what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 933 RSS Feed

ActiveX Files

Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass
Posted Feb 19, 2024
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multiple commas can also be used to achieve the bypass. This issue was addressed. The fix was short lived as the researcher found yet another third trivial bypass. Previously, the researcher disclosed 3 bypasses using rundll32 javascript, but this example leverages the VBSCRIPT and ActiveX engines.

tags | exploit, javascript, activex
systems | windows
SHA-256 | 59fee3164e2fd340144dd80b39280328ebce07f8d7f86686261fc6d4a98c71eb
Microsoft Office Word MSHTML Remote Code Execution
Posted Dec 9, 2021
Authored by LockedByte, Ramella Sebastien, thesunRider, klezVirus | Site metasploit.com

This Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead to code execution. This vulnerability exists because an attacker can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine.

tags | exploit, code execution, activex
systems | windows
advisories | CVE-2021-40444
SHA-256 | fcc3f4d138a7fb7352da3e6cb2038a1b4776153656e84bcdef4857dab28eac23
Microsoft Internet Explorer Active-X Control Security Bypass
Posted Dec 6, 2021
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Internet Explorer suffers from an active-x related bypass vulnerability. Microsoft will not address the issue as it is end of life.

tags | exploit, activex, bypass
SHA-256 | fa22daaea0233f0b687f938d605627bbae7fbc5bb28632e8d17422cd0cf0af81
COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow
Posted Aug 16, 2021
Authored by LiquidWorm | Site zeroscience.mk

COMMAX UMS Client ActiveX Control version 1.7.0.2 suffers from a heap buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | e327f8ce34f952bbed55392b1785a9ab4b15bb16ed92be4015504e303d2002c1
COMMAX WebViewer ActiveX Control 2.1.4.5 Buffer Overflow
Posted Aug 16, 2021
Authored by LiquidWorm | Site zeroscience.mk

COMMAX WebViewer ActiveX Control version 2.1.4.5 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | 66c11a5f5881cde4082cee18bde6149185ba1f5723e3fc7de7923c14cd71f29a
Adobe Flash Active-X 28.0.0.137 Remote Code Execution
Posted Dec 24, 2018
Authored by smgorelik

Adobe Flash Active-X plugin version 28.0.0.137 remote code execution proof of concept exploit.

tags | exploit, remote, code execution, activex, proof of concept
advisories | CVE-2018-15982
SHA-256 | bb0fa282b90482503dc72b2186a6d3ff87113e77589dafc39357d24810e7b3fa
G DATA TOTAL SECURITY 25.4.0.3 Active-X Buffer Overflow
Posted Jul 13, 2018
Authored by Felipe Xavier Oliveira

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-10018
SHA-256 | a4a9b35e2dd08d915f0c7853b6318dcc7ae9080e1e6d5e6db10980d7390b81e0
Microsoft Windows 10 scrrun.dll Active-X Creation / Deletion Issues
Posted Jun 6, 2018
Authored by Nassim Asrir

scrrun.dll on Microsoft Windows 10 suffers from file creation, folder creation, and folder deletion vulnerabilities.

tags | exploit, vulnerability, activex
systems | windows
SHA-256 | 49d89dc88ed2402a8520c7ee5184247e2f4e65960a730130ea9da0661c4a4a8a
BarcodeWiz ActiveX Control Buffer Overflow
Posted Jan 6, 2018
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2018-5221
SHA-256 | 6101e91a84aee00fafb0cebb5718a2df43f7b5c55b823edf4cf69caa14768177
Avaya IP Office (IPO) 10.1 Active-X Buffer Overflow
Posted Nov 5, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2017-12969
SHA-256 | 7a763fcbbba221c4d0f3a6119bfab51308deda0cbd736da60d91585f0d089872
UCanCode Remote Code Execution / Denial Of Service
Posted Nov 24, 2016
Authored by shinnai

UCanCode has active-x vulnerabilities which allow for remote code execution and denial of service attacks.

tags | exploit, remote, denial of service, vulnerability, code execution, activex
SHA-256 | ab4bfbe01de8884e92fde956506ce90ff8b75920f8923dace877792e43cd3b3b
Micro Focus Rumba 9.3 Active-X Stack Buffer Overflow
Posted Oct 31, 2016
Authored by Umit Aksu

Micro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability.

tags | exploit, overflow, activex
advisories | CVE-2016-5228
SHA-256 | c79368afc2366c417c9c7e601de6a8543ba47d00308cedc97805983a7b31a5ad
LEADTOOLS Active-X DLL Hijacking
Posted Jan 23, 2016
Authored by Yorick Koster, Securify B.V.

LEADTOOLS Active-X control suffers from multiple DLL side loading vulnerabilities.

tags | advisory, vulnerability, activex
systems | windows
SHA-256 | 5765a786f5fa25578ee0bc6a814af69b28abb785455fb61a51f48c7d3739e0e5
Advantech WebAccess 8.0 / 3.4.3 Code Execution
Posted Sep 7, 2015
Authored by Praveen Darshanam

Using Advantech WebAccess SCADA Software and attacker can remotely manage industrial control systems devices like RTU's, generators, motors, etc. Attackers can execute code remotely by passing a maliciously crafted string to ConvToSafeArray API in ASPVCOBJLib.AspDataDriven ActiveX.

tags | exploit, activex
advisories | CVE-2014-9208
SHA-256 | 675e8f8ab88e9c12215588d7fd0ea9ed4240581e811774c53a4d540b46b2fe91
Kguard Digital Video Recorder Bypass Issues
Posted Jun 24, 2015
Authored by Federick Joe P Fajardo

A deficiency in handling authentication and authorization has been found with Kguard 104/108/v2 models. While password-based authentication is used by the ActiveX component to protect the login page, all the communication to the application server at port 9000 allows data to be communicated directly with insufficient or improper authorization. Proof of concept exploit included.

tags | exploit, activex, proof of concept
advisories | CVE-2015-4464
SHA-256 | f2bc1717a93e9db3908a82aa2086b5693c8ed751e4401e4bc8ea701c009a43ec
Tango FTP 1.0 Active-X Heap Spray
Posted Jun 19, 2015
Authored by metacom

Tango FTP active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects version 1.0 build 136.

tags | exploit, activex
SHA-256 | 7c5d287b7285d97c773bd521ba096c6d7155b06570a00ffc57b3294319a812a1
Tango DropBox 3.1.5 Active-X Heap Spray
Posted Jun 19, 2015
Authored by metacom

Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.

tags | exploit, activex
SHA-256 | 3c8dfe4be4054d363a2c7bf83cffe6bedd810b2e267d01f52bc1df31959e5112
1 Click Audio Converter 2.3.6 Buffer Overflow
Posted Jun 5, 2015
Authored by metacom

1 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | ab3f148c4718d2a8ce1b5e910c5fb705d96975b4212916b4ca32116e08b62493
1 Click Extract Audio 2.3.6 Buffer Overflow
Posted Jun 5, 2015
Authored by metacom

1 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.

tags | exploit, overflow, activex
SHA-256 | 8b01dc114225b25899010fb32a767a37a36147e0bb4170433e6f8f3deeaa00f2
X360 VideoPlayer ActiveX Control Buffer Overflow
Posted Feb 17, 2015
Authored by Rh0, juan vazquez | Site metasploit.com

This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.

tags | exploit, overflow, arbitrary, activex
SHA-256 | 4db85b31081245af192050fe8238d0162d228493f03b7b13875c3b7820cfcf47
IPUX CL5452/CL5132 IP Camera Stack Buffer Overflow
Posted Dec 2, 2014
Authored by LiquidWorm | Site zeroscience.mk

The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.

tags | exploit, overflow, arbitrary, activex
SHA-256 | ab552203002b5442f6c1bc8c385e038e6bf8f4fa91dcb2c7c81a0411c66078c7
IPUX CS7522/CS2330/CS2030 IP Camera Stack Buffer Overflow
Posted Dec 2, 2014
Authored by LiquidWorm | Site zeroscience.mk

The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.

tags | exploit, overflow, arbitrary, activex
SHA-256 | bd90ac6b31dacfbadf046e06c7deecd459efc8df1e4b12be5f77d4d95a82096f
TRENDnet SecurView Wireless Network Camera TV-IP422WN Buffer Overflow
Posted Nov 25, 2014
Authored by LiquidWorm | Site zeroscience.mk

The TRENDnet UltraCam ActiveX Control UltraCamX.ocx suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions TV-IP422WN and TV-IP422W are affected.

tags | exploit, overflow, arbitrary, activex
systems | linux
SHA-256 | 2d39a4ea21cf4afd0410a9a41c0e154ff98477ea7f9cd599dc79603605eed5e2
Advantech WebAccess 7.2 Stack-Based Buffer Overflow
Posted Nov 20, 2014
Authored by Core Security Technologies, Joaquin Rodriguez Varela, Ricardo Narvaj | Site coresecurity.com

Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.

tags | advisory, remote, overflow, arbitrary, activex
advisories | CVE-2014-8388
SHA-256 | f1107baceb903ca53318f0f5735854c6a5130cf3da81f5840dce6c8afe32091a
Advantech WebAccess dvs.ocx GetColor Buffer Overflow
Posted Sep 24, 2014
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

tags | exploit, overflow, activex
systems | windows
advisories | CVE-2014-2364
SHA-256 | 2c87a396ae651d2548218234d6c075460d07bc9f8c985df84efe8276828e073e
Page 1 of 38
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close