iSEC Security Research

10 exploits Active since Jan 2004
CVE-2010-0483 EXPLOITDB text WORKING POC
Microsoft Windows VBScript - Remote Code Execution via MsgBox Help File Argument
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
CVE-2004-0415 EXPLOITDB c WORKING POC
Linux Kernel - Unauthenticated Memory Exposure via 64-bit File Offset Pointer Conversion
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
CVE-2004-1073 EXPLOITDB c WORKING POC
Linux kernel <2.6.8 - Code Injection
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
CVE-2004-1235 EXPLOITDB c WORKING POC
Linux kernel <2.6.11 - RCE
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVE-2004-0228 EXPLOITDB c WORKING POC
Linux kernel <2.6 - Privilege Escalation
Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges.
CVE-2004-0077 EXPLOITDB c WORKING POC
Linux <2.2.25, <2.4.24, <2.6.2 - Privilege Escalation
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
CVE-2003-0985 EXPLOITDB c WORKING POC
Linux kernel 2.4.x < 2.4.21 - Denial of Service and Privilege Escalation via mremap Bounds Check Bypass
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
CVE-2004-1016 EXPLOITDB c WORKING POC
Linux Kernel 2.4.x-2.4.28 and 2.6.x-2.6.9 - Denial of Service via scm_send Deadlock
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
CVE-2005-1263 EXPLOITDB bash WORKING POC
Linux kernel <2.6.12-rc4 - Code Injection
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
CVE-2004-1137 EXPLOITDB c WORKING POC
Linux kernel 2.4.22-2.4.28 and 2.6.x-2.6.9 - Denial of Service and Remote Code Execution via IGMP Functionality
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.