This exploit module illustrates how a vulnerability could be exploited in an TCP server that has a parsing bug. This is an example Metasploit module to be used for exploit development.
7080c0e0772da0f83c51df64e3f6e1cc4c7d74a7c1c2265e80261599694e52d2
This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function in USER32.dll. The flaw can be triggered through Internet Explorer 6 and 7 by using the CURSOR style sheet directive to load a malicious .ANI file. The module can also exploit Mozilla Firefox by using a UNC path in a moz-icon URL and serving the .ANI file over WebDAV. The vulnerable code in USER32.dll will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
77a69a99c5c235c2339e0f087749f6b147c5953684914f6479b3edef34269f9a
Whitepaper called Remote Library Injection.
5d2e159fe59c1a83859333e8247107ff1a82a3fbfcf7ccd80be987e9f65fa30a
This Metasploit module exploits a flaw in the handling of AOL Instant Messenger's 'goaway' URI handler. An attacker can execute arbitrary code by supplying a overly sized buffer as the 'message' parameter. This issue is known to affect AOL Instant Messenger 5.5.
3f9f669a44333e450e5fc4a71660d89955d2e85848f584c1c6d9d52d001ed850
This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
ff5578fdfc8c36ccaad517474220f3b7300ff9d3ecf2bb352b81b0e1dffd7516
This Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.
44fae6eeb87ba29bf60ae8c26b6d7c50f75e7bf5c2f4e1500856135c1f0e9b56
This Metasploit module exploits a vulnerability in Internet Explorer's handling of the OBJECT type attribute.
762676e5b4cae135dd0de251981a7ff4fd73802648ec93cee17bd317804a31d0
This Metasploit module exploits a heap overflow vulnerability in the KeyFrame method of the direct animation ActiveX control. This is a port of the exploit implemented by Alexander Sotirov.
ee23cf2762a7f51047b8075259d50984edeb1f3ca15637fe82e5757310a61103
This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.
c43f943216a1703933afd0ce0708c0542f099b2ad7ed5a159c445291d16c2bc5
This is an exploit for an undisclosed buffer overflow in the SoftCart.exe CGI as shipped with Mercantec's shopping cart software. It is possible to execute arbitrary code by passing a malformed CGI parameter in an HTTP GET request. This issue is known to affect SoftCart version 4.00b.
c9dccfe5b7419f70e2a30a4c2e34c682780607f4dc1a5b5945ab9f5f4cef63b9
Whitepaper called Metasploit's Meterpreter.
1b01acfccb89b492007b8905da1e49f8a9f4d9d1d0338f7c59c152859292c7a2