This module exploits a vulnerability found in Aladdin Knowledge System's ActiveX component. By supplying a long string of data to the ChooseFilePath() function, a buffer overflow occurs, which may result in remote code execution under the context of the user.
The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function 'RtlDosPathNameToNtPathName_U' and may be exploited through other programs that use the library if an attack vector permits it. One of these programs is the implementation of WebDAV that ships with IIS 5.0. The vector allows for the vulnerability in ntdll.dll to be exploited by a remote attacker. Several other library functions which call the vulnerable ntdll.dll procedure have been identified. Administrators are advised to patch as other attack vectors are likely to surface. Microsoft has revised its advisory to state that this vulnerability affects Windows NT systems. As Windows NT does not support WebDAV, exploits using WebDAV as the attack vector will not be effective against Windows NT systems. Windows XP does not also include WebDAV by default, but other attack vectors may be possible, especially in cases where the attacker has interactive access to the system. WebDAV may be installed by a user on Windows XP with IIS 5.1, so WebDAV may be a possible means of exploitation in these circumstances. Reports suggest that numerous hosts have been scanned in an attempt to exploit this vulnerability. Although unconfirmed, this may be the result of a system of automated attacks. It has been reported that this vulnerability is also present in the 'RtlGetFullPathName_U' function. The supplied Microsoft patch (Q815021) also corrects this function. It has been reported that the W32.Welchia.Worm, described in MCID 1811, is actively exploiting this vulnerability.
The Freefloat FTP Server version 1.0 is vulnerable to a buffer overflow attack in the PUT command. This allows an attacker to execute arbitrary code on the target system.
The man program does not properly handle certain types of input. An attacker can exploit this vulnerability by creating a malicious man page that executes arbitrary commands when processed by the program.
This exploit is for WFTPD server version 3.23, targeting the buffer overflow vulnerability in the SIZE command. The exploit allows remote attackers to execute arbitrary code on the target system. The exploit has been coded by h07 and has been tested on XP SP2 Polish and 2000 SP4 Polish. The exploit requires the attacker to provide the IP address of the target server, their username, and password. After successful exploitation, a reverse shell is opened on port 4444. The shellcode used in the exploit is a win32 reverse shellcode from metasploit.com.
Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers.
Sendmail is prone to a remotely buffer-overflow vulnerability in the SMTP header parsing component. Successful attackers may exploit this vulnerability to gain control of affected servers.
The vulnerability exists due to insufficient bounds checking on input supplied via the HCP URI parameter. An attacker can exploit this vulnerability by making a HCP request with an overly long string. This will trigger the overflow condition and may result in malicious attacker-supplied code being executed on the vulnerable system.
A buffer overflow vulnerability exists in AbsoluteTelnet due to insufficient bounds checking when setting the title bar of the client. An attacker can exploit this vulnerability by enticing a victim user to view a website with malicious HTML tags, leading to a buffer overflow condition and potential code execution.
A directory traversal vulnerability has been discovered in several games that use certain versions of the Unreal Engine. Attackers can exploit this vulnerability to navigate outside of the game's installation directory by utilizing directory traversal sequences. By referencing specific files, it is also possible to cause the game client to crash.
Services By CQR