Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:52:00 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1595975529&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20Windows%207%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2F7%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1595975529.1338191520.1338191520.1338191520.1%3B%2B__utmz%3D32867617.1338191520.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113012/MDVSA-2012-081.txt http://packetstormsecurity.org/files/113012/MDVSA-2012-081.txt http://packetstormsecurity.org/files/113012/Mandriva-Linux-Security-Advisory-2012-081.html Thu, 24 May 2012 15:20:53 GMT Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed. http://packetstormsecurity.org/files/112887/RDP_exploit.pdf http://packetstormsecurity.org/files/112887/RDP_exploit.pdf http://packetstormsecurity.org/files/112887/RDP-Exploitation-Using-Cain.html Mon, 21 May 2012 10:33:22 GMT This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain. http://packetstormsecurity.org/files/112018/comodo-dos.txt http://packetstormsecurity.org/files/112018/comodo-dos.txt http://packetstormsecurity.org/files/112018/Comodo-Internet-Security-Blue-Screen-Of-Death.html Thu, 19 Apr 2012 16:43:22 GMT Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed. http://packetstormsecurity.org/files/111921/MDVSA-2012-032-1.txt http://packetstormsecurity.org/files/111921/MDVSA-2012-032-1.txt http://packetstormsecurity.org/files/111921/Mandriva-Linux-Security-Advisory-2012-032-1.html Tue, 17 Apr 2012 20:41:42 GMT Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed. http://packetstormsecurity.org/files/111853/intrust_annotatex_add.rb.txt http://packetstormsecurity.org/files/111853/intrust_annotatex_add.rb.txt http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html Fri, 13 Apr 2012 22:12:21 GMT This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser. http://packetstormsecurity.org/files/111030/MDVSA-2012-032.txt http://packetstormsecurity.org/files/111030/MDVSA-2012-032.txt http://packetstormsecurity.org/files/111030/Mandriva-Linux-Security-Advisory-2012-032.html Wed, 21 Mar 2012 01:19:45 GMT Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. Security researcher Soroush Dalili reported a way to bypass this protection. Security researcher Atte Kettunen from OUSPG found two issues with Firefox's handling of SVG using the Address Sanitizer tool. Various other issues were also addressed. http://packetstormsecurity.org/files/109641/citrix_streamprocess_data_msg.rb.txt http://packetstormsecurity.org/files/109641/citrix_streamprocess_data_msg.rb.txt http://packetstormsecurity.org/files/109641/Citrix-Provisioning-Services-5.6-SP1-Streamprocess-Opcode-0x40020000-Buffer-Overflow.html Fri, 10 Feb 2012 22:33:19 GMT This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3. http://packetstormsecurity.org/files/107503/ccmplayer_m3u_bof.rb.txt http://packetstormsecurity.org/files/107503/ccmplayer_m3u_bof.rb.txt http://packetstormsecurity.org/files/107503/CCMPlayer-1.5-Stack-Buffer-Overflow.html Sat, 03 Dec 2011 18:32:22 GMT This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7. http://packetstormsecurity.org/files/105700/NES-BypassWin7KernelAslr.pdf http://packetstormsecurity.org/files/105700/NES-BypassWin7KernelAslr.pdf http://packetstormsecurity.org/files/105700/Bypassing-Windows-7-Kernel-ASLR.html Wed, 12 Oct 2011 01:42:34 GMT Whitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1. http://packetstormsecurity.org/files/105643/acdsee_fotoslate_string.rb.txt http://packetstormsecurity.org/files/105643/acdsee_fotoslate_string.rb.txt http://packetstormsecurity.org/files/105643/ACDSee-FotoSlate-PLP-File-id-Parameter-Overflow.html Mon, 10 Oct 2011 22:35:13 GMT This Metasploit module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7. http://packetstormsecurity.org/files/104726/dvdx_plf_bof.rb.txt http://packetstormsecurity.org/files/104726/dvdx_plf_bof.rb.txt http://packetstormsecurity.org/files/104726/DVD-X-Player-5.5-.plf-PlayList-Buffer-Overflow.html Fri, 02 Sep 2011 15:22:44 GMT This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7. http://packetstormsecurity.org/files/104084/mzffmchannel-useafterfree.txt http://packetstormsecurity.org/files/104084/mzffmchannel-useafterfree.txt http://packetstormsecurity.org/files/104084/Mozilla-Firefox-3.6.16-mChannel-Object-Use-After-Free.html Tue, 16 Aug 2011 23:22:11 GMT Mozilla Firefox version 3.6.16 mChannel Object use-after-free exploit for Windows 7. http://packetstormsecurity.org/files/104079/barracudaag-dos.txt http://packetstormsecurity.org/files/104079/barracudaag-dos.txt http://packetstormsecurity.org/files/104079/Microsoft-Windows-7-Ultimate-RPC-Denial-Of-Service.html Tue, 16 Aug 2011 22:22:22 GMT Microsoft Windows 7 Ultimate SP1 32 bit and 64 bit suffers from a RPC denial of service vulnerability due to mishandling of malformed DHCPv6 packets. http://packetstormsecurity.org/files/102801/NGS00051.txt http://packetstormsecurity.org/files/102801/NGS00051.txt http://packetstormsecurity.org/files/102801/Cisco-VPN-Client-Privilege-Escalation.html Tue, 05 Jul 2011 14:19:06 GMT The 64 Bit Cisco VPN Client for Windows 7 is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges. http://packetstormsecurity.org/files/102196/km_pwn_aslr.py.txt http://packetstormsecurity.org/files/102196/km_pwn_aslr.py.txt http://packetstormsecurity.org/files/102196/KMPlayer-3.0.0.1440-Buffer-Overflow.html Sun, 12 Jun 2011 18:26:42 GMT KMPlayer version 3.0.0.1440 buffer overflow exploit that creates a malicious .mp3 file. It is written for Windows 7 and has ASLR bypass. http://packetstormsecurity.org/files/101617/magix_musikmaker_16_mmm.rb.txt http://packetstormsecurity.org/files/101617/magix_musikmaker_16_mmm.rb.txt http://packetstormsecurity.org/files/101617/Magix-Musik-Maker-16-.mmm-Stack-Buffer-Overflow.html Mon, 23 May 2011 14:39:02 GMT This Metasploit module exploits a stack buffer overflow in Magix Musik Maker 16. When opening a specially crafted arrangement file (.mmm) in the application, an unsafe strcpy() will allow you to overwrite a SEH handler. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7. Egghunter is used, and might require up to several seconds to receive a shell. http://packetstormsecurity.org/files/101001/mjm_quickplayer_s3m.rb.txt http://packetstormsecurity.org/files/101001/mjm_quickplayer_s3m.rb.txt http://packetstormsecurity.org/files/101001/MJM-QuickPlayer-1.00-beta-60a-QuickPlayer-2010-.s3m-Stack-Buffer-Overflow.html Sat, 30 Apr 2011 16:38:11 GMT This Metasploit module exploits a stack buffer overflow in MJM QuickPlayer 1.00 beta 60a and QuickPlayer 2010 (Multi-target exploit). When opening a malicious s3m file in one of these 2 applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7. http://packetstormsecurity.org/files/101000/mjm_coreplayer2011_s3m.rb.txt http://packetstormsecurity.org/files/101000/mjm_coreplayer2011_s3m.rb.txt http://packetstormsecurity.org/files/101000/MJM-Core-Player-2011-.s3m-Stack-Buffer-Overflow.html Sat, 30 Apr 2011 16:37:45 GMT This Metasploit module exploits a stack buffer overflow in MJM Core Player 2011 When opening a malicious s3m file in this applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7. http://packetstormsecurity.org/files/100563/wireshark_packet_dect.rb.txt http://packetstormsecurity.org/files/100563/wireshark_packet_dect.rb.txt http://packetstormsecurity.org/files/100563/Wireshark-1.4.4-packet-dect.c-Stack-Buffer-Overflow.html Tue, 19 Apr 2011 14:00:38 GMT This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR and works on XP, Vista & Windows 7. http://packetstormsecurity.org/files/100472/VUPEN-mswotcffdso.txt http://packetstormsecurity.org/files/100472/VUPEN-mswotcffdso.txt http://packetstormsecurity.org/files/100472/Microsoft-Windows-OpenType-CFF-Driver-Stack-Overflow.html Fri, 15 Apr 2011 14:28:37 GMT The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application. http://packetstormsecurity.org/files/100294/videospirit_visprj.rb.txt http://packetstormsecurity.org/files/100294/videospirit_visprj.rb.txt http://packetstormsecurity.org/files/100294/VeryTools-Video-Spirit-Pro-1.70-Buffer-Overflow.html Mon, 11 Apr 2011 23:34:53 GMT This Metasploit module exploits a stack buffer overflow in Video Spirit versions 1.70 and below. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR, and works on XP, Vista & Windows 7. http://packetstormsecurity.org/files/100088/slaac-attack.txt http://packetstormsecurity.org/files/100088/slaac-attack.txt http://packetstormsecurity.org/files/100088/SLAAC-Attacks-On-Microsoft-Windows.html Tue, 05 Apr 2011 21:00:35 GMT InfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction. http://packetstormsecurity.org/files/99479/windows-reversing.pdf http://packetstormsecurity.org/files/99479/windows-reversing.pdf http://packetstormsecurity.org/files/99479/Windows-7-2008-Event-Log-Forensic-And-Reversing-Analysis.html Fri, 18 Mar 2011 23:19:06 GMT Whitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis. http://packetstormsecurity.org/files/97828/kernelpool-exploitation.pdf http://packetstormsecurity.org/files/97828/kernelpool-exploitation.pdf http://packetstormsecurity.org/files/97828/Kernel-Pool-Exploitation-On-Windows-7.html Tue, 25 Jan 2011 06:51:53 GMT Whitepaper called Kernel Pool Exploitation on Windows 7. http://packetstormsecurity.org/files/96943/windows7iis7-dos.txt http://packetstormsecurity.org/files/96943/windows7iis7-dos.txt http://packetstormsecurity.org/files/96943/Windows-7-IIS-7.5-FTPSVC-Denial-Of-Service.html Thu, 23 Dec 2010 01:01:01 GMT Windows 7 IIS 7.5 FTPSVC UNAUTH'd remote denial of service proof of concept exploit.