jetlib.sec

Feeds

268044 items (1 unread) in 27 feeds

203 items tagged "activex"

Related tags: microsoft [+], control stack [+], arbitrary code execution [+], multiple buffer overflow [+], iconics [+], dll [+], buffer overflow vulnerabilities [+], buffer [+], webhmi [+], safer use [+], heap [+], poc [+], msvcr71 dll [+], memory address [+], magnetosoft [+], gateway [+], command execution [+], citrix [+], attackers [+], arbitrary files [+], teechart [+], remote [+], print [+], playerpt [+], memory corruption [+], magneto [+], issymbol [+], indusoft [+], exploit [+], cisco linksys [+], txt [+], seh [+], oracle [+], leadtools [+], insecure method [+], icmp [+], day [+], client [+], activex control buffer overflow [+], Software [+], zero day [+], zero [+], x setsource [+], viscom [+], viewer [+], victim machine [+], usermanager [+], typical interaction [+], trust issue [+], target [+], strcat [+], stopmodule [+], stack overflow [+], stack buffer [+], software movie player [+], silverlight [+], sap gui [+], safenet [+], remote buffer overflow [+], proper bounds [+], professional [+], privilege [+], privagent [+], overflow [+], ocx [+], novell zenworks [+], novell iprint [+], novell [+], networkresources [+], multiple [+], microsoft silverlight [+], microsoft data analyzer [+], microsoft activex technology [+], method [+], max [+], malicious web [+], launchhelp [+], kim tags [+], iprint [+], integer overflow [+], integer [+], input validation [+], ice [+], free software updates [+], dvrobot [+], drawtext method [+], dolphin [+], dldrv [+], default security [+], default [+], crystalprintcontrol [+], command [+], cisco security advisory [+], cisco security [+], cisco clientless [+], cisco [+], buffer overflows [+], black ice [+], black [+], barcode [+], autovue [+], audio [+], aslr [+], asa [+], arithmetic operation [+], arbitrary value [+], arbitrary code [+], aol [+], aoa [+], adminstudio [+], activex controls [+], active x [+], activex control [+], control [+], buffer overflow vulnerability [+], zdi [+], wmitools [+], vista [+], usa [+], uplay [+], uninitialized pointer [+], ubisoft [+], tabular [+], system privileges [+], sigplus [+], security [+], remote buffer overflow vulnerability [+], record [+], proof of concept [+], photo [+], newvcommon [+], multiple products [+], local privilege escalation [+], insecure methods [+], hp photo [+], head [+], gigabyte [+], flow data [+], fathftp [+], f secure [+], edraw [+], dll library [+], dell webcam [+], control microsoft [+], consona [+], bof [+], black hat [+], barcodewiz [+], barcode activex [+], attacker [+], apple quicktime [+], absolute path name [+], exploits [+], buffer overflow [+], yong kim [+], x applicationserver [+], winning team [+], windows [+], webscan [+], webmoney [+], webcam software [+], webcam server [+], webcam [+], web access [+], vulnerabilities [+], vpn client [+], vpn [+], video vista [+], video [+], v16 [+], uusee [+], uri uninitialized [+], tv ip [+], tuxsystem [+], trendnet [+], tlist [+], threedify [+], tec [+], symantec antivirus [+], symantec [+], storm [+], stack [+], sntp [+], slides [+], skincrafter [+], setidentity [+], server v2 [+], server [+], security notice [+], security event [+], scanserver [+], scada [+], registry [+], realplayer [+], reader v3 [+], reader [+], raster [+], punk [+], psformx [+], property [+], promotic [+], pro v3 [+], pro [+], paltalk messenger [+], paltalk [+], overwrite [+], overflow vulnerability [+], oracle java [+], office [+], notice [+], msn [+], mscomctl [+], meta [+], messenger [+], marshaled [+], management [+], linksys [+], lcdwritestring [+], kingview [+], java [+], j integra [+], integer overflow vulnerability [+], insecure [+], information disclosure [+], image [+], icosetserver [+], hyleos [+], hpediag [+], honeywell [+], gesytec [+], foxit [+], flowchart [+], flexgrid [+], extractor [+], elonfmt [+], dvd [+], dvbsexecall [+], domino web [+], dnupdater [+], dns [+], designer [+], datev base [+], crypt [+], creator [+], crazytalk [+], corba [+], converter [+], controls [+], control array [+], componentone [+], common [+], code [+], class [+], cisco anyconnect [+], chilkat [+], chemviewx [+], chemview [+], cad [+], bundled [+], bestorm [+], bennet [+], bdl [+], baofeng [+], backimage [+], axman [+], authors [+], audio extractor [+], ashampoo [+], application lifecycle management [+], aoaaudioextractor [+], antivirus [+], advisor [+], activex plugin [+], access [+], abb [+], s system [+], code execution [+], based buffer overflow [+], vulnerability [+], ntr [+], crystal reports [+], module [+], sap [+], activex buffer overflow [+]

December 30, 2012
19:17
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll
19:17
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

19:17
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll
19:17
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

19:17
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll
19:17
IBM Lotus QuickR qp2 ActiveX Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a buffer overflow vulnerability on the UploadControl ActiveX. The vulnerability exists in the handling of the "Attachment_Times" property, due to the insecure usage of the _swscanf. The affected ActiveX is provided by the qp2.dll installed with the IBM Lotus Quickr product. This Metasploit module has been tested successfully on IE6-IE9 on Windows XP, Vista and 7, using the qp2.dll 8.1.0.1800. In order to bypass ASLR the no aslr compatible module msvcr71.dll is used. This one is installed with the qp2 ActiveX.
Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

December 23, 2012
7:04
[Audio] Issues with security and networked object system
» ‎ SecDocs

Tags: security
Event: DEFCON 5
Abstract: From the Hacker Jeopardy winning team. He will discuss Issues with Security and Networked Object Systems, looking at some of the recent security issues found with activeX and detail some of the potentials and problems with network objects. Topics will include development of objects, distributed objects, standards, ActiveX, corba, and hacking objects.
Tags: audio security activex security-event winning-team corba

December 18, 2012
16:00
SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
» ‎ SecuriTeam

SafeNet Privilege is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input.
Tags: safenet privagent privilege multiple-buffer-overflow buffer-overflow-vulnerabilities activex

6:44
[remote exploits] - Crystal Reports CrystalPrintControl ActiveX Property Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Crystal Reports CrystalPrintControl ActiveX Property Overflow
Tags: property activex crystalprintcontrol crystal-reports overflow exploits

0:00
Vuln: SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
Tags: print activex sap crystal-reports buffer-overflow-vulnerability

December 17, 2012
18:03
Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.
Tags: activex crystalprintcontrol module crystal-reports based-buffer-overflow dll-library

18:03
Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a heap based buffer overflow in the CrystalPrintControl ActiveX, while handling the ServerResourceVersion property. The affected control can be found in the PrintControl.dll component as included with Crystal Reports 2008. This Metasploit module has been tested successfully on IE 6, 7 and 8 on Windows XP SP3 and IE 8 on Windows 7 SP1. The module uses the msvcr71.dll library, loaded by the affected ActiveX control, to bypass DEP and ASLR.
Tags: activex crystalprintcontrol module crystal-reports based-buffer-overflow dll-library

December 09, 2012
11:43
Dolphin3D 1.52 / 1.60 Command Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits the default security setting in the Dolphin3D web browser. The default security setting ("cautious") allows arbitrary ActiveX Controls, thus remote command execution.
Tags: dolphin default command command-execution default-security activex

11:43
Dolphin3D 1.52 / 1.60 Command Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits the default security setting in the Dolphin3D web browser. The default security setting ("cautious") allows arbitrary ActiveX Controls, thus remote command execution.
Tags: dolphin default command command-execution default-security activex

11:43
Dolphin3D 1.52 / 1.60 Command Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits the default security setting in the Dolphin3D web browser. The default security setting ("cautious") allows arbitrary ActiveX Controls, thus remote command execution.
Tags: dolphin default command command-execution default-security activex

November 29, 2012
21:48
[Slides] Playing with ActiveX Controls
» ‎ SecDocs

Authors: Su Yong Kim
Tags: ActiveX
Event: CanSecWest 2007

Tags: authors activex controls kim-tags yong-kim activex-controls slides

November 01, 2012
0:00
Vuln: SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
Tags: safenet privagent privilege multiple-buffer-overflow buffer-overflow-vulnerabilities activex
October 29, 2012
0:00
Vuln: SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

SafeNet Privilege 'PrivAgent.ocx' ActiveX Controls Multiple Buffer Overflow Vulnerabilities
Tags: safenet privagent privilege multiple-buffer-overflow buffer-overflow-vulnerabilities activex

October 28, 2012
17:00
ComponentOne FlexGrid ActiveX Control Buffer Overflow Vulnerability
» ‎ SecuriTeam

ComponentOne FlexGrid ActiveX Control is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.
Tags: flexgrid componentone activex buffer-overflow-vulnerability remote-buffer-overflow-vulnerability activex-control-buffer-overflow

October 09, 2012
14:00
[Remote exploits] - HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[Remote exploits] - HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution
Tags: exploit management remote application-lifecycle-management code-execution activex

September 24, 2012
0:00
Vuln: NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

NTR ActiveX control Buffer Overflow and Remote Code Execution Vulnerabilities
Tags: activex ntr control activex-control-buffer-overflow code-execution

September 22, 2012
14:00
[local exploits] - NTR ActiveX Control Check() Method Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - NTR ActiveX Control Check() Method Buffer Overflow
Tags: control activex ntr buffer-overflow exploits

September 21, 2012
23:44
NTR ActiveX Control Check() Method Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
Tags: activex method ntr aslr buffer-overflow strcat

23:44
NTR ActiveX Control Check() Method Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
Tags: activex method ntr aslr buffer-overflow strcat

23:44
NTR ActiveX Control Check() Method Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
Tags: activex method ntr aslr buffer-overflow strcat

23:43
NTR ActiveX Control StopModule() Remote Code Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
Tags: stopmodule activex ntr code-execution malicious-web activex-control

23:43
NTR ActiveX Control StopModule() Remote Code Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
Tags: stopmodule activex ntr code-execution malicious-web activex-control

23:43
NTR ActiveX Control StopModule() Remote Code Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
Tags: stopmodule activex ntr code-execution malicious-web activex-control

August 22, 2012
17:00
Ubisoft Uplay ActiveX Control Buffer Overflow Vulnerability
» ‎ SecuriTeam

Ubisoft Uplay ActiveX Control is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied input.
Tags: uplay activex ubisoft buffer-overflow-vulnerability remote-buffer-overflow-vulnerability activex-control-buffer-overflow

August 09, 2012
0:00
Vuln: Ubisoft Uplay ActiveX Control Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Ubisoft Uplay ActiveX Control Buffer Overflow Vulnerability
Tags: uplay activex ubisoft buffer-overflow-vulnerability activex-control-buffer-overflow

August 07, 2012
8:15
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
Tags: oracle activex autovue based-buffer-overflow activex-control

8:15
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
Tags: oracle activex autovue based-buffer-overflow activex-control

8:15
Oracle AutoVue ActiveX Control SetMarkupMode Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
Tags: oracle activex autovue based-buffer-overflow activex-control

July 28, 2012
14:00
[dos / poc] - AxMan ActiveX fuzzing
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[dos / poc] - AxMan ActiveX fuzzing
Tags: axman poc activex
July 27, 2012
14:00
[remote exploits] - Cisco Linksys PlayerPT ActiveX Control Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Cisco Linksys PlayerPT ActiveX Control Buffer Overflow
Tags: control playerpt activex cisco-linksys buffer-overflow exploits cisco

July 22, 2012
17:00
Cisco Linksys PlayerPT ActiveX Control 'SetSource()' Buffer Overflow Vulnerability
» ‎ SecuriTeam

Cisco Linksys PlayerPT ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.
Tags: control playerpt activex cisco-linksys buffer-overflow-vulnerability linksys cisco

July 17, 2012
14:36
Cisco Linksys PlayerPT Active-X SetSource() Buffer Overflow
» ‎ Packet Storm Security Advisories

Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
Tags: control playerpt activex x-setsource cisco-linksys buffer-overflow s-system active-x

14:36
Cisco Linksys PlayerPT Active-X SetSource() Buffer Overflow
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
Tags: control playerpt activex x-setsource cisco-linksys buffer-overflow s-system active-x

14:36
Cisco Linksys PlayerPT Active-X SetSource() Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
Tags: control playerpt activex x-setsource cisco-linksys buffer-overflow s-system active-x

July 15, 2012
14:00
[dos / poc] - beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow PoC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[dos / poc] - beSTORM ActiveX (WinGraphviz.dll) Remote Heap Overflow PoC
Tags: poc activex bestorm heap overflow

July 09, 2012
16:52
AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
Tags: launchhelp activex adminstudio arbitrary-code-execution novell-zenworks victim-machine

16:52
AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
Tags: launchhelp activex adminstudio arbitrary-code-execution novell-zenworks victim-machine

16:52
AdminStudio LaunchHelp.dll ActiveX Arbitrary Code Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability in AdminStudio LaunchHelp.dll ActiveX control. The LaunchProcess function found in LaunchHelp.HelpLauncher.1 allows remote attackers to run arbitrary commands on the victim machine. This Metasploit module has been successfully tested with the ActiveX installed with AdminStudio 9.5, which also comes with Novell ZENworks Configuration Management 10 SP2, on IE 6 and IE 8 over Windows XP SP 3.
Tags: launchhelp activex adminstudio arbitrary-code-execution novell-zenworks victim-machine

June 28, 2012
19:32
Zero Day Initiative Advisory 12-113
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
Tags: day zero activex target memory-address zero-day

19:32
Zero Day Initiative Advisory 12-113
» ‎ Packet Storm Security Recent Files

Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
Tags: day zero activex target memory-address zero-day

19:32
Zero Day Initiative Advisory 12-113
» ‎ Packet Storm Security Misc. Files

Zero Day Initiative Advisory 12-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational ClearQuest. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CQOle ActiveX control. A function prototype mismatch in an ActiveX wrapper results in an extra argument to be pushed onto the stack, thereby misaligning the stack offset. When the function returns, it can be made to jump to a memory address provided via the ActiveX method call. This can be leveraged to execute arbitrary code under the context of the user running the browser.
Tags: day zero activex target memory-address zero-day

June 22, 2012
11:05
Bugtraq: ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability
Tags: activex aol dnupdater uninitialized-pointer code-execution zdi

May 18, 2012
14:00
[local exploits] - SkinCrafter ActiveX Control version 3.0 Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - SkinCrafter ActiveX Control version 3.0 Buffer Overflow
Tags: control activex skincrafter buffer-overflow exploits
April 25, 2012
14:00
[remote exploits] - MS12-027 MSCOMCTL ActiveX Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - MS12-027 MSCOMCTL ActiveX Buffer Overflow
Tags: buffer activex mscomctl buffer-overflow exploits

April 10, 2012
0:00
Vuln: Multiple ABB Products ActiveX Control Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Multiple ABB Products ActiveX Control Buffer Overflow Vulnerability
Tags: multiple activex abb buffer-overflow-vulnerability
April 09, 2012
0:00
Vuln: TRENDnet TV-IP121WN ActiveX Control 'OpenFileDlg()' Method Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

TRENDnet TV-IP121WN ActiveX Control 'OpenFileDlg()' Method Buffer Overflow Vulnerability
Tags: tv-ip activex trendnet buffer-overflow-vulnerability

March 20, 2012
15:00
[remote exploits] - Dell Webcam CrazyTalk ActiveX BackImage Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Dell Webcam CrazyTalk ActiveX BackImage Vulnerability
Tags: backimage activex crazytalk dell-webcam exploits
March 19, 2012
15:00
[remote exploits] - 2X ApplicationServer 10.1 TuxSystem Class ActiveX Control File Overwrite
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - 2X ApplicationServer 10.1 TuxSystem Class ActiveX Control File Overwrite
Tags: tuxsystem activex class x-applicationserver exploits
15:00
[remote exploits] - Dell Webcam Software Bundled ActiveX Remote Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Dell Webcam Software Bundled ActiveX Remote Buffer Overflow
Tags: activex bundled Software dell-webcam remote-buffer-overflow webcam-software exploits

March 14, 2012
20:02
Cisco Security Advisory 20120314-asaclient
» ‎ Packet Storm Security Advisories

Cisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
Tags: vulnerability asa activex cisco-security cisco-clientless microsoft-activex-technology cisco-security-advisory free-software-updates

20:02
Cisco Security Advisory 20120314-asaclient
» ‎ Packet Storm Security Recent Files

Cisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
Tags: vulnerability asa activex cisco-security cisco-clientless microsoft-activex-technology cisco-security-advisory free-software-updates

20:02
Cisco Security Advisory 20120314-asaclient
» ‎ Packet Storm Security Misc. Files

Cisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
Tags: vulnerability asa activex cisco-security cisco-clientless microsoft-activex-technology cisco-security-advisory free-software-updates

January 11, 2012
19:46
NTR ActiveX Control StopModule() Input Validation
» ‎ Packet Storm Security Advisories

Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
Tags: control activex ntr input-validation memory-address arbitrary-value

19:46
NTR ActiveX Control StopModule() Input Validation
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
Tags: control activex ntr input-validation memory-address arbitrary-value

19:46
NTR ActiveX Control StopModule() Input Validation
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
Tags: control activex ntr input-validation memory-address arbitrary-value

19:33
NTR ActiveX Control Four Buffer Overflows
» ‎ Packet Storm Security Advisories

Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
Tags: control activex ntr s-system buffer-overflows activex-control

19:33
NTR ActiveX Control Four Buffer Overflows
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
Tags: control activex ntr s-system buffer-overflows activex-control

19:33
NTR ActiveX Control Four Buffer Overflows
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
Tags: control activex ntr s-system buffer-overflows activex-control

November 19, 2011
21:35
Viscom Software Movie Player Pro SDK Activex 6.8 Buffer Overflow
» ‎ Packet Storm Security Exploits

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
Tags: activex Software viscom based-buffer-overflow software-movie-player drawtext-method

21:35
Viscom Software Movie Player Pro SDK Activex 6.8 Buffer Overflow
» ‎ Packet Storm Security Recent Files

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
Tags: activex Software viscom based-buffer-overflow software-movie-player drawtext-method

21:35
Viscom Software Movie Player Pro SDK Activex 6.8 Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method. The victim will first be required to trust the publisher Viscom Software. This Metasploit module has been designed to bypass DEP and ASLR under XP IE8, Vista and Win7 with Java support.
Tags: activex Software viscom based-buffer-overflow software-movie-player drawtext-method

November 17, 2011
7:48
DVR Remote ActiveX Control DVRobot Library Loading
» ‎ Packet Storm Security Advisories

Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
Tags: control activex dvrobot s-system activex-control arbitrary-code

7:48
DVR Remote ActiveX Control DVRobot Library Loading
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
Tags: control activex dvrobot s-system activex-control arbitrary-code

7:48
DVR Remote ActiveX Control DVRobot Library Loading
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
Tags: control activex dvrobot s-system activex-control arbitrary-code

November 02, 2011
0:00
Vuln: Bennet-Tec TList ActiveX Control 'SaveData()' Insecure Method Vulnerability
» ‎ SecurityFocus Vulnerabilities

Bennet-Tec TList ActiveX Control 'SaveData()' Insecure Method Vulnerability
Tags: tlist activex tec insecure-method bennet activex-control
October 31, 2011
0:00
Vuln: PROMOTIC ActiveX Control 'GetPromoticSite' Method Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

PROMOTIC ActiveX Control 'GetPromoticSite' Method Remote Code Execution Vulnerability
Tags: control activex promotic code-execution activex-control vulnerability
September 30, 2011
0:00
Vuln: InduSoft ISSymbol ActiveX Control 'ISSymbol.ocx' Multiple Buffer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

InduSoft ISSymbol ActiveX Control 'ISSymbol.ocx' Multiple Buffer Overflow Vulnerabilities
Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow

September 01, 2011
13:47
InduSoft ISSymbol ActiveX Control Buffer Overflows
» ‎ Packet Storm Security Advisories

Secunia Research has discovered multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow s-system

13:47
InduSoft ISSymbol ActiveX Control Buffer Overflows
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow s-system

13:47
InduSoft ISSymbol ActiveX Control Buffer Overflows
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered multiple buffer overflow vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system.
Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow s-system

0:00
Vuln: InduSoft ISSymbol ActiveX Control 'ISSymbol.ocx' Multiple Buffer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

InduSoft ISSymbol ActiveX Control 'ISSymbol.ocx' Multiple Buffer Overflow Vulnerabilities
Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow
0:00
Vuln: ICONICS IcoSetServer ActiveX Control Trusted Zone Vulnerability
» ‎ SecurityFocus Vulnerabilities

ICONICS IcoSetServer ActiveX Control Trusted Zone Vulnerability
Tags: activex icosetserver iconics vulnerability activex-control

August 30, 2011
21:00
[local exploits] - Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability
Tags: citrix gateway activex buffer-overflow-vulnerability based-buffer-overflow control-stack

18:31
Citrix Gateway ActiveX Control Stack Based Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
Tags: citrix gateway activex based-buffer-overflow control-stack typical-interaction

18:31
Citrix Gateway ActiveX Control Stack Based Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
Tags: citrix gateway activex based-buffer-overflow control-stack typical-interaction

18:31
Citrix Gateway ActiveX Control Stack Based Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a stack based buffer overflow in the Citrix Gateway ActiveX control. Exploitation of this vulnerability requires user interaction. The victim must click a button in a dialog to begin a scan. This is typical interaction that users should be accustom to. Exploitation results in code execution with the privileges of the user who browsed to the exploit page.
Tags: citrix gateway activex based-buffer-overflow control-stack typical-interaction

18:00
[local exploits] - Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability
Tags: citrix gateway activex buffer-overflow-vulnerability based-buffer-overflow control-stack
14:00
[remote exploits] - Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Citrix Gateway ActiveX Control Stack Based Buffer Overflow Vulnerability
Tags: citrix gateway activex buffer-overflow-vulnerability based-buffer-overflow control-stack
August 23, 2011
21:00
[remote exploits] - F-Secure Multiple Products ActiveX SEH Overwrite (Heap Spray)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - F-Secure Multiple Products ActiveX SEH Overwrite (Heap Spray)
Tags: f-secure multiple activex multiple-products heap exploits
18:00
[remote exploits] - F-Secure Multiple Products ActiveX SEH Overwrite (Heap Spray)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - F-Secure Multiple Products ActiveX SEH Overwrite (Heap Spray)
Tags: f-secure multiple activex multiple-products heap exploits

August 18, 2011
0:00
Vuln: Honeywell ScanServer ActiveX Control Use-After-Free Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Honeywell ScanServer ActiveX Control Use-After-Free Remote Code Execution Vulnerability
Tags: activex honeywell scanserver code-execution activex-control

August 13, 2011
13:18
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

13:18
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

13:18
TeeChart Professional ActiveX Control 2010.0.0.3 Trusted Integer Dereference
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries() property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This Metasploit module has been designed to bypass DEP only under IE8 with Java support.
Tags: integer teechart activex arithmetic-operation integer-overflow activex-control

August 12, 2011
0:00
Vuln: TeeChart Professional ActiveX Remote Integer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

TeeChart Professional ActiveX Remote Integer Overflow Vulnerability
Tags: teechart activex professional integer-overflow-vulnerability

August 10, 2011
21:00
[remote exploits] - TeeChart Professional ActiveX Control
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - TeeChart Professional ActiveX Control
Tags: teechart activex professional activex-control exploits

August 04, 2011
9:00
Bugtraq: ThreeDify Designer ActiveX control Insecure Method
» ‎ SecurityFocus Vulnerabilities

ThreeDify Designer ActiveX control Insecure Method
Tags: threedify activex designer insecure-method
July 15, 2011
10:01
Bugtraq: Paltalk Messenger ActiveX Control Multiple Insecure Methods
» ‎ SecurityFocus Vulnerabilities

Paltalk Messenger ActiveX Control Multiple Insecure Methods
Tags: messenger activex paltalk insecure-methods paltalk-messenger
June 28, 2011
12:04
Bugtraq: Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method
» ‎ SecurityFocus Vulnerabilities

Ashampoo 3D CAD Professional 3 ActiveX control Insecure Method
Tags: cad ashampoo professional insecure-method activex

June 20, 2011
1:30
Black Ice Cover Page ActiveX Control Arbitrary File Download
» ‎ Packet Storm Security Exploits

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
Tags: activex black ice black-ice arbitrary-files attackers

1:30
Black Ice Cover Page ActiveX Control Arbitrary File Download
» ‎ Packet Storm Security Recent Files

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
Tags: activex black ice black-ice arbitrary-files attackers

1:30
Black Ice Cover Page ActiveX Control Arbitrary File Download
» ‎ Packet Storm Security Misc. Files

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
Tags: activex black ice black-ice arbitrary-files attackers

June 10, 2011
21:00
[dos / poc] - UUSEE ActiveX
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[dos / poc] - UUSEE ActiveX
Tags: poc activex uusee

June 09, 2011
8:17
Magneto ICMP ActiveX 4.0.0.20 ICMPSendEchoRequest Remote Code Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a remote code execution vulnerability in Magneto ICMP ActiveX Control (OCX) version 4.0.0.20.
Tags: magneto activex icmp code-execution activex-control vulnerability

8:17
Magneto ICMP ActiveX 4.0.0.20 ICMPSendEchoRequest Remote Code Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a remote code execution vulnerability in Magneto ICMP ActiveX Control (OCX) version 4.0.0.20.
Tags: magneto activex icmp code-execution activex-control vulnerability

8:17
Magneto ICMP ActiveX 4.0.0.20 ICMPSendEchoRequest Remote Code Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a remote code execution vulnerability in Magneto ICMP ActiveX Control (OCX) version 4.0.0.20.
Tags: magneto activex icmp code-execution activex-control vulnerability

June 06, 2011
21:00
[remote exploits] - Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
Tags: client activex vpn cisco-anyconnect vpn-client exploits cisco
May 26, 2011
21:00
[remote exploits] - Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Remote Code Execute
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Remote Code Execute
Tags: exploit remote magneto activex exploits
21:00
[remote exploits] - Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Code Execute
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Magneto ICMP ActiveX v4.0.0.20 ICMPSendEchoRequest Code Execute
Tags: exploit remote magneto activex exploits

May 11, 2011
17:45
ICONICS WebHMI ActiveX Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in ICONICS WebHMI's ActiveX control. By supplying a long string of data to the 'SetActiveXGUID' parameter, GenVersion.dll fails to do any proper bounds checking before this input is copied onto the stack, which causes a buffer overflow, and results arbitrary code execution under the context of the user.
Tags: activex webhmi iconics arbitrary-code-execution activex-buffer-overflow proper-bounds

17:45
ICONICS WebHMI ActiveX Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in ICONICS WebHMI's ActiveX control. By supplying a long string of data to the 'SetActiveXGUID' parameter, GenVersion.dll fails to do any proper bounds checking before this input is copied onto the stack, which causes a buffer overflow, and results arbitrary code execution under the context of the user.
Tags: activex webhmi iconics arbitrary-code-execution activex-buffer-overflow proper-bounds

17:45
ICONICS WebHMI ActiveX Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in ICONICS WebHMI's ActiveX control. By supplying a long string of data to the 'SetActiveXGUID' parameter, GenVersion.dll fails to do any proper bounds checking before this input is copied onto the stack, which causes a buffer overflow, and results arbitrary code execution under the context of the user.
Tags: activex webhmi iconics arbitrary-code-execution activex-buffer-overflow proper-bounds

0:00
Vuln: ICONICS WebHMI ActiveX Control Stack Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

ICONICS WebHMI ActiveX Control Stack Buffer Overflow Vulnerability
Tags: activex webhmi iconics buffer-overflow-vulnerability control-stack stack-buffer

May 09, 2011
21:00
[remote exploits] - ICONICS WebHMI ActiveX Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - ICONICS WebHMI ActiveX Buffer Overflow
Tags: activex webhmi iconics activex-buffer-overflow exploits

0:00
Vuln: ICONICS WebHMI ActiveX Control Stack Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

ICONICS WebHMI ActiveX Control Stack Buffer Overflow Vulnerability
Tags: activex webhmi iconics buffer-overflow-vulnerability control-stack stack-buffer

May 02, 2011
21:00
[remote exploits] - ICONICS WebHMI ActiveX Stack Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - ICONICS WebHMI ActiveX Stack Overflow
Tags: activex webhmi iconics stack-overflow exploits
April 21, 2011
14:00
[remote exploits] - Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Gesytec ElonFmt ActiveX 1.1.14 (ElonFmt.ocx) pid Item Buffer Overflow
Tags: gesytec activex elonfmt buffer-overflow exploits

March 18, 2011
0:00
Vuln: RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Vulnerability
» ‎ SecurityFocus Vulnerabilities

RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Vulnerability
Tags: control realplayer activex uri-uninitialized uninitialized-pointer activex-control vulnerability

March 07, 2011
14:00
[remote exploits] - KingView 6.5.3 SCADA ActiveX Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - KingView 6.5.3 SCADA ActiveX Exploit
Tags: kingview activex scada exploits

March 06, 2011
16:55
SAP Crystal Reports 2008 ActiveX Insecure Methods Vulnerability
» ‎ SecuriTeam

The component contains insecure methods by which you can overwrite any file in the OS, run executables, kill processes, etc.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: insecure activex sap crystal-reports insecure-methods safer-use
March 04, 2011
17:40
SAP Crystal Reports Print ActiveX Control Buffer Overflow
» ‎ SecuriTeam

SAP Crystal Reports Contains a vulnerability caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: control activex sap crystal-reports buffer-overflow safer-use

February 25, 2011
14:00
[remote exploits] - Edraw Office Viewer Component V7.4 ActiveX Stack Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Edraw Office Viewer Component V7.4 ActiveX Stack Buffer Overflow
Tags: edraw office viewer stack-buffer buffer-overflow activex
February 07, 2011
14:00
[local exploits] - AoA Mp4 converter v4.1.0 ActiveX Stack Overflow Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - AoA Mp4 converter v4.1.0 ActiveX Stack Overflow Exploit
Tags: aoa activex converter stack-overflow exploits
14:00
[local exploits] - AoA DVD Creator V2.5 ActiveX Stack Overflow Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - AoA DVD Creator V2.5 ActiveX Stack Overflow Exploit
Tags: dvd aoa creator stack-overflow activex exploits

February 03, 2011
0:00
Vuln: SigPlus Pro ActiveX Control Multiple Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

SigPlus Pro ActiveX Control Multiple Vulnerabilities
Tags: sigplus activex pro activex-control
January 19, 2011
0:00
Vuln: Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
Tags: novell client iprint buffer-overflow-vulnerability novell-iprint activex

January 16, 2011
12:23
ActiveX UserManager 2.03 Buffer Overflow
» ‎ Packet Storm Security Exploits

ActiveX UserManager version 2.03 suffers from a buffer overflow vulnerability.
Tags: usermanager buffer activex buffer-overflow-vulnerability

12:23
ActiveX UserManager 2.03 Buffer Overflow
» ‎ Packet Storm Security Recent Files

ActiveX UserManager version 2.03 suffers from a buffer overflow vulnerability.
Tags: usermanager buffer activex buffer-overflow-vulnerability

12:23
ActiveX UserManager 2.03 Buffer Overflow
» ‎ Packet Storm Security Misc. Files

ActiveX UserManager version 2.03 suffers from a buffer overflow vulnerability.
Tags: usermanager buffer activex buffer-overflow-vulnerability

January 10, 2011
10:00
Bugtraq: NewvCommon.ocx ActiveX Insecure Method Vulnerability
» ‎ SecurityFocus Vulnerabilities

NewvCommon.ocx ActiveX Insecure Method Vulnerability
Tags: activex ocx newvcommon insecure-method vulnerability
9:00
Bugtraq: NewvCommon.ocx ActiveX Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

NewvCommon.ocx ActiveX Remote Code Execution Vulnerability
Tags: activex ocx newvcommon code-execution vulnerability

December 31, 2010
14:00
[remote exploits] - HP Photo Creative 2.x audio.Record.1 ActiveX Control Stack Based BOF
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - HP Photo Creative 2.x audio.Record.1 ActiveX Control Stack Based BOF
Tags: photo activex record control-stack activex-control hp-photo

10:05
Bugtraq: HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc
» ‎ SecurityFocus Vulnerabilities

HP Photo Creative v 2.x audio.Record.1 ActiveX Control (ContentMan.dll 1.0.0.4272) Remote Stack Based Buffer Overflow poc
Tags: photo activex record based-buffer-overflow hp-photo stack

December 27, 2010
11:05
Oracle Java ActiveX Plugin Uninitialized Window Handle Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java platform that utilize the ActiveX Plugin.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: java oracle activex activex-plugin oracle-java code-execution

December 26, 2010
0:00
Vuln: Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
Tags: novell client iprint buffer-overflow-vulnerability novell-iprint activex

December 22, 2010
14:00
[remote exploits] - WMITools ActiveX Remote Command Execution Exploit 0day
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - WMITools ActiveX Remote Command Execution Exploit 0day
Tags: activex remote wmitools command-execution exploits

10:22
Microsoft WMI Administration Tools ActiveX Buffer Overflow
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control (1.50.1131.0) will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a trusted pointer. It makes an indirect call via this pointer which leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions.
Tags: microsoft activex module arbitrary-code-execution buffer-overflow trust-issue

10:22
Microsoft WMI Administration Tools ActiveX Buffer Overflow
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control (1.50.1131.0) will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a trusted pointer. It makes an indirect call via this pointer which leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions.
Tags: microsoft activex module arbitrary-code-execution buffer-overflow trust-issue

10:22
Microsoft WMI Administration Tools ActiveX Buffer Overflow
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a memory trust issue in the Microsoft WMI Administration tools ActiveX control. When processing a specially crafted HTML page, the WEBSingleView.ocx ActiveX Control (1.50.1131.0) will treat the 'lCtxHandle' parameter to the 'AddContextRef' and 'ReleaseContext' methods as a trusted pointer. It makes an indirect call via this pointer which leads to arbitrary code execution. This exploit utilizes a combination of heap spraying and the .NET 2.0 'mscorie.dll' module to bypass DEP and ASLR. This Metasploit module does not opt-in to ASLR. As such, this module should be reliable on all Windows versions.
Tags: microsoft activex module arbitrary-code-execution buffer-overflow trust-issue

December 20, 2010
12:37
SAP Crystal Reports Print ActiveX Control Buffer Overflow
» ‎ Packet Storm Security Advisories

Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. Affected is Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753).
Tags: print activex sap crystal-reports based-buffer-overflow s-system

12:37
SAP Crystal Reports Print ActiveX Control Buffer Overflow
» ‎ Packet Storm Security Misc. Files

Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. Affected is Crystal Reports 2008 SP3 Fix Pack 3.2 Print ActiveX (12.3.2.753).
Tags: print activex sap crystal-reports based-buffer-overflow s-system

0:00
Vuln: SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
Tags: print activex sap crystal-reports buffer-overflow-vulnerability

December 14, 2010
14:00
[local exploits] - Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[local exploits] - Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll)
Tags: activex exploit viewer crystal-reports exploits dll

0:00
Vuln: SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability
Tags: print activex sap crystal-reports buffer-overflow-vulnerability

December 13, 2010
14:00
[remote exploits] - WMITools ActiveX Remote Command Execution Exploit 0day
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - WMITools ActiveX Remote Command Execution Exploit 0day
Tags: activex remote wmitools command-execution exploits
14:00
[remote exploits] - Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Crystal Reports Viewer 12.0.0.549 Activex Exploit (PrintControl.dll)
Tags: activex exploit viewer crystal-reports exploits dll

December 07, 2010
0:00
Vuln: Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Novell iPrint Client 'ienipp.ocx' ActiveX 'GetDriverSettings()' Buffer Overflow Vulnerability
Tags: novell client iprint buffer-overflow-vulnerability novell-iprint activex

December 02, 2010
16:13
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
» ‎ Packet Storm Security Exploits

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
Tags: control activex sap sap-gui arbitrary-files attackers

16:13
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
» ‎ Packet Storm Security Recent Files

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
Tags: control activex sap sap-gui arbitrary-files attackers

16:13
EnjoySAP SAP GUI ActiveX Control Arbitrary File Download
» ‎ Packet Storm Security Misc. Files

This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "Comp_Download" method in the SAP KWEdit ActiveX Control (kwedit.dll 6400.1.1.41).
Tags: control activex sap sap-gui arbitrary-files attackers

December 01, 2010
14:00
[remote exploits] - J-Integra v2.11 ActiveX SetIdentity() Buffer Overflow Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - J-Integra v2.11 ActiveX SetIdentity() Buffer Overflow Exploit
Tags: j-integra setidentity activex buffer-overflow exploits

October 29, 2010
10:01
secunia-sonicwall.txt
» ‎ Packet Storm Security Recent Files

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the Install3rdPartyComponent() method in the Aventail.EPInstaller ActiveX control when creating an absolute path name based on values in the CabURL and Location arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.
Tags: control vulnerability activex absolute-path-name based-buffer-overflow s-system

10:01
secunia-sonicwall.txt
» ‎ Packet Storm Security Advisories

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the Install3rdPartyComponent() method in the Aventail.EPInstaller ActiveX control when creating an absolute path name based on values in the CabURL and Location arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.
Tags: control vulnerability activex absolute-path-name based-buffer-overflow s-system

October 26, 2010
0:00
Vuln: HP HPeDiag ActiveX Control Multiple Information Disclosure and Remote Code Execution Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

HP HPeDiag ActiveX Control Multiple Information Disclosure and Remote Code Execution Vulnerabilities
Tags: control hpediag activex code-execution information-disclosure

October 18, 2010
18:40
Apple QuickTime ActiveX _Marshaled_pUnk Code Execution Vulnerability
» ‎ SecuriTeam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: code vulnerability activex apple-quicktime code-execution safer-use

October 11, 2010
14:00
[remote exploits] - AoA Audio Extractor v2.x ActiveX ROP exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - AoA Audio Extractor v2.x ActiveX ROP exploit
Tags: audio aoa extractor audio-extractor activex exploits

September 29, 2010
0:00
Vuln: Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
Tags: microsoft silverlight activex microsoft-silverlight memory-corruption activex-control
September 17, 2010
0:00
Vuln: MW6 Technologies Barcode ActiveX Control 'Supplement' Heap Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

MW6 Technologies Barcode ActiveX Control 'Supplement' Heap Buffer Overflow Vulnerability
Tags: control activex barcode buffer-overflow-vulnerability heap
September 15, 2010
0:00
Vuln: Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
Tags: microsoft silverlight activex microsoft-silverlight memory-corruption activex-control

September 09, 2010
11:21
GIGABYTE Dldrv2 ActiveX Control Array Indexing Vulnerability
» ‎ SecuriTeam

A vulnerability was discovered in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: gigabyte activex dldrv control-array safer-use s-system
11:21
GIGABYTE Dldrv2 ActiveX Control Unsafe Methods Vulnerability
» ‎ SecuriTeam

A vulnerability was discovered in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: gigabyte activex dldrv safer-use s-system vulnerability

September 01, 2010
12:17
Leadtools ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Leadtools ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities
Tags: common activex leadtools vulnerabilities

August 31, 2010
14:00
Bugtraq: ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

ZDI-10-168: Apple QuickTime ActiveX _Marshaled_pUnk Remote Code Execution Vulnerability
Tags: punk activex marshaled apple-quicktime code-execution zdi

August 28, 2010
16:13
Leadtools ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Leadtools ActiveX Raster Twain v16.5 (LtocxTwainu.dll) Buffer Overflow
Tags: activex raster leadtools buffer-overflow v16

1:00
leadtrt-overflow.txt
» ‎ Packet Storm Security Recent Files

LEADTOOLS ActiveX Raster Twain version 16.5 remote buffer overflow proof of concept exploit that leverages LtocxTwainu.dll.
Tags: txt leadtools activex remote-buffer-overflow proof-of-concept

1:00
leadtrt-overflow.txt
» ‎ Packet Storm Security Exploits

LEADTOOLS ActiveX Raster Twain version 16.5 remote buffer overflow proof of concept exploit that leverages LtocxTwainu.dll.
Tags: txt leadtools activex remote-buffer-overflow proof-of-concept

August 12, 2010
0:00
Vuln: Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Silverlight ActiveX Control Pointer Memory Corruption Vulnerability
Tags: microsoft silverlight activex microsoft-silverlight memory-corruption activex-control

August 09, 2010
16:47
AoAAudioExtractor 2.0.0.0 ActiveX PoC (SEH)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

AoAAudioExtractor 2.0.0.0 ActiveX PoC (SEH)
Tags: aoaaudioextractor activex poc seh
August 03, 2010
1:00
FathFTP 1.8 (SEH) ActiveX Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

FathFTP 1.8 (SEH) ActiveX Buffer Overflow
Tags: activex fathftp seh buffer-overflow
July 31, 2010
1:00
SigPlus Pro v3.74 ActiveX LCDWriteString() BoF JIT Spray aslr/dep bypass
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

SigPlus Pro v3.74 ActiveX LCDWriteString() BoF JIT Spray aslr/dep bypass
Tags: sigplus lcdwritestring activex pro-v3
July 30, 2010
1:00
BarCodeWiz Barcode ActiveX Control 3.29 BoF (SEH)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

BarCodeWiz Barcode ActiveX Control 3.29 BoF (SEH)
Tags: activex barcodewiz barcode barcode-activex
1:00
BarCodeWiz BarCode ActiveX 3.29 PoC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

BarCodeWiz BarCode ActiveX 3.29 PoC
Tags: activex barcode barcodewiz barcode-activex
July 29, 2010
1:00
Windows live msn (V 2009 build 14.0.8117.416) ActiveX ADD & delete user
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Windows live msn (V 2009 build 14.0.8117.416) ActiveX ADD & delete user
Tags: activex msn windows

July 15, 2010
22:02
secunia-gigaunsafe.txt
» ‎ Packet Storm Security Advisories

Secunia Research has discovered some vulnerabilities in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The unsafe method dl() allows automatically downloading and executing an arbitrary file. Combined usage of the unsafe methods SetDLInfo() and Bdl() allows automatically downloading an arbitrary file to an arbitrary location on the user's system. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected.
Tags: control activex dldrv activex-control s-system bdl

July 13, 2010
21:07
[Video] Vista and ActiveX Controls
» ‎ SecDocs

Authors: Su Yong Kim
Tags: ActiveX Windows Vista
Event: Black Hat USA 2008

Tags: video vista activex kim-tags usa activex-controls video-vista black-hat
21:07
[Audio] Vista and ActiveX Controls
» ‎ SecDocs

Authors: Su Yong Kim
Tags: ActiveX Windows Vista
Event: Black Hat USA 2008

Tags: audio vista activex kim-tags usa activex-controls black-hat

July 10, 2010
1:00
Image22 ActiveX v1.1.1 Buffer Overflow Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Image22 ActiveX v1.1.1 Buffer Overflow Exploit
Tags: buffer activex image buffer-overflow
July 08, 2010
1:00
FathFTP 1.7 ActiveX Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

FathFTP 1.7 ActiveX Buffer Overflow
Tags: buffer activex fathftp buffer-overflow
July 05, 2010
1:00
SasCam 2.7 ActiveX Head Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

SasCam 2.7 ActiveX Head Buffer Overflow
Tags: buffer activex head buffer-overflow
1:00
SasCam 2.7 ActiveX Head Buffer Overflow
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

SasCam 2.7 ActiveX Head Buffer Overflow
Tags: buffer activex head buffer-overflow
July 04, 2010
1:00
Registry OCX v1.5 ActiveX Buffer Overflow Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Registry OCX v1.5 ActiveX Buffer Overflow Exploit
Tags: activex ocx registry buffer-overflow
July 03, 2010
1:00
SasCam WebCam Server v2.6.5 ActiveX SEH Overwrite
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

SasCam WebCam Server v2.6.5 ActiveX SEH Overwrite
Tags: server activex webcam webcam-server server-v2 overwrite

June 15, 2010
0:00
Vuln: Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
Tags: activex microsoft max microsoft-data-analyzer code-execution activex-control
June 11, 2010
0:00
Vuln: Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
Tags: activex microsoft max microsoft-data-analyzer code-execution activex-control
June 09, 2010
12:00
Bugtraq: CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls
» ‎ SecurityFocus Vulnerabilities

CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls
Tags: psformx notice security webscan security-notice activex

May 08, 2010
10:01
consona-exec.txt
» ‎ Packet Storm Security Recent Files

Consona products uses a proprietary ActiveX site-lock mechanism that can be defeated through XSS attacks. Once an attacker can inject arbitrary JS code within the context of an allowed domain, unsafe methods can invoked to download and execute arbitrary binaries. A local privilege escalation flaw discovered in the Consona's Repair Service can be used to bypass IE8 Protected Mode, thus gaining SYSTEM privileges.
Tags: consona txt activex system-privileges local-privilege-escalation attacker

10:00
consona-exec.txt
» ‎ Packet Storm Security Advisories

Consona products uses a proprietary ActiveX site-lock mechanism that can be defeated through XSS attacks. Once an attacker can inject arbitrary JS code within the context of an allowed domain, unsafe methods can invoked to download and execute arbitrary binaries. A local privilege escalation flaw discovered in the Consona's Repair Service can be used to bypass IE8 Protected Mode, thus gaining SYSTEM privileges.
Tags: consona txt activex system-privileges local-privilege-escalation attacker

April 28, 2010
1:00
Webmoney Advisor ActiveX Remote DoS Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Webmoney Advisor ActiveX Remote DoS Exploit
Tags: advisor activex webmoney
April 22, 2010
1:00
EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Buffer Overflow PoC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

EDraw Flowchart ActiveX Control 2.3 (.edd parsing) Buffer Overflow PoC
Tags: flowchart activex edraw buffer-overflow

April 13, 2010
17:45
DATEV DVBSExeCall ActiveX Control Command Execution Vulnerability
» ‎ SecuriTeam

During the installation of the DATEV Base System (Grundpaket Basis) an ActiveX Control will be installed (DVBSExeCall.ocx), in which the function "ExecuteExe" is vulnerable to a command execution bug.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: control dvbsexecall activex datev-base command-execution safer-use activex-control

1:00
MagnetoSoft NetworkResources ActiveX NetConnectionEnum SEH POC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

MagnetoSoft NetworkResources ActiveX NetConnectionEnum SEH POC
Tags: magnetosoft activex networkresources seh
1:00
MagnetoSoft NetworkResources ActiveX NetShareEnum SEH Overwrite POC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

MagnetoSoft NetworkResources ActiveX NetShareEnum SEH Overwrite POC
Tags: magnetosoft activex networkresources seh
1:00
MagnetoSoft NetworkResources ActiveX NetSessionDel POC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

MagnetoSoft NetworkResources ActiveX NetSessionDel POC
Tags: magnetosoft activex networkresources poc
1:00
MagnetoSoft DNS ActiveX DNSLookupHostWithServer POC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

MagnetoSoft DNS ActiveX DNSLookupHostWithServer POC
Tags: dns magnetosoft activex poc
1:00
MagnetoSoft SNTP ActiveX SntpGetReply BOF
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

MagnetoSoft SNTP ActiveX SntpGetReply BOF
Tags: sntp magnetosoft activex bof
1:00
MagnetoSoft ICMP ActiveX AddDestinationEntry BOF
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

MagnetoSoft ICMP ActiveX AddDestinationEntry BOF
Tags: magnetosoft activex icmp bof

April 09, 2010
21:58
Symantec Antivirus 10.0 ActiveX Buffer Overflow Vulnerability
» ‎ SecuriTeam

A buffer overflow vulnerability was identified in an ActiveX Control belonging to Symantec Antivirus 10.0.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!

Tags: symantec activex antivirus buffer-overflow-vulnerability symantec-antivirus safer-use

April 07, 2010
16:00
ms10_018_ie_tabular_activex.rb.txt
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data ActiveX Control. Microsoft reports that version 5.01 and 6 of Internet Explorer are vulnerable. By specifying a long value as the DataURL parameter to this control, it is possible to write a NUL byte outside the bounds of an array. By targeting control flow data on the stack, an attacker can execute arbitrary code.
Tags: activex tabular control memory-corruption control-microsoft flow-data

16:00
ms10_018_ie_tabular_activex.rb.txt
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a memory corruption vulnerability in the Internet Explorer Tabular Data ActiveX Control. Microsoft reports that version 5.01 and 6 of Internet Explorer are vulnerable. By specifying a long value as the DataURL parameter to this control, it is possible to write a NUL byte outside the bounds of an array. By targeting control flow data on the stack, an attacker can execute arbitrary code.
Tags: activex tabular control memory-corruption control-microsoft flow-data

March 05, 2010
0:00
Vuln: Chilkat Crypt ActiveX Control 'ChilkatCrypt2.dll' Arbitrary File Overwrite Vulnerability
» ‎ SecurityFocus Vulnerabilities

Chilkat Crypt ActiveX Control 'ChilkatCrypt2.dll' Arbitrary File Overwrite Vulnerability
Tags: crypt activex chilkat vulnerability
March 03, 2010
0:00
Vuln: BaoFeng Storm ActiveX Control 'OnBeforeVideoDownload()' Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

BaoFeng Storm ActiveX Control 'OnBeforeVideoDownload()' Buffer Overflow Vulnerability
Tags: storm baofeng activex buffer-overflow-vulnerability
March 02, 2010
0:00
Vuln: Domino Web Access ActiveX Control URL Handling Buffer Overflow Vulnerability
» ‎ SecurityFocus Vulnerabilities

Domino Web Access ActiveX Control URL Handling Buffer Overflow Vulnerability
Tags: control access activex domino-web buffer-overflow-vulnerability web-access
February 12, 2010
10:00
Bugtraq: ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows
» ‎ SecurityFocus Vulnerabilities

ChemViewX v1.9.5 ActiveX Control Mutliple Stack Overflows
Tags: control activex chemviewx

10:00
Hyleos ChemView v1.9.5.1 ActiveX Control Buffer Overflow Exploit (meta)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Hyleos ChemView v1.9.5.1 ActiveX Control Buffer Overflow Exploit (meta)
Tags: hyleos activex chemview buffer-overflow meta

February 10, 2010
0:00
Vuln: Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
» ‎ SecurityFocus Vulnerabilities

Microsoft Data Analyzer 'max3activex.dll' ActiveX Control Remote Code Execution Vulnerability
Tags: activex microsoft max microsoft-data-analyzer code-execution activex-control

January 20, 2010
10:02
Foxit Reader v3.1.4.1125 ActiveX Heap Overflow PoC
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

Foxit Reader v3.1.4.1125 ActiveX Heap Overflow PoC
Tags: foxit activex reader reader-v3 heap overflow
10:02
AOL 9.5 ActiveX 0day Exploit (heap spray)
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

AOL 9.5 ActiveX 0day Exploit (heap spray)
Tags: day activex aol heap
January 19, 2010
9:49
AOL 9.5 ActiveX Heap Overflow Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

AOL 9.5 ActiveX Heap Overflow Vulnerability
Tags: heap activex aol overflow-vulnerability

TOP RSS Atom Tentatively valid XHTML1.0, CSS2.0 Last Update: Mon 20 Mar 2023 09:04:34 AM PDT Jetlib

jetlib.sec » Tags » activex

Feeds

203 items tagged "activex"

Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

Tags: dll activex module activex-buffer-overflow buffer-overflow-vulnerability msvcr71-dll

Tags: audio security activex security-event winning-team corba

Tags: safenet privagent privilege multiple-buffer-overflow buffer-overflow-vulnerabilities activex

Tags: property activex crystalprintcontrol crystal-reports overflow exploits

Tags: print activex sap crystal-reports buffer-overflow-vulnerability

Tags: activex crystalprintcontrol module crystal-reports based-buffer-overflow dll-library

Tags: activex crystalprintcontrol module crystal-reports based-buffer-overflow dll-library

Tags: dolphin default command command-execution default-security activex

Tags: dolphin default command command-execution default-security activex

Tags: dolphin default command command-execution default-security activex

Tags: authors activex controls kim-tags yong-kim activex-controls slides

Tags: safenet privagent privilege multiple-buffer-overflow buffer-overflow-vulnerabilities activex

Tags: safenet privagent privilege multiple-buffer-overflow buffer-overflow-vulnerabilities activex

Tags: flexgrid componentone activex buffer-overflow-vulnerability remote-buffer-overflow-vulnerability activex-control-buffer-overflow

Tags: exploit management remote application-lifecycle-management code-execution activex

Tags: activex ntr control activex-control-buffer-overflow code-execution

Tags: control activex ntr buffer-overflow exploits

Tags: activex method ntr aslr buffer-overflow strcat

Tags: activex method ntr aslr buffer-overflow strcat

Tags: activex method ntr aslr buffer-overflow strcat

Tags: stopmodule activex ntr code-execution malicious-web activex-control

Tags: stopmodule activex ntr code-execution malicious-web activex-control

Tags: stopmodule activex ntr code-execution malicious-web activex-control

Tags: uplay activex ubisoft buffer-overflow-vulnerability remote-buffer-overflow-vulnerability activex-control-buffer-overflow

Tags: uplay activex ubisoft buffer-overflow-vulnerability activex-control-buffer-overflow

Tags: oracle activex autovue based-buffer-overflow activex-control

Tags: oracle activex autovue based-buffer-overflow activex-control

Tags: oracle activex autovue based-buffer-overflow activex-control

Tags: axman poc activex

Tags: control playerpt activex cisco-linksys buffer-overflow exploits cisco

Tags: control playerpt activex cisco-linksys buffer-overflow-vulnerability linksys cisco

Tags: control playerpt activex x-setsource cisco-linksys buffer-overflow s-system active-x

Tags: control playerpt activex x-setsource cisco-linksys buffer-overflow s-system active-x

Tags: control playerpt activex x-setsource cisco-linksys buffer-overflow s-system active-x

Tags: poc activex bestorm heap overflow

Tags: launchhelp activex adminstudio arbitrary-code-execution novell-zenworks victim-machine

Tags: launchhelp activex adminstudio arbitrary-code-execution novell-zenworks victim-machine

Tags: launchhelp activex adminstudio arbitrary-code-execution novell-zenworks victim-machine

Tags: day zero activex target memory-address zero-day

Tags: day zero activex target memory-address zero-day

Tags: day zero activex target memory-address zero-day

Tags: activex aol dnupdater uninitialized-pointer code-execution zdi

Tags: control activex skincrafter buffer-overflow exploits

Tags: buffer activex mscomctl buffer-overflow exploits

Tags: multiple activex abb buffer-overflow-vulnerability

Tags: tv-ip activex trendnet buffer-overflow-vulnerability

Tags: backimage activex crazytalk dell-webcam exploits

Tags: tuxsystem activex class x-applicationserver exploits

Tags: activex bundled Software dell-webcam remote-buffer-overflow webcam-software exploits

Tags: vulnerability asa activex cisco-security cisco-clientless microsoft-activex-technology cisco-security-advisory free-software-updates

Tags: vulnerability asa activex cisco-security cisco-clientless microsoft-activex-technology cisco-security-advisory free-software-updates

Tags: vulnerability asa activex cisco-security cisco-clientless microsoft-activex-technology cisco-security-advisory free-software-updates

Tags: control activex ntr input-validation memory-address arbitrary-value

Tags: control activex ntr input-validation memory-address arbitrary-value

Tags: control activex ntr input-validation memory-address arbitrary-value

Tags: control activex ntr s-system buffer-overflows activex-control

Tags: control activex ntr s-system buffer-overflows activex-control

Tags: control activex ntr s-system buffer-overflows activex-control

Tags: activex Software viscom based-buffer-overflow software-movie-player drawtext-method

Tags: activex Software viscom based-buffer-overflow software-movie-player drawtext-method

Tags: activex Software viscom based-buffer-overflow software-movie-player drawtext-method

Tags: control activex dvrobot s-system activex-control arbitrary-code

Tags: control activex dvrobot s-system activex-control arbitrary-code

Tags: control activex dvrobot s-system activex-control arbitrary-code

Tags: tlist activex tec insecure-method bennet activex-control

Tags: control activex promotic code-execution activex-control vulnerability

Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow

Tags: activex indusoft issymbol buffer-overflow-vulnerabilities multiple-buffer-overflow s-system