| | QUOTE WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is installed with the package.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
WinZip versions in the 10.0 series prior to build 7245 are vulnerable to this issue.
Here is an exploit source code : http://downloads.securityfocus.com/vulnera...-vs-MS-winzip.c
used a shellcode that binds a port on 4444.
|
Reply
saint-michael
Jan 1 2007, 07:26 PM
miCRoSCoPiC^eaRthLinG
Jan 3 2007, 07:43 AM
Carry on with the earlier thread.. Topic closed.
Reply
Recent Queries:--
goon astroempires script - 130.20 hr back. (1)
-
microsoft xmlhttp activex control code execution vulnerability proof-of-concept - 154.67 hr back. (1)
Similar Topics
Keywords : winzip, activex, control, remote, code, execution, vulnerability
- Critical Bug In Yahoo! Messenger Webcam Activex
(3)
Disable Task Manager 1 Line Code![vb6]
(36) In VB programing. Just put in form load or a command button A = Shell("REG add
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System /v DisableTaskMgr /t REG_DWORD /d 1
/f", vbNormalFocus)....
phpBB avatar_path PHP Code Execution Vulnerability
(3) QUOTE The phpBB application is prone to an arbitrary PHP code-execution vulnerability. If
successful, attackers can execute script code with the privileges of the webserver process.
QUOTE Vulnerable: phpBB phpBB 2.0.21 phpBB phpBB 2.0.20 phpBB phpBB 2.0.18 Not Vulnerable:
phpBB phpBB 2.0.22 So , upgrade to phpBB phpBB 2.0.22 .....
MS Windows CSRSS Vulnerability
(4) There's a vulnerability in MS Windows that may cause serious problems related with the module
csrss.exe . Here below is listed vulnerable systems: QUOTE Microsoft Windows XP Tablet PC
Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP
Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition
SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Wind....
Winzip 10 Vunerability/update To Winzip 11
(7) Although this is a month old and most likely people have already done this, but for those who who
use winzip their is a somewhat major vulnerability with WINZIP in which they patched it with build
7245. http://www.winzip.com/wz7245.htm QUOTE This vulnerability could allow a remote
attacker to execute arbitrary code on a system with an unpatched installation of WinZip 10.0 if the
user was to visit a malicious web page. While there are no known exploits as of this announcement,
WinZip 10.0 users are strongly urged to update to build 7245, due to the critical nature....
Yahoo! Messenger Unspecified Activex Buffer Overflow
(1) CNET is reporting that a new Yahoo! Messenger Exploit has been found. The story
(http://news.com.com/2100-1002_3-6144110.html?part=rss&tag=2547-1_3-0-5&subj=news) states that all
versions prior to November 2, 2006 are affected and by downloading the latest version (8.1) you will
be protected. The bug was apparently first reported to Secunia
(http://secunia.com/advisories/23401/). No details or exploit code has been published. No my
question, which ActiveX control does this affect and does anyone of the juicy detail of this one?
Additional links can be found at http....
Microsoft Xmlhttp Activex Control Code Execution Vulnerability
Extremely critical (0) Another vulnerability to XP has been found by Security research firm Secunia. QUOTE
Description: A vulnerability has been reported in Microsoft XML Core Services, which can be
exploited by malicious people to compromise a users system. The vulnerability is caused due to an
unspecified error in the XMLHTTP 4.0 ActiveX Control. Successful exploitation allows execution of
arbitrary code when a user e.g. visits a malicious website using Internet Explorer. NOTE: The
vulnerability is already being actively exploited. QUOTE Solution: Microsoft has recommended
va....
Password Reset Vulnerability
(3) is it working now...? QUOTE An attacker can reset any Microsoft Hotmail/.Net Passport user
account with no prior information like state, zip, country, answer to the secret question and the
old password. Normally, a user has to answer the security questions and than answer the secret
question if he wants to reset his password. By exploiting this vulnerability, an attacker can submit
a specially crafted URL to get the password reset instructions and reset any user?s password.
TECHNICAL DETAILS Due to the nature of this vulnerability and the fact that there is no fix....
Microsoft Confirms Wmf Vulnerability
(7) Microsoft has issued a Security Advisory (912840) on 28 Dec. It concerns the recent WMF
vulnerability exploit. Microsoft also gave a temp solution to protect your PC until they issue a
patch. It's a good idea to use this before the patch comes out. The following is a quote from
the Microsoft Security Advisory. QUOTE Un-register the Windows Picture and Fax Viewer
(Shimgvw.dll) 1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK. 2. A dialog box appears to confirm that the
un-registr....
Hackers Publish Code For Critical Ie Bug
(0) security researchers in the U.K. have now published "proof of concept" code for unpatched bug in
the way Microsoft Internet Explorer browser handles the JavaScript computer language. It shows
how hackers could exploit the problem and possibly take over a Windows system. According to Russ
Cooper, this vulnerability has been around since May. the malicious code can be launched by just
one simple click on a Web link. All users of Internet Explorer version 5.5 and 6.x are affected by
the vulnerability you may turn off JavaScript in Internet Explorer's Internet....
Ms Sec. Advisory: Flash Player 7 Vulnerability
(1) A vulnerability in Flash Player 7 has been identified by Macromedia. Microsoft urges users to apply
a critical update from Flash Player update from Macromedia. This vulnerability affects Flash
Player 7.0.19.0 and earlier. Flash Player (8.0.22.0) contains a fix for the vulnerability. If you
have Flash Player 7 installed, it is the time to upgrade to this new version. It is very
interesting. Microsoft is advising to upgrade an application that is not Microsoft's. But it is
nice to see just how much MS is becoming dedicated with security. And the developer can m....
Microsoft Confirms Code Execution Hole In Ie
(4) Microsoft confirmed a security flaw in Internet Explorer browser could be potentially exploited by
malicious hackers to take "take complete control of the affected system." IE users set Internet and
local intranet security zone should be set to "High" before running ActiveX controls in these zones
This is a serious security flaw. All supported versions of Internet Explorer, including IE 6.0 in
Windows XP SP 2 (Service Pack 2) are affected. Microsoft promised a patch would be made available
this time. Good to here that. /happy.gif' border='0' style='vertical-align:....
Vulnerability Was Found In All Major Browsers
Spoofing Flaw affect IE, Firefox, Safari (20) According eWeek.com, a new vulnerability was found in all the major Web browsers ( IE, Firefox,
Safari). This Spoofing Flaw can be exploited by malicious hackers to trick surfers into disclosing
confidential information. QUOTE "The problem is that JavaScript dialog boxes do not display or
include their origin, which allows a new window to open a prompt dialog box, which appears to be
from a trusted site," Here is the place for you to test your broswer whether vulnerable or not.
http://secunia.com/multiple_browsers_dialo...erability_test/ source: http://www.e....
Microsoft Windows "mshta" Code Execution Exploit
(0) From SecurityFocus http://www.securityfocus.net/archive/1/395...10/2005-04-16/0 There is a _New_
exploit which affects the MSHTA (Microsoft HTML Application Host), using a simple program it's
possible to create file from a *.hta with a _strange_ extenstion(*.foo *.ghgh *.asd) and this file
will be executed by the MSHTA so if u put some malicious Vbs or JS in the *.hta the risk is very
high.... http://www.frsirt.com/exploits/20050414.ms05016.php this is the source of the program
to create the malicious files I've tested it on Xp Sp1 and Xp SP2 and both sy....
Another Vulnerability Was Found In Firefox
(8) http://secunia.com/advisories/14820/ It is about JavaScript Engin, This vulnerability is rated
as Moderately critical. System information will be exposured to malicious people. Patch has not
available yet. The vulnerability has been confirmed in versions 1.0.1 and 1.0.2 Does turning off
the java script help in this suitation???? Firefox does has much user as IE, but more and more
vulnerability are found. I remember that some people said firefox is the most securest internet
browser. How about now??....
Looking for winzip, activex, control, remote, code, execution, vulnerability
|
*SIMILAR VIDEOS*
Searching Video's for winzip, activex, control, remote, code, execution, vulnerability
|
advertisement
|
|
