Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:05 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1025810549&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20Windows%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2Fwindows%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1025810549.1338191765.1338191765.1338191765.1%3B%2B__utmz%3D32867617.1338191765.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113041/resedit-overflow.tgz http://packetstormsecurity.org/files/113041/resedit-overflow.tgz http://packetstormsecurity.org/files/113041/ResEdit-1.5.11-win32-Buffer-Overflow.html Fri, 25 May 2012 20:36:33 GMT ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included. http://packetstormsecurity.org/files/113012/MDVSA-2012-081.txt http://packetstormsecurity.org/files/113012/MDVSA-2012-081.txt http://packetstormsecurity.org/files/113012/Mandriva-Linux-Security-Advisory-2012-081.html Thu, 24 May 2012 15:20:53 GMT Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed. http://packetstormsecurity.org/files/113002/openoffice_ole.rb.txt http://packetstormsecurity.org/files/113002/openoffice_ole.rb.txt http://packetstormsecurity.org/files/113002/OpenOffice-OLE-Importer-DocumentSummaryInformation-Stream-Handling-Overflow.html Thu, 24 May 2012 02:44:45 GMT This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/113000/sa49200.txt http://packetstormsecurity.org/files/113000/sa49200.txt http://packetstormsecurity.org/files/113000/Secunia-Security-Advisory-49200.html Wed, 23 May 2012 06:39:56 GMT Secunia Security Advisory - Dmitry Oleksiuk has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to potentially gain escalated privileges. http://packetstormsecurity.org/files/112968/novell491-escalate.txt http://packetstormsecurity.org/files/112968/novell491-escalate.txt http://packetstormsecurity.org/files/112968/Novell-Client-4.91-SP3-4-Privilege-Escalation.html Wed, 23 May 2012 02:49:43 GMT Novell Client version 4.91 SP3/4 privilege escalation exploit for Win2K3 and WinXP. http://packetstormsecurity.org/files/112967/winxpkeyboard.zip http://packetstormsecurity.org/files/112967/winxpkeyboard.zip http://packetstormsecurity.org/files/112967/Windows-XP-Keyboard-Layouts-Pool-Corruption-Proof-Of-Concept.html Wed, 23 May 2012 02:45:29 GMT This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data. http://packetstormsecurity.org/files/112887/RDP_exploit.pdf http://packetstormsecurity.org/files/112887/RDP_exploit.pdf http://packetstormsecurity.org/files/112887/RDP-Exploitation-Using-Cain.html Mon, 21 May 2012 10:33:22 GMT This paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain. http://packetstormsecurity.org/files/112926/QuarksPwDump_v0.1b.rar http://packetstormsecurity.org/files/112926/QuarksPwDump_v0.1b.rar http://packetstormsecurity.org/files/112926/Quarks-PwDump-0.1b.html Sun, 20 May 2012 18:11:11 GMT Quarks PwDump is a native Win32 tool to extract credentials from Windows operating systems. It currently extracts local accounts NT/LM hashes and history, domain accounts NT/LM hashes and history, cached domain password, and Bitlocker recovery information. http://packetstormsecurity.org/files/112864/bea_weblogic_post_bof.rb.txt http://packetstormsecurity.org/files/112864/bea_weblogic_post_bof.rb.txt http://packetstormsecurity.org/files/112864/Oracle-Weblogic-Apache-Connector-POST-Request-Buffer-Overflow.html Fri, 18 May 2012 14:58:27 GMT This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header. http://packetstormsecurity.org/files/112863/batik_svg_java.rb.txt http://packetstormsecurity.org/files/112863/batik_svg_java.rb.txt http://packetstormsecurity.org/files/112863/Squiggle-1.7-SVG-Browser-Java-Code-Execution.html Fri, 18 May 2012 14:58:01 GMT This Metasploit module abuses the SVG support to execute Java Code in the Squiggle Browser included in the Batik framework 1.7 through a crafted svg file referencing a jar file. In order to gain arbitrary code execution, the browser must meet the following conditions: (1) It must support at least SVG version 1.1 or newer, (2) It must support Java code and (3) The "Enforce secure scripting" check must be disabled. The module has been tested against Windows and Linux platforms. http://packetstormsecurity.org/files/112851/php54-exec.txt http://packetstormsecurity.org/files/112851/php54-exec.txt http://packetstormsecurity.org/files/112851/PHP-5.4-Win32-Code-Execution.html Fri, 18 May 2012 14:21:42 GMT PHP version 5.4.3 code execution exploit for Win32. http://packetstormsecurity.org/files/112747/VMRL-applequicktime.txt http://packetstormsecurity.org/files/112747/VMRL-applequicktime.txt http://packetstormsecurity.org/files/112747/Apple-Quicktime-.pct-Parsing-Memory-Corruption.html Tue, 15 May 2012 22:38:03 GMT Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected. http://packetstormsecurity.org/files/112594/HPSBMU02775-SSRT100853-2.txt http://packetstormsecurity.org/files/112594/HPSBMU02775-SSRT100853-2.txt http://packetstormsecurity.org/files/112594/HP-Security-Bulletin-HPSBMU02775-SSRT100853-2.html Thu, 10 May 2012 15:17:23 GMT HP Security Bulletin HPSBMU02775 SSRT100853 2 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 2 of this advisory. http://packetstormsecurity.org/files/112587/CORE-2011-1123.txt http://packetstormsecurity.org/files/112587/CORE-2011-1123.txt http://packetstormsecurity.org/files/112587/Windows-Kernel-ReadLayoutFile-Heap-Overflow.html Thu, 10 May 2012 04:13:47 GMT Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means. http://packetstormsecurity.org/files/112586/HPSBMU02775-SSRT100853.txt http://packetstormsecurity.org/files/112586/HPSBMU02775-SSRT100853.txt http://packetstormsecurity.org/files/112586/HP-Security-Bulletin-HPSBMU02775-SSRT100853.html Thu, 10 May 2012 04:13:09 GMT HP Security Bulletin HPSBMU02775 SSRT100853 - Potential security vulnerabilities have been identified with HP Performance Insight for Networks running on HP-UX, Linux, Solaris, and Windows. The vulnerabilities could be exploited remotely resulting in SQL injection, cross site scripting (XSS), and privilege elevation. Revision 1 of this advisory. http://packetstormsecurity.org/files/112532/sa49120.txt http://packetstormsecurity.org/files/112532/sa49120.txt http://packetstormsecurity.org/files/112532/Secunia-Security-Advisory-49120.html Tue, 08 May 2012 04:17:41 GMT Secunia Security Advisory - Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. http://packetstormsecurity.org/files/112530/sa49115.txt http://packetstormsecurity.org/files/112530/sa49115.txt http://packetstormsecurity.org/files/112530/Secunia-Security-Advisory-49115.html Tue, 08 May 2012 04:17:34 GMT Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. http://packetstormsecurity.org/files/112529/sa49114.txt http://packetstormsecurity.org/files/112529/sa49114.txt http://packetstormsecurity.org/files/112529/Secunia-Security-Advisory-49114.html Tue, 08 May 2012 04:17:31 GMT Secunia Security Advisory - Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. http://packetstormsecurity.org/files/112479/vmware-backdoor.txt http://packetstormsecurity.org/files/112479/vmware-backdoor.txt http://packetstormsecurity.org/files/112479/VMware-Backdoor-Response-Uninitialized-Memory-Potential-VM-Break.html Sun, 06 May 2012 01:39:42 GMT The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution. http://packetstormsecurity.org/files/112434/sa49021.txt http://packetstormsecurity.org/files/112434/sa49021.txt http://packetstormsecurity.org/files/112434/Secunia-Security-Advisory-49021.html Thu, 03 May 2012 02:26:54 GMT Secunia Security Advisory - A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/112413/HPSBMU02770-SSRT100848.txt http://packetstormsecurity.org/files/112413/HPSBMU02770-SSRT100848.txt http://packetstormsecurity.org/files/112413/HP-Security-Bulletin-HPSBMU02770-SSRT100848.html Wed, 02 May 2012 21:24:15 GMT HP Security Bulletin HPSBMU02770 SSRT100848 - Potential security vulnerabilities have been identified with HP Insight Management Agents for Windows Server. The vulnerabilities could be exploited remotely resulting in cross site request forgery (CSRF), cross site scripting (XSS), URL redirection, unauthorized modification, and Denial of Service (DoS). Revision 1 of this advisory. http://packetstormsecurity.org/files/112409/win32k-dos.txt http://packetstormsecurity.org/files/112409/win32k-dos.txt http://packetstormsecurity.org/files/112409/Microsoft-Windows-XP-Win32k.sys-Denial-Of-Service.html Wed, 02 May 2012 21:06:58 GMT Microsoft Windows XP Win32k.sys local kernel denial of service exploit. http://packetstormsecurity.org/files/112316/Actuality_of_SMBRelay_in_Modern_Windows_Networks.pdf http://packetstormsecurity.org/files/112316/Actuality_of_SMBRelay_in_Modern_Windows_Networks.pdf http://packetstormsecurity.org/files/112316/Actuality-Of-SMBRelay-In-Modern-Windows-Networks.html Sat, 28 Apr 2012 18:22:22 GMT Whitepaper called Actuality of SMBRelay in Modern Windows Networks. http://packetstormsecurity.org/files/112218/kmplayer-dllhijack.txt http://packetstormsecurity.org/files/112218/kmplayer-dllhijack.txt http://packetstormsecurity.org/files/112218/KMPlayer-3.2.0.19-DLL-Hijack.html Thu, 26 Apr 2012 22:29:21 GMT KMPlayer version 3.2.0.19 suffers from a DLL hijacking vulnerability. http://packetstormsecurity.org/files/112214/ettercapng074-dllhijack.txt http://packetstormsecurity.org/files/112214/ettercapng074-dllhijack.txt http://packetstormsecurity.org/files/112214/Ettercap-NG-0.7.4-DLL-Hijack.html Thu, 26 Apr 2012 22:22:05 GMT Ettercap NG version 0.7.4 suffers from a DLL hijacking vulnerability.