Exploits 3474 - exploit.company

Microsoft IIS 5.0 Printer Host Header Overflow

This exploits a buffer overflow in the request processor of the Internet Printing Protocol ISAPI module in IIS. This module works against Windows 2000 service pack 0 and 1. If the service stops responding after a successful compromise, run the exploit a couple more times to completely kill the hung process.

N/A

CVSS

N/A

Buffer Overflow

Affected Version

Windows 2000 English SP0-SP1

To:

Windows 2000 English SP0-SP1

Microsoft IIS 4.0 .HTR Path Overflow

This exploits a buffer overflow in the ISAPI ISM.DLL used to process HTR scripting in IIS 4.0. This module works against Windows NT 4 Service Packs 3, 4, and 5. The server will continue to process requests until the payload being executed has exited.

Affected Version

Arkeia Backup Client Type 77 Overflow (Win32)

This module exploits a stack buffer overflow in the Arkeia backup client for the Windows platform. This vulnerability affects all versions up to and including 5.3.3.

N/A

CVSS

N/A

Stack Buffer Overflow

Affected Version

Kerio Firewall 2.1.4 Authentication Packet Overflow

This module exploits a stack buffer overflow in Kerio Personal Firewall administration authentication process. This module has only been tested against Kerio Personal Firewall 2 (2.1.4).

N/A

CVSS

N/A

Stack Buffer Overflow

119

CWE

Product Name

Kerio Personal Firewall

Platforms Tested

Windows 2000 Pro SP4 English, Windows XP Pro SP0 English, Windows XP Pro SP1 English

Affected Version

Internet Security Systems

ISS PAM.dll ICQ Parser Buffer Overflow

This module exploits a stack buffer overflow in the ISS products that use the iss-pam1.dll ICQ parser (Blackice/RealSecure). Successful exploitation will result in arbitrary code execution as LocalSystem. This exploit only requires 1 UDP packet, which can be both spoofed and sent to a broadcast address. The ISS exception handler will recover the process after each overflow, giving us the ability to bruteforce the service and exploit it multiple times.

Blackice Server Protection

Affected Version

FreeSSHd 1.0.9 Key Exchange Algorithm String Buffer Overflow

This module exploits a simple stack buffer overflow in FreeSSHd 1.0.9. This flaw is due to a buffer overflow error when handling a specially crafted key exchange algorithm string received from an SSH client.

Affected Version

SecureCRT <= 4.0 Beta 2 SSH1 Buffer Overflow

This module exploits a buffer overflow in SecureCRT <= 4.0 Beta 2. By sending a vulnerable client an overly long SSH1 protocol identifier string, it is possible to execute arbitrary code.

Affected Version

Talkative IRC v0.4.4.16 Response Buffer Overflow

This module exploits a stack buffer overflow in Talkative IRC v0.4.4.16. When a specially crafted response string is sent to a client, an attacker may be able to execute arbitrary code.

Affected Version

POP Peeper v3.4 UIDL Buffer Overflow

This module exploits a stack buffer overflow in POP Peeper v3.4. When a specially crafted UIDL string is sent to a client, an attacker may be able to execute arbitrary code. This module is based off of krakowlabs code.

Affected Version

Realtek Media Player Playlist Buffer Overflow

This module exploits a stack buffer overflow in Realtek Media Player(RtlRack) A4.06. When a Realtek Media Player client opens a specially crafted playlist, an attacker may be able to execute arbitrary code.

Affected Version