This module exploits a stack buffer overflow in E-BOOK Systems FlipViewer 4.0. The vulnerability is caused due to a boundary error in the FViewerLoading (FlipViewerX.dll) ActiveX control when handling the 'LoadOpf()' method.
This module allows remote attackers to install and execute arbitrary files on a user's file system via AeXNSPkgDLLib.dll (6.0.0.1418). This module was tested against Symantec Altiris Deployment Solution 6.9 sp3.
This is a remote exploit for eSignal v7.6 software. The exploit allows an attacker to execute arbitrary code on a remote system. The exploit uses a buffer overflow vulnerability in the software to overwrite the return address and redirect the execution flow to the attacker's shellcode. The shellcode downloads and executes a file from a specified URL. The exploit requires the IP address and port of the target system as arguments.
This module exploits a memory corruption flaw in Internet Explorer. This flaw was found in the wild and was a key component of the 'Operation Aurora' attacks that lead to the compromise of a number of high profile companies. The exploit code is a direct port of the public sample published to the Wepawet malware analysis site. The technique used by this module is currently identical to the public sample, as such, only Internet Explorer 6 can be reliably exploited.
This module exploits a directory traversal in Persits Software Inc's XUpload ActiveX control(version 3.0.0.3) that's included in HP LoadRunner 9.5. By passing a string containing ".." sequences to the MakeHttpRequest method
This module exploits a code execution vulnerability in Microsoft Internet Explorer using a buffer overflow in the VML processing code (VGX.dll). This module has been tested on Windows 2000 SP4, Windows XP SP0, and Windows XP SP2.
This module exploits a stack buffer overflow in Norton AntiSpam 2004. When sending an overly long string to the LaunchCustomRuleWizard() method of symspam.dll (2004.1.0.147) an attacker may be able to execute arbitrary code.
This module exploits a weakness in the Adobe Shockwave player's handling of Director movies (.DIR). A memory corruption vulnerability occurs through an undocumented rcsL chunk.
This module exploits a heap-based pointer corruption flaw in Adobe Reader 9.0.0 and earlier. This module relies upon javascript for the heap spray.
This module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.