This Metasploit module exploits a vulnerability found in the ActiveX component of Adobe Flash Player before 12.0.0.43. By supplying a specially crafted swf file it is possible to trigger an integer underflow in several avm2 instructions, which can be turned into remote code execution under the context of the user, as exploited in the wild in February 2014. This Metasploit module has been tested successfully with Adobe Flash Player 11.7.700.202 on Windows XP SP3, Windows 7 SP1 and Adobe Flash Player 11.3.372.94 on Windows 8 even when it includes rop chains for several Flash 11 versions, as exploited in the wild.

AoA DVD Creator version 2.6.2 suffers from an overflow vulnerability.

AoA Audio Extractor Basic version 2.3.7 suffers from an overflow vulnerability.

AoA MP4 Converter version 4.1.2 suffers from an overflow vulnerability.

This Metasploit module exploits a buffer overflow vulnerability in Advantec WebAccess. The vulnerability exists in the dvs.ocx ActiveX control, where a dangerous call to sprintf can be reached with user controlled data through the GetColor function. This Metasploit module has been tested successfully on Windows XP SP3 with IE6 and Windows 7 SP1 with IE8 and IE 9.

Core Security Technologies Advisory - Advantech WebAccess version 7.2 is vulnerable to a stack-based buffer overflow attack, which can be exploited by remote attackers to execute arbitrary code, by providing a malicious html file with specific parameters for an ActiveX component.

The TRENDnet UltraCam ActiveX Control UltraCamX.ocx suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions TV-IP422WN and TV-IP422W are affected.

The UltraHVCam ActiveX Control 'UltraHVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraHVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include PT Type ICS2330, Cube Type ICS2030, and Dome Type ICS7522.

The UltraSVCam ActiveX Control 'UltraSVCamX.ocx' suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to several functions in UltraSVCamLib, resulting in memory corruption overwriting several registers including the SEH. An attacker can gain access to the system of the affected node and execute arbitrary code. Versions affected include Bullet Type ICL5132 and Bullet Type ICL5452.

This Metasploit module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()',an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.

1 Click Extract Audio version 2.3.6 suffers from an active-x buffer overflow vulnerability.

1 Click Audio Converter version 2.3.6 suffers from an active-x buffer overflow vulnerability.

Micro Focus Rumba versions 9.3 and below suffer from an active-x stack buffer overflow vulnerability.

Avaya IP Office (IPO) versions 9.1.0 through 10.1 suffer from an active-x buffer overflow vulnerability.

BarcodeWiz ActiveX Control versions prior to 6.7 suffers from a buffer overflow vulnerability.

G DATA TOTAL SECURITY version 25.4.0.3 suffers from an active-x buffer overflow vulnerability.

DiskBoss version 7.7.14 Input Directory local buffer overflow proof of concept exploit.

CloudMe version 1.11.2 buffer overflow proof of concept exploit. Original vulnerability discovered by hyp3rlinx.

10Strike LANState version 9.32 on x86 Host Check hostname SEH buffer overflow exploit.

RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exhaustion, integer overflow, improper clearing of heap memory, covert timing channel, and buffer over-read vulnerabilities.

This Metasploit module exploits a stack buffer overflow in ASX to MP3 converter 3.1.3.7. By constructing a specially crafted ASX file and attempting to convert it to an MP3 file in the application, a buffer is overwritten, which allows for running shellcode. Tested on: Microsoft Windows 7 Enterprise, 6.1.7601 Service Pack 1 Build 7601, x64-based PC Microsoft Windows 10 Pro, 10.0.18362 N/A Build 18362, x64-based PC.

FlashGet version 1.9.6 remote buffer overflow proof of concept exploit.

Frigate version 3.36 SEH buffer overflow exploit that pops a calculator.

Remote Snort Back Orifice preprocessor overflow Metasploit exploit for Win32 targets. Exploits Snort versions 2.4.0 through 2.4.2. Tested against Snort 2.4.2 Binary with Windows XP Professional SP1/SP2, Windows Server 2003 SP1, Windows Server 2000 SP0, and Windows 2000 Professional SP0.

This Metasploit module exploits a stack-based buffer overflow in the Win32AddConnection function of the VideoLAN VLC media player. Versions 0.9.9 throught 1.0.1 are reportedly affected. This vulnerability is only present in Win32 builds of VLC. This payload was found to work with the windows/exec and windows/meterpreter/reverse_tcp payloads. However, the windows/meterpreter/reverse_ord_tcp was found not to work.

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataOffsets[0]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

Triologic Media Player version 8 suffers from a .m3l local buffer overflow vulnerability.

ALLPlayer version 7.6 unicode SEH local buffer overflow exploit.

This Metasploit module exploits a buffer overflow in Xinfire TV Player Pro and Standard version 6.0.1.2. When the application is used to import a specially crafted plf file, a buffer overflow occurs allowing arbitrary code execution. Tested successfully on Win7, Win10. This software is similar as Aviosoft Digital TV Player and BlazeVideo HDTV Player.

This Metasploit module exploits a buffer overflow in Xinfire DVD Player Pro and Standard version 5.5.0.0. When the application is used to import a specially crafted plf file, a buffer overflow occurs allowing arbitrary code execution. Tested successfully on Win7, Win10. This software is similar as DVD X Player and BlazeDVD.

Qualys has discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc).

This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.