StarUML suffers from an active-x buffer overflow vulnerability in WinGraphviz.dll.
a8d94b18626e5b59a73980f526dd3aff048ed84051f5615710da80410c908485TEC-IT TBarCode OCX active-x control TBarCode4.ocx version 4.1.0 buffer overflow proof of concept exploit.
9e7504858cd2b2e3b4c2b733618f991d98aa8fa02a48edb3d38372d57d04fb75AXIS Media Control suffers from an ActiveX file corruption vulnerability. The vulnerability exists due to the ActiveX control including insecure "StartRecord()", "SaveCurrentIm age()" and "StartRecordMedia()" methods in "AxisMediaControlEmb.dll" DLL. This can be exploited to corrupt or create arbitrary files in the context of the current user.
2c7f0f9dc413f306ab4175eaf1c5a26e6f9f46c26e980683a1c746fe13d1344aThis Metasploit module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX component, specifically PDF_IN_1.ocx. When a long string of data is given to the ConnectToSynactis function, which is meant to be used for the ldCmdLine argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry class pointer saved on the stack, and results in arbitrary code execution under the context of the user. Also note that since the WinExec function is used to call the default browser, you must be aware that: 1) The default must be Internet Explorer, and 2) When the exploit runs, another browser will pop up. Synactis PDF In-The-Box is also used by other software such as Logic Print 2013, which is how the vulnerability was found and publicly disclosed.
717b46a540961e751ccf7b61962579a6966ed5098437c588fd29d0ce3364ac7bThis Metasploit module abuses the java.sql.DriverManager class where the toString() method is called over user supplied classes, from a doPrivileged block. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play on IE throw a specially crafted JNLP file. This bypass is applied mainly to IE, when Java Web Start can be launched automatically throw the ActiveX control. Otherwise the applet is launched without click-to-play bypass.
1b4db1b27c17aab0b21ca54b384927fd35c2a31fb00fd5b3dfb2d240422f385fThis Metasploit modules exploits a vulnerability found in the Oracle WebCenter Content CheckOutAndOpenControl ActiveX. This vulnerability exists in openWebdav(), where user controlled input is used to call ShellExecuteExW(). This Metasploit module abuses the control to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the CheckOutAndOpenControl ActiveX installed with Oracle WebCenter Content 11.1.1.6.0.
b0e1c2b4d5000f5d54ab03faad81b1e6f76cdaf93878521b78deb176531d5582SIEMENS Solid Edge ST4 SEListCtrlX active-x control SetItemReadOnly suffers from an arbitrary memory rewrite remote code execution vulnerability. Proof of concept included.
6c6ea1a9c072ee2af175d48c30c8a9025b2eddad5dddcf7ee400ddb53f111796This Metasploit module exploits a heap based buffer overflow in the C1Tab ActiveX control, while handling the TabCaption property. The affected control can be found in the c1sizer.ocx component as included with IBM SPSS SamplePower 3.0. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1.
99fdd7d6b7ffc3bcb3ad029cfcdb362a9cb2e0bb387ffdddfabe715b79e167a0SIEMENS Solid Edge ST4 WebPartHelper active-x control RFMSsvs!JShellExecuteEx suffers from a remote command execution vulnerability. Proof of concept included.
bba4a31d339af5605fe114b27057d1acf37770767071972f2e917ba1e3684b20Borland Silk Central version 12.1 TeeChart Pro active-x control suffers from an AddSeries remote code execution vulnerability.
3487efa60e709db37782fa39c6eb16e87b57eb70ce5b1c0251f9a7ceec7a159aThe Java active-x control in Java Web Start Launcher suffers from a memory corruption vulnerability.
bda67853310f31100eb0d7eabe5f41ccba0af48ed6d9d0588dbc627b879ca5c2McAfee Virtual Technician (MVT) 6.5.0.2101 suffers from an exposed unsafe active-x method.
55fc445bc2332b108a292b07dc1275003a836cf017d276122b75dab94844b2a7LiquidXML Studio 2012 active-x insecure method executable file creation exploit.
6229e6a4ed53e4f7fa659d84fce3e63cba583a5308f9dd12b2ecceb5f4d277b4LiquidXML Studio 2010 active-x insecure method executable file creation exploit.
d7802fe8f8971ac958b1ceae16b3c8417f9ad33014ba900fd85193453802609eMitsubishi MX Component version 3 remote exploit that binds a shell to port 5500.
f9719948c2c98d6b095ce092b25be702eceda9fb377c0bb7f0b7c81a29f57509EastFTP Active-X control version 4.6.02 code execution exploit.
47eaaf588524ad7407e7c1eb004c09636584ead0b6cece7bf2405b531a30fe71WinCC stores Windows user credentials (user names and passwords) in a database. Authenticated users can log into this database, break the existing obfuscation and extract passwords. Furthermore, the database permissions allowed unprivileged users to gain access to sensitive data. A third vulnerability was found in the WinCC web server, where authenticated users could browse the file system via URL manipulation and extract sensitive information. A fourth vulnerability was found in the ActiveX component "RegReader", which is vulnerable to a buffer overflow and possible remote code execution. Manipulated project files can trigger a fifth vulnerability, which can allow an attacker to take over the WinCC PC. Furthermore a communication component called CCEServer is vulnerable to a remote buffer overflow that can be triggered over the network.
871db31131d047fe9c609554c28f03dc8cf0ca905160d6f028d4e6fe6945be60This Metasploit modules exploits a vulnerability found in the Honeywell HSC Remote Deployer ActiveX. This control can be abused by using the LaunchInstaller() function to execute an arbitrary HTA from a remote location. This Metasploit module has been tested successfully with the HSC Remote Deployer ActiveX installed with HoneyWell EBI R410.1.
1f3cef2a50e87d41ca54ec3ec66187a9eab588ff63fb1178c75bc47d21f21a3cThis Metasploit module exploits a vulnerability in the Novell GroupWise Client gwcls1.dll ActiveX. Several methods in the GWCalServer control use user provided data as a pointer, which allows to read arbitrary memory and execute arbitrary code. This Metasploit module has been tested successfully with GroupWise Client 2012 on IE6 - IE9. The JRE6 needs to be installed to achieve ASLR bypass.
2bb2812e974be928ec96a6f900361814c1ad01f386937d1ecad587eb0c260f83Aloaha PDF Crypter version 3.5.0.1164 suffers from an active-x arbitrary file overwrite vulnerability.
7fa8744017306fcb9f8b6287e11861e540f90887c71065266540838aa74a25cdThis Metasploit modules exploits a vulnerability found in the Honeywell Tema ActiveX Remote Installer. This ActiveX control can be abused by using the DownloadFromURL() function to install an arbitrary MSI from a remote location without checking source authenticity or user notification. This Metasploit module has been tested successfully with the Remote Installer ActiveX installed with HoneyWell EBI R410.1 - TEMA 5.3.0 and Internet Explorer 6, 7 and 8 on Windows XP SP3.
b30345fc0ce669f179e6185df91c57d68d20a383c5a011c0ba877c1319ef539bThis Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
2570396e9a994f0f9128106991e69dcb968d0dde0fbe6d004afd9587713e5cbbThis Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the dwa85W.dll installed with the IBM Lotus iNotes ActiveX installer. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the dwa85W.dll 85.3.3.0 as installed with Lotus Domino 8.5.3. In order to bypass ASLR the no aslr compatible module dwabho.dll is used. This one is installed with the iNotes ActiveX.
a5379e9a43da683cd4806d1f1e1d548d9998b0760444a32f658bcd9210c0c210Zero Day Initiative Advisory 12-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Honeywell HMIWeb. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ActiveX control defined within the HSCDSPRenderDll.dll file. The RequestDSPLoad method does not properly verify the length of a supplied argument before copying it into a fixed-length heap buffer. A remote attacker can abuse this to execute arbitrary code under the context of the user running the browser.
4ac919bae121d6edc00347b47cae4d1aa8f60447c1cb6d2bc673cf9f19bcb690This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.
e2e444f4f608cf2a5267e52972251a3f6dc63fb45578a2ac18f6eb5ad4684ec0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed