adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d3e57ffc46ccac423cf378e47a503ebecffe6a44
metasploit-gs/modules/exploits/windows/browser
T
History
sinn3r d3e57ffc46 Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow 
This module exploits a vulnerability found in Synactis' PDF In-The-Box ActiveX
component, specifically PDF_IN_1.ocx.  When a long string of data is given
to the ConnectToSynactis function, which is meant to be used for the ldCmdLine
argument of a WinExec call, a strcpy routine can end up overwriting a TRegistry
class pointer saved on the stack, and results in arbitrary code execution under the
context of the user.
2013-06-06 20:05:08 -05:00
..
adobe_cooltype_sing.rb
Dropping all twitter handles
2013-02-01 16:33:52 -06:00
adobe_flash_mp4_cprt.rb
Clean up all the whitespace found
2013-04-23 18:27:11 -05:00
adobe_flash_otf_font.rb
Move print of my_target.name to after nil check
2012-12-07 11:00:24 -06:00
adobe_flash_rtmp.rb
Adopt RopDb for adobe_flash_rtmp.rb
2012-10-05 11:05:19 -05:00
adobe_flash_sps.rb
Fixes #362 by changing the exitfunction arguments to be the correct type
2012-05-07 02:41:08 -05:00
adobe_flashplayer_arrayindexing.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_flashplayer_avm.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_flashplayer_flash10o.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_flashplayer_newfunction.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_flatedecode_predictor02.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_geticon.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_jbig2decode.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_media_newplayer.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_shockwave_rcsl_corruption.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
adobe_utilprintf.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
aim_goaway.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
aladdin_choosefilepath_bof.rb
added ie8 target
2012-10-31 11:57:38 +01:00
amaya_bdo.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
aol_ampx_convertfile.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
aol_icq_downloadagent.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
apple_itunes_playlist.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
apple_quicktime_marshaled_punk.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
apple_quicktime_mime_type.rb
Only XP for target coverage
2012-11-27 10:48:20 -06:00
apple_quicktime_rtsp.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
apple_quicktime_smil_debug.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
apple_quicktime_texml_font_table.rb
If no badchars, no need to specify.
2012-11-23 18:46:50 -06:00
ask_shortformat.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
asus_net4switch_ipswcom.rb
Update references
2012-12-10 11:42:21 -06:00
athocgov_completeinstallation.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
autodesk_idrop.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
aventail_epi_activex.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
awingsoft_web3d_bof.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
awingsoft_winds3d_sceneurl.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
baofeng_storm_onbeforevideodownload.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
barcode_ax49.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
blackice_downloadimagefileurl.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
c6_messenger_downloaderactivex.rb
Take into account an integer-normalized datastore
2012-06-24 23:00:02 -05:00
ca_brightstor_addcolumn.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
chilkat_crypt_writefile.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
cisco_anyconnect_exec.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
cisco_playerpt_setsource_surl.rb
juan author name updated
2012-08-06 18:59:16 +02:00
cisco_playerpt_setsource.rb
Blah, removed the wrong ref.
2012-07-30 12:47:32 -05:00
citrix_gateway_actx.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
clear_quest_cqole.rb
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
communicrypt_mail_activex.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
creative_software_cachefolder.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
crystal_reports_printcontrol.rb
trying to fix stability issues on w7
2012-12-17 19:17:36 +01:00
dell_webcam_crazytalk.rb
Fixes #362 by changing the exitfunction arguments to be the correct type
2012-05-07 02:41:08 -05:00
dxstudio_player_exec.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ea_checkrequirements.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ebook_flipviewer_fviewerloading.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
enjoysapgui_comp_download.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
enjoysapgui_preparetoposthtml.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
facebook_extractiptc.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
foxit_reader_plugin_url_bof.rb
Randomize some gadgets
2013-02-13 14:12:52 -06:00
gom_openurl.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
greendam_url.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
honeywell_hscremotedeploy_exec.rb
Updating URL for Honewell EBI exploit
2013-03-11 13:35:58 -05:00
honeywell_tema_exec.rb
Deleting from browser autopwn
2013-01-09 09:58:20 +01:00
hp_alm_xgo_setshapenodetype_exec.rb
Only JRE ROP is used
2012-09-24 10:21:02 -05:00
hp_easy_printer_care_xmlcachemgr.rb
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00
hp_easy_printer_care_xmlsimpleaccessor.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
hp_loadrunner_addfile.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
hp_loadrunner_addfolder.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
hpmqc_progcolor.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
hyleos_chemviewx_activex.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ibm_spss_c1sizer.rb
Add ZDI reference
2013-05-31 20:50:53 -05:00
ibm_tivoli_pme_activex_bof.rb
Merge branch 'rapid7' into http-print-standardization
2012-04-18 08:51:42 -06:00
ibmegath_getxmlvalue.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ibmlotusdomino_dwa_uploadmodule.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ie_cbutton_uaf.rb
Make msftidy happy
2013-05-02 19:46:26 -05:00
ie_cgenericelement_uaf.rb
Modifies the exploit a little for better stability
2013-06-02 03:02:42 -05:00
ie_createobject.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ie_execcommand_uaf.rb
Fix spaces
2012-10-05 15:40:37 -05:00
ie_iscomponentinstalled.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ie_unsafe_scripting.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
imgeviewer_tifmergemultifiles.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
indusoft_issymbol_internationalseparator.rb
James has more modules that need to be updated.
2012-12-24 17:51:58 -06:00
inotes_dwa85w_bof.rb
swith to some random data
2012-12-28 12:47:20 +01:00
intrust_annotatex_add.rb
Merge branch 'jlee-r7-http-print-standardization'
2012-04-25 15:38:46 -05:00
java_basicservice_impl.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
java_cmm.rb
fix typo
2013-03-27 17:39:18 +01:00
java_codebase_trust.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
java_docbase_bof.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
java_mixer_sequencer.rb
Remove spurious cli.peerhost in output
2012-04-20 13:31:42 -06:00
java_ws_arginject_altjvm.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
java_ws_vmargs.rb
Fix file header comment
2013-03-07 17:53:19 -06:00
juniper_sslvpn_ive_setupdll.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
kazaa_altnet_heap.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
keyhelp_launchtripane_exec.rb
Small description change and favor the use of print_error
2012-10-10 13:37:23 -05:00
logitechvideocall_start.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
lpviewer_url.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
macrovision_downloadandexecute.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
macrovision_unsafe.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
maxthon_history_xcs.rb
More changes
2012-12-07 13:47:07 -06:00
mcafee_mcsubmgr_vsprintf.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mcafee_mvt_exec.rb
Update references
2012-12-10 11:42:21 -06:00
mcafeevisualtrace_tracetarget.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mirc_irc_url.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mozilla_attribchildremoved.rb
If the target isn't support, make sure we warn the user
2012-05-17 12:34:17 -05:00
mozilla_interleaved_write.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mozilla_mchannel.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mozilla_nssvgvalue.rb
Fix broken target (variable naming)
2012-05-17 11:37:49 -05:00
mozilla_nstreerange.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mozilla_reduceright.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms03_020_ie_objecttype.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms05_054_onload.rb
Msftidy fixes
2013-01-04 09:29:34 +01:00
ms06_001_wmf_setabortproc.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms06_013_createtextrange.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms06_055_vml_method.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms06_057_webview_setslice.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms06_067_keyframe.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms06_071_xml_core.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms07_017_ani_loadimage_chunksize.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms08_041_snapshotviewer.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms08_053_mediaencoder.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms08_070_visual_studio_msmask.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms08_078_xml_corruption.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms09_002_memory_corruption.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms09_043_owc_htmlurl.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms09_043_owc_msdso.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms09_072_style_object.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_002_aurora.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_002_ie_object.rb
Use RopDb, and print what target the module has selected.
2012-10-07 01:42:29 -05:00
ms10_018_ie_behaviors.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_018_ie_tabular_activex.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_022_ie_vbscript_winhlp32.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_026_avi_nsamplespersec.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_042_helpctr_xss_cmd_exec.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_046_shortcut_icon_dllloader.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms10_090_ie_css_clip.rb
Dropping all twitter handles
2013-02-01 16:33:52 -06:00
ms11_003_ie_css_import.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ms11_050_mshtml_cobjectelement.rb
Use RopDb in MS11-050, and correct autopwninfo
2012-10-06 01:45:40 -05:00
ms11_081_option.rb
Add MS11-081
2013-01-09 15:52:33 -06:00
ms11_093_ole32.rb
Change the title and add a Microsoft reference.
2012-06-10 14:45:15 -05:00
ms12_004_midi.rb
fix eol for ms12_004_midi
2012-12-21 21:01:39 +01:00
ms12_037_ie_colspan.rb
juan author name updated
2012-08-06 18:59:16 +02:00
ms12_037_same_id.rb
Adopt RopDb for ms12_037_same_id.rb
2012-10-05 12:17:19 -05:00
ms13_009_ie_slayoutrun_uaf.rb
Minor changes
2013-02-22 21:02:19 -06:00
msvidctl_mpeg2.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
mswhale_checkforupdates.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
msxml_get_definition_code_exec.rb
Adopt RopDb for msxml_get_definition_code_exec.rb
2012-10-05 12:20:41 -05:00
nctaudiofile2_setformatlikesample.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
nis2004_antispam.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
nis2004_get.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
notes_handler_cmdinject.rb
added module for ZDI-12-154
2012-12-24 16:23:19 +01:00
novell_groupwise_gwcls1_actvx.rb
added crash to comments
2013-02-09 17:49:57 +01:00
novelliprint_callbackurl.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
novelliprint_datetime.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
novelliprint_executerequest_dbg.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
novelliprint_executerequest.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
novelliprint_getdriversettings_2.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
novelliprint_getdriversettings.rb
Remove $Id tags
2013-05-20 16:21:03 -05:00
novelliprint_target_frame.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ntr_activex_check_bof.rb
Explain why the user cannot modify the URIPATH
2012-10-05 17:24:06 -05:00
ntr_activex_stopmodule.rb
Correct target parameters
2012-09-20 16:41:54 -05:00
oracle_autovue_setmarkupmode.rb
Add Metasploit blogs as references, because they're useful.
2012-09-03 15:57:27 -05:00
oracle_dc_submittoexpress.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
oracle_webcenter_checkoutandopen.rb
Add analysis at the end of the module
2013-06-01 15:59:17 -05:00
orbit_connecting.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ovftool_format_string.rb
added migrate as initial script
2013-02-04 16:42:56 +01:00
pcvue_func.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
persits_xupload_traversal.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
quickr_qp2_bof.rb
switch to some random data
2012-12-28 12:48:36 +01:00
real_arcade_installerdlg.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
realplayer_cdda_uri.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
realplayer_console.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
realplayer_import.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
realplayer_qcp.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
realplayer_smil.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
roxio_cineplayer.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
safari_xslt_output.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
samsung_neti_wiewer_backuptoavi_bof.rb
Caps in title
2012-06-13 14:19:04 -05:00
sapgui_saveviewtosessionfile.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
softartisans_getdrivename.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
sonicwall_addrouteentry.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
symantec_altirisdeployment_downloadandinstall.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
symantec_altirisdeployment_runcmd.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
symantec_appstream_unsafe.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
symantec_backupexec_pvcalendar.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
symantec_consoleutilities_browseandsavefile.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
synactis_connecttosynactis_bof.rb
Add OSVDB-93754: Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
2013-06-06 20:05:08 -05:00
systemrequirementslab_unsafe.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
teechart_pro.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
tom_sawyer_tsgetx71ex552.rb
Use of make_nops
2012-06-08 19:20:58 +02:00
trendmicro_extsetowner.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
trendmicro_officescan.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
tumbleweed_filetransfer.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
ubisoft_uplay_cmd_exec.rb
Update references
2012-12-10 11:42:21 -06:00
ultramjcam_openfiledig_bof.rb
Update references
2012-12-10 11:42:21 -06:00
ultraoffice_httpupload.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
verypdf_pdfview.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
viscom_movieplayer_drawtext.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
vlc_amv.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
vlc_mms_bof.rb
Fixes #362 by changing the exitfunction arguments to be the correct type
2012-05-07 02:41:08 -05:00
webdav_dll_hijacker.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
webex_ucf_newobject.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
winamp_playlist_unc.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
winamp_ultravox.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
windvd7_applicationtype.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
winzip_fileview.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
wmi_admintools.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
xmplay_asx.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
yahoomessenger_fvcom.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
yahoomessenger_server.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
zenturiprogramchecker_unsafe.rb
msftidy: Remove $Revision$
2013-01-04 00:48:10 +01:00
zenworks_helplauncher_exec.rb
Warn user if a file/permission is being modified during new session
2012-10-24 00:54:17 -05:00