login page, all the communication to the application server at port 9000 allows data to be communicated directly with insufficient or improper authorization. Proof of concept exploit included.
f2bc1717a93e9db3908a82aa2086b5693c8ed751e4401e4bc8ea701c009a43ecTango FTP active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects version 1.0 build 136.
7c5d287b7285d97c773bd521ba096c6d7155b06570a00ffc57b3294319a812a1Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.
3c8dfe4be4054d363a2c7bf83cffe6bedd810b2e267d01f52bc1df31959e51121 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.
ab3f148c4718d2a8ce1b5e910c5fb705d96975b4212916b4ca32116e08b624931 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.
8b01dc114225b25899010fb32a767a37a36147e0bb4170433e6f8f3deeaa00f2This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.
4db85b31081245af192050fe8238d0162d228493f03b7b13875c3b7820cfcf47The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.
ab552203002b5442f6c1bc8c385e038e6bf8f4fa91dcb2c7c81a0411c66078c7The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.
bd90ac6b31dacfbadf046e06c7deecd459efc8df1e4b12be5f77d4d95a82096fThe TRENDnet UltraCam ActiveX Control UltraCamX.ocx suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions TV-IP422WN and TV-IP422W are affected.
2d39a4ea21cf4afd0410a9a41c0e154ff98477ea7f9cd599dc79603605eed5e2Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.
f1107baceb903ca53318f0f5735854c6a5130cf3da81f5840dce6c8afe32091aThis Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.
2c87a396ae651d2548218234d6c075460d07bc9f8c985df84efe8276828e073e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed