Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:14 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1061538834&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=ActiveX%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Factivex%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1061538834.1338191774.1338191774.1338191774.1%3B%2B__utmz%3D32867617.1338191774.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/112849/skincrafter-overflow.txt http://packetstormsecurity.org/files/112849/skincrafter-overflow.txt http://packetstormsecurity.org/files/112849/SkinCrafter-3.0-Buffer-Overflow.html Fri, 18 May 2012 14:18:55 GMT SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability. http://packetstormsecurity.org/files/112575/decisiontools-exec.txt http://packetstormsecurity.org/files/112575/decisiontools-exec.txt http://packetstormsecurity.org/files/112575/DecisionTools-SharpGrid-Active-X-Code-Execution.html Wed, 09 May 2012 17:23:22 GMT DecisionTools SharpGrid suffers from an active-x related remote command execution vulnerability. http://packetstormsecurity.org/files/112443/mcafee_mvt_exec.rb.txt http://packetstormsecurity.org/files/112443/mcafee_mvt_exec.rb.txt http://packetstormsecurity.org/files/112443/McAfee-Virtual-Technician-MVTControl-6.3.0.1911-GetObject-Vulnerability.html Thu, 03 May 2012 22:45:26 GMT This Metasploit modules exploits a vulnerability found in McAfee Virtual Technician's MVTControl. This ActiveX control can be abused by using the GetObject() function to load additional unsafe classes such as WScript.Shell, therefore allowing remote code execution under the context of the user. http://packetstormsecurity.org/files/112363/samsung-activex.txt http://packetstormsecurity.org/files/112363/samsung-activex.txt http://packetstormsecurity.org/files/112363/Samsung-NET-i-Viewer-Active-X-SEH-Overwrite.html Wed, 02 May 2012 01:15:48 GMT Samsung NET-i Viewer version 1.37 active-x SEH overwrite exploit. http://packetstormsecurity.org/files/112373/sa49007.txt http://packetstormsecurity.org/files/112373/sa49007.txt http://packetstormsecurity.org/files/112373/Secunia-Security-Advisory-49007.html Tue, 01 May 2012 05:17:51 GMT Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in McAfee Virtual Technician MVTControl ActiveX Control, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/112333/9sg_mcafee_vt.tgz http://packetstormsecurity.org/files/112333/9sg_mcafee_vt.tgz http://packetstormsecurity.org/files/112333/McAfee-Virtual-Technician-6.3.0.1911-Code-Execution.html Mon, 30 Apr 2012 14:32:17 GMT McAfee Virtual Technician version 6.3.0.1911 suffers from a MVT.MVTControl.6300 GetObject() active-x control security bypass remote code execution vulnerability. http://packetstormsecurity.org/files/111853/intrust_annotatex_add.rb.txt http://packetstormsecurity.org/files/111853/intrust_annotatex_add.rb.txt http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html Fri, 13 Apr 2012 22:12:21 GMT This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser. http://packetstormsecurity.org/files/111680/ibm_tivoli_pme_activex_bof.rb.txt http://packetstormsecurity.org/files/111680/ibm_tivoli_pme_activex_bof.rb.txt http://packetstormsecurity.org/files/111680/IBM-Tivoli-Provisioning-Manager-Express-Overflow.html Tue, 10 Apr 2012 01:33:55 GMT This Metasploit module exploits a buffer overflow vulnerability in the Isig.isigCtl.1 ActiveX installed with IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1. The vulnerability is found in the "RunAndUploadFile" method where the "OtherFields" parameter with user controlled data is used to build a "Content-Disposition" header and attach contents in a insecure way which allows to overflow a buffer in the stack. http://packetstormsecurity.org/files/111649/ultramjcam_openfiledig_bof.rb.txt http://packetstormsecurity.org/files/111649/ultramjcam_openfiledig_bof.rb.txt http://packetstormsecurity.org/files/111649/TRENDnet-SecurView-Internet-Camera-UltraMJCam-OpenFileDlg-Buffer-Overflow.html Sat, 07 Apr 2012 01:03:11 GMT This Metasploit module exploits a vulnerability found in TRENDnet SecurView Internet Camera's ActiveX control. By supplying a long string of data as the sFilter argument of the OpenFileDlg() function, it is possible to trigger a buffer overflow condition due to WideCharToMultiByte (which converts unicode back to) overwriting the stack more than it should, which results arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/111639/sa48681.txt http://packetstormsecurity.org/files/111639/sa48681.txt http://packetstormsecurity.org/files/111639/Secunia-Security-Advisory-48681.html Fri, 06 Apr 2012 04:58:39 GMT Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Explain Plan Display ActiveX Control, which can be exploited by malicious people to manipulate certain data. http://packetstormsecurity.org/files/111638/sa48674.txt http://packetstormsecurity.org/files/111638/sa48674.txt http://packetstormsecurity.org/files/111638/Secunia-Security-Advisory-48674.html Fri, 06 Apr 2012 04:58:36 GMT Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Quest Connection Broker Client ActiveX Control, which can be exploited by malicious people to manipulate certain data. http://packetstormsecurity.org/files/111632/9sg_quest_toad_poc.txt http://packetstormsecurity.org/files/111632/9sg_quest_toad_poc.txt http://packetstormsecurity.org/files/111632/Quest-Toad-For-Oracle-Explain-Plan-Display-File-Creation-Overwrite.html Fri, 06 Apr 2012 02:40:11 GMT Quest Toad for Oracle Explain Plan Display active-x control QExplain2.dll version 6.6.1.1115 suffer from a remote file creation / overwrite vulnerability. http://packetstormsecurity.org/files/111631/9sg_quest_vworkspace_poc.txt http://packetstormsecurity.org/files/111631/9sg_quest_vworkspace_poc.txt http://packetstormsecurity.org/files/111631/Quest-vWorkspace-7.5-Remote-File-Creation-Overwrite.html Fri, 06 Apr 2012 02:38:20 GMT Quest vWorkspace version 7.5 Connection Broker client active-x control pnllmcli.dll version 7.5.304.547 suffers from a SaveMiniLaunchFile() method remote file creation / overwrite vulnerability. http://packetstormsecurity.org/files/111447/sa48601.txt http://packetstormsecurity.org/files/111447/sa48601.txt http://packetstormsecurity.org/files/111447/Secunia-Security-Advisory-48601.html Sun, 01 Apr 2012 09:50:40 GMT Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in TRENDnet UltraMJCam ActiveX Control, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/111380/sa48602.txt http://packetstormsecurity.org/files/111380/sa48602.txt http://packetstormsecurity.org/files/111380/Secunia-Security-Advisory-48602.html Fri, 30 Mar 2012 01:49:18 GMT Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in Camera Stream Client ActiveX Control, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/111332/9sg_quest_ii.tgz http://packetstormsecurity.org/files/111332/9sg_quest_ii.tgz http://packetstormsecurity.org/files/111332/Quest-InTrust-10.4.x-File-Overwrite.html Thu, 29 Mar 2012 05:03:10 GMT Quest InTrust version 10.4.x suffers from ArDoc.dll active-x control remote file creation / overwrite vulnerabilities in the ReportTree and SimpleTree classes. Proof of concept code included. http://packetstormsecurity.org/files/111317/9sg_dlink.tgz http://packetstormsecurity.org/files/111317/9sg_dlink.tgz http://packetstormsecurity.org/files/111317/D-Link-SecuriCam-DCS-5605-Network-Surveillance-Buffer-Overflow.html Thu, 29 Mar 2012 04:33:18 GMT The D-Link SecuriCam DCS-5605 Network Surveillance DcsCliCtrl.dll active-x control suffers from a buffer overflow vulnerability. Proof of concept code included. http://packetstormsecurity.org/files/111312/9sg_quest.tgz http://packetstormsecurity.org/files/111312/9sg_quest.tgz http://packetstormsecurity.org/files/111312/Quest-InTrust-10.4.x-Annotation-Objects-Code-Execution.html Thu, 29 Mar 2012 04:00:03 GMT Quest InTrust version 10.4.x with Annotation Objects active-x control ANNOTATEX.DLL suffers from a remote code execution vulnerability. Proof of concept code included. http://packetstormsecurity.org/files/111311/9sg_trendnet.tgz http://packetstormsecurity.org/files/111311/9sg_trendnet.tgz http://packetstormsecurity.org/files/111311/TRENDnet-SecurView-TV-IP121WN-Wireless-Internet-Camera-UltraMJCam-Buffer-Overflow.html Thu, 29 Mar 2012 03:57:20 GMT The TRENDnet SecurView TV-IP121WN wireless internet camera UltraMJCam active-x control suffers from an OpenFileDlg() WideCharToMultiByte remote buffer overflow. Proof of concept code included. http://packetstormsecurity.org/files/111138/sa48543.txt http://packetstormsecurity.org/files/111138/sa48543.txt http://packetstormsecurity.org/files/111138/Secunia-Security-Advisory-48543.html Fri, 23 Mar 2012 03:54:09 GMT Secunia Security Advisory - rgod has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. http://packetstormsecurity.org/files/111084/9sg_linksys_playerpt.txt http://packetstormsecurity.org/files/111084/9sg_linksys_playerpt.txt http://packetstormsecurity.org/files/111084/Cisco-Linksys-WVC200-PlayerPT-Buffer-Overflow.html Thu, 22 Mar 2012 04:19:08 GMT Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera PlayerPT active-x control (PlayerPT.ocx) suffers from a sprintf buffer overflow vulnerability. Version 1.0.0.15 is affected. http://packetstormsecurity.org/files/110993/dellwebcom-overflow.txt http://packetstormsecurity.org/files/110993/dellwebcom-overflow.txt http://packetstormsecurity.org/files/110993/Dell-Webcam-CrazyTalk4Native.dll-Buffer-Overflow.html Tue, 20 Mar 2012 00:18:40 GMT The Dell Webcam software bundled active-x control CrazyTalk4Native.dll suffers from a remote buffer overflow vulnerability. http://packetstormsecurity.org/files/110971/2xclient-downloadexecute.txt http://packetstormsecurity.org/files/110971/2xclient-downloadexecute.txt http://packetstormsecurity.org/files/110971/2X-Client-For-RDP-10.1.1204-Download-Execute.html Mon, 19 Mar 2012 22:40:17 GMT 2X Client for RDP version 10.1.1204 suffers from a ClientSystem class active-x control download and execute vulnerability that affects TuxClientSystem.dll. http://packetstormsecurity.org/files/110970/2xapplicationserver-overwrite.txt http://packetstormsecurity.org/files/110970/2xapplicationserver-overwrite.txt http://packetstormsecurity.org/files/110970/2X-Application-Server-10.1-File-Overwrite.html Mon, 19 Mar 2012 22:37:55 GMT 2X Application Server version 10.x suffers from a TuxSystem class active-x control file overwrite involving TuxScripting.dll. http://packetstormsecurity.org/files/110821/cisco-sa-20120314-asaclient.txt http://packetstormsecurity.org/files/110821/cisco-sa-20120314-asaclient.txt http://packetstormsecurity.org/files/110821/Cisco-Security-Advisory-20120314-asaclient.html Thu, 15 Mar 2012 03:02:17 GMT Cisco Security Advisory - The Cisco Clientless VPN solution as deployed by Cisco ASA 5500 Series Adaptive Security Appliances (Cisco ASA) uses an ActiveX control on client systems to perform port forwarding operations. Microsoft Windows-based systems that are running Internet Explorer or another browser that supports Microsoft ActiveX technology may be affected if the system has ever connected to a device that is running the Cisco Clientless VPN solution. A remote, unauthenticated attacker who could convince a user to connect to a malicious web page could exploit this issue to execute arbitrary code on the affected machine with the privileges of the web browser. The affected ActiveX control is distributed to endpoint systems by Cisco ASA. However, the impact of successful exploitation of this vulnerability is to the endpoint system only and does not compromise Cisco ASA devices. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.