jamikazu

9 exploits Active since Jul 2004
CVE-2007-0038 EXPLOITDB WORKING POC
Microsoft Windows 2000 SP4 through Vista - Remote Code Execution via Animated Cursor RIFF File
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
CVE-2007-0038 EXPLOITDB WORKING POC
Microsoft Windows 2000 SP4 through Vista - Remote Code Execution via Animated Cursor RIFF File
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
CVE-2006-3866 EXPLOITDB html WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4868. Reason: This candidate is a duplicate of CVE-2006-4868. Notes: All CVE users should reference CVE-2006-4868 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2006-5745 EXPLOITDB c WORKING POC
Microsoft XML Core Services 4.0 - RCE
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
CVE-2007-1765 EXPLOITDB text WORKING POC
Microsoft Windows 2000 and 2003 Server - Remote Code Execution via Malformed ANI File
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
CVE-2007-1765 EXPLOITDB text WORKING POC
Microsoft Windows 2000 and 2003 Server - Remote Code Execution via Malformed ANI File
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
CVE-2006-4868 EXPLOITDB html WORKING POC
Microsoft Outlook & IE 6.0 - Buffer Overflow
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
CVE-2006-3730 EXPLOITDB HIGH html WORKING POC
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
CVSS 8.8
CVE-2004-0733 EXPLOITDB text WORKING POC
OllyDbg 1.10 - Remote Code Execution via Format String Specifiers
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.