exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Cody Pierce

First Active2006-08-18
Last Active2010-07-14
Oracle Secure Backup Scheduler Service Remote Code Execution
Posted Jul 14, 2010
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2010-0898
SHA-256 | b97beb4e58e46d6a4719bd8417540a0d0f63bac1d2dbac31e1272e615cc3a6b5
Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation
Posted Jun 12, 2010
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

This vulnerability allows local attackers to execute arbitrary code in kernel space on vulnerable installations of Sophos Anti-Virus. Local access to the system is required to leverage the vulnerability. The specific flaw exists in the handling of the system call NtQueryAttributesFile by the filter driver savonaccessfilter.sys. Due to improper handling of parameters to the function pool corruption can occur in kernel space. A local attacker can leverage this to execute arbitrary code in ring 0.

tags | advisory, arbitrary, kernel, local, virus
SHA-256 | fdbd68ea6a72bd82b979a735c87645b3df846a705d606712fa1d183fd49b65d4
Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution
Posted Feb 10, 2010
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious PowerPoint PPT file. The specific flaw exists in the handling of TextCharsAtom (0x0fa0) records contained in a PPT file. Due to the lack of bounds checking on the size argument an unchecked memcpy copies user-supplied data from the file to the stack, overflowing key exception structures. Exploitation of this vulnerability can lead to remote compromise of the affected system under the credentials of the currently logged in user.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2010-0034
SHA-256 | 8e1c23ac15700c930c9745ee6e55c11fbeb356f471c8041790add6cbebb32c65
Microsoft Windows License Logging Service Heap Corruption
Posted Nov 17, 2009
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required on certain configurations to exploit this vulnerability. The specific flaw exists in the handling of RPC calls to the License Logging Service (llssrv.exe). When processing arguments to the LlsrLicenseRequestW method a character array is expected to contain a terminating null byte. By supplying data that does not end in a null it is possible to overlap a call to lstrcatW, resulting in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the SYSTEM account.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2009-2523
SHA-256 | f21d1604d8e1e8c3be6574e22ae7b94c1af0646e4e4c46095c1aa5ccefb5b163
NetrGetJoinInformation Heap Corruption
Posted Aug 11, 2009
Authored by Cody Pierce | Site tippingpoint.com

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Valid user credentials are required to exploit this vulnerability. The specific flaw exists in the Workstation RPC Service. When handling the arguments for the NetrGetJoinInformation function, memory is improperly freed and can lead to remote code execution. Successful exploitation can lead to a remote system compromise under SYSTEM credentials.

tags | advisory, remote, arbitrary, code execution
systems | windows
advisories | CVE-2009-1544
SHA-256 | 5393183c36ea88d2139644a6de4145537f2757f69041687b605c096b7e348484
Microsoft Video Active-X 0-Day Details
Posted Jul 10, 2009
Authored by Cody Pierce | Site tippingpoint.com

This is a complete write up discussing the technical details of the Microsoft Video Active-X control zero day vulnerability.

tags | advisory, activex
SHA-256 | 401a2d9b81eefa2c0c2ac392f7747f6168424ac4ad379b26e2a21835f1f2fa65
TPTI-08-07.txt
Posted Oct 15, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows running the Message Queuing service (mqsvc.exe). User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of an RPC request to the Message Queuing Service (mqsvc.exe). By sending a specially crafted RPC request a heap calculation can be controlled and later overflowed during an unchecked string copy operation. By sending a similar request memory can be disclosed to the attacker. Exploitation of the heap overflow leads to full access of the affected system under the SYSTEM context.

tags | advisory, remote, overflow, arbitrary
systems | windows
advisories | CVE-2008-3479
SHA-256 | 008a6cf0f644c4e0b0ad926a906f68df24e68fb35f0f36ade8992b4114c4bf17
CAID-scmgw.txt
Posted Jun 5, 2008
Authored by Sebastian Apelt, Cody Pierce | Site www3.ca.com

CA Secure Content Manager contains multiple vulnerabilities in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability
SHA-256 | 47555d68b8e92edea082d71fedeb7d325edf58e7a50e1aaa6b62fd587d4992bb
TPTI-08-05.txt
Posted Jun 5, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust SCM. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service icihttp.exe running on port 8080. When issuing a request for a FTP service the process tries to decorate the contents of the transaction. In this particular case by specifying a overly long response to a LIST command a stack buffer can be overflowed. Successful exploitation can lead to complete system compromise under the SYSTEM context.

tags | advisory, web, overflow, arbitrary
advisories | CVE-2008-2541
SHA-256 | 2b2f62d1683e52865e78f6f6f880a3489ddaed22b8cd6ba19e467337e9bb9828
TPTI-08-03.txt
Posted Mar 13, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed tag a heap allocation can be adversely controlled. When user supplied data is copied to a heap buffer the resulting data results in a arbitrary memory overwrite. If successfully exploited this could lead to system compromise under the credentials of the currently logged in user.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0116
SHA-256 | 2e0149de414dbd19418b0e2dd79c34f7052ed8d9bb1e9580fe845be55d9a65b2
TPTI-08-02.txt
Posted Jan 17, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.

tags | advisory, remote, overflow, arbitrary, tcp, code execution
systems | cisco
advisories | CVE-2008-0027
SHA-256 | d1adddda0bed4abbd64d6b58766d7cbc90bbbd0ab44c72ddd31afb9f5483c8ee
TPTI-08-01.txt
Posted Jan 16, 2008
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Image Descriptor (IDSC) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption situation. QuickTime Player version 7.3 and QuickTime PictureViewer version 7.3 are affected.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2008-0033
SHA-256 | ef7d96b0982ebabf7d4e87e2df2b476b5c438e320325d76b3b4f1d7df3d20a4c
TPTI-07-20.txt
Posted Nov 15, 2007
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. QuickTime version 7.2 is affected.

tags | advisory, arbitrary
systems | apple
advisories | CVE-2007-4674
SHA-256 | 91b1ffe46fd1f70368d2fb33d6bc1c3f37be896dfa3d39f3f59c2c6183da3e1e
TPTI-07-14.txt
Posted Aug 15, 2007
Authored by Pedram Amini, Aaron Portnoy, Cody Pierce | Site dvlabs.tippingpoint.com

Vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.

tags | advisory, remote, arbitrary, tcp, vulnerability, code execution
advisories | CVE-2007-1676
SHA-256 | 0f9b632a8194e66912be70699b2b63b542bb327aadc02228f6f4671e2435c7ca
TPTI-07-13.txt
Posted Jul 25, 2007
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service, ibserver.exe, which binds to TCP port 3050.

tags | advisory, remote, arbitrary, tcp
advisories | CVE-2007-3566
SHA-256 | 850c607e9262a42909f4e85e2338159268b92e0d74783621cf9880c4fab9ec83
TPTI-07-10.txt
Posted Jun 7, 2007
Authored by Cody Pierce | Site dvlabs.tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Centennial Software XferWan. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of overly long requests to the XferWAN process. When logging requests, user-supplied data is copied to the stack resulting in an exploitable buffer overflow condition.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2007-2514
SHA-256 | f4d076517c9d4a4a593a8dfb89136ce5a9d6ebd7819ce5197210307b4def4b97
TSRT-07-03.txt
Posted Apr 2, 2007
Authored by Cody Pierce | Site tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected software is America Online 9.0 Security Edition.

tags | advisory, arbitrary
advisories | CVE-2006-5820
SHA-256 | 6a16c6b2fa6bd6a2e4364fc3b2faf209928ece3e1f3ddb864eb76607692a74f8
TSRT-06-09.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the DirectAnimation.DATuple ActiveX control when improperly calling the Nth() method. By supplying a positive integer we can control a data reference calculation that is later used to control execution. The problem is due to the lack of sanity checking on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in danim.dll.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3638
SHA-256 | 769bb97641bc409682a302fdc938fac3ae5a377904cf391babafeb05d9e2157c
TSRT-06-08.txt
Posted Aug 18, 2006
Authored by Cody Pierce | Site tippingpoint.com

An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability can lead to code execution when instantiating the Internet.HHCtrl COM object through Internet Explorer. The flaw exists due to invalid freeing of heap memory when several calls to the "Image" property of the ActiveX control are performed. By abusing the jscript.dll CScriptBody::Release() function user supplied data can be executed.

tags | advisory, arbitrary, code execution, activex
advisories | CVE-2006-3357
SHA-256 | 0bc39862ef933a14031affb82e5ca6d358a21f94744cabd82cdadf1d60eea715
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close