Exploits 3471 - exploit.company

Microsoft Visual Studio Msmask32.ocx ActiveX Buffer Overflow

This module exploits a stack buffer overflow in Microsoft's Visual Studio 6.0. When passing a specially crafted string to the Mask parameter of the Msmask32.ocx ActiveX Control, an attacker may be able to execute arbitrary code.

N/A

CVSS

N/A

Buffer Overflow

Windows XP SP0-SP2 IE 6.0 SP0-SP2

Affected Version

Alexander Sotirov, skape

vendor:

Microsoft

Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability

This module exploits a heap overflow vulnerability in the KeyFrame method of the direct animation ActiveX control. This is a port of the exploit implemented by Alexander Sotirov.

Affected Version

Internet Explorer 6.0

To:

Internet Explorer 6.0

Adobe util.printf() Buffer Overflow

This module exploits a buffer overflow in Adobe Reader and Adobe Acrobat Professional < 8.1.3. By creating a specially crafted pdf that a contains malformed util.printf() entry, an attacker may be able to execute arbitrary code.

Windows XP SP3 English

Affected Version

unknown, hdm, pusscat, jduck, jabra

vendor:

Adobe

Adobe Doc.media.newPlayer Use After Free Vulnerability

This module exploits a use after free vulnerability in Adobe Reader and Adobe Acrobat Professional versions up to and including 9.2.

N/A

CVSS

N/A

Use After Free Vulnerability

Affected Version

IBM Lotus Domino Web Access Upload Module Buffer Overflow

This module exploits a stack buffer overflow in IBM Lotus Domino Web Access Upload Module. By sending an overly long string to the "General_ServerName()" property located in the dwa7w.dll and the inotes6w.dll control, an attacker may be able to execute arbitrary code.

Lotus Domino Web Access

Affected Version

Paul Craig, Dz_attacker, jduck

vendor:

Hyleos

Hyleos ChemView ActiveX Control Stack Buffer Overflow

This module exploits a stack-based buffer overflow within version 1.9.5.1 of Hyleos ChemView (HyleosChemView.ocx). By calling the 'SaveAsMolFile' or 'ReadMolFile' methods with an overly long first argument, an attacker can overrun a buffer and execute arbitrary code.

N/A

CVSS

N/A

Stack Buffer Overflow

Affected Version

EnjoySAP SAP GUI ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41) provided by EnjoySAP GUI. By sending an overly long string to the "PrepareToPostHTML()" method, an attacker may be able to execute arbitrary code.

SAP KWEdit ActiveX Control

Platforms Tested

Windows XP Pro SP0/SP1 English, Windows 2000 Pro English All

Affected Version

RealPlayer ierpplug.dll ActiveX Control Playlist Name Buffer Overflow

This module exploits a stack buffer overflow in RealOne Player V2 Gold Build 6.0.11.853 and RealPlayer 10.5 Build 6.0.12.1483. By sending an overly long string to the 'Import()' method, an attacker may be able to execute arbitrary code.

Affected Version

RealOne Player V2 Gold Build 6.0.11.853

To:

RealPlayer 10.5 Build 6.0.12.1483

Kazaa Altnet Download Manager ActiveX Control Buffer Overflow

This module exploits a stack buffer overflow in the Altnet Download Manager ActiveX Control (amd4.dll) bundled with Kazaa Media Desktop 3.2.7. By sending a overly long string to the 'Install()' method, an attacker may be able to execute arbitrary code.

Affected Version

Kazaa Media Desktop 3.2.7

To:

Kazaa Media Desktop 3.2.7

2007

by:

Unknown, @sn0wfl0w, @vicheck, jduck

vendor:

Adobe

Adobe CoolType SING Table “uniqueName” Stack Buffer Overflow

This module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior version are assumed to be vulnerable as well.

N/A

CVSS

N/A

Stack Buffer Overflow

Windows XP SP3, Windows 7

Affected Version

From: