Microsoft Windows VCF or Contact’ File – URL Manipulation-Spoof Arbitrary Code Execution

Exploit Database
12 阅读

作者： Eduardo Braun Prado

日期： 2019-01-22
类别：
- remote
平台：
- windows
来源：https://www.exploit-db.com/exploits/46220/

# Exploit Title:Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector

# Google Dork: N/A

# Date: January, 21 2019

# Exploit Author:Eduardo Braun Prado

# Vendor Homepage: http://www.microsoft.com/

# Software Link: http://www.microsoft.com/

# Version: Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. both x86 and x64 architectures.

# Tested on: Windows 7 SP1, 8.1, 10 v.1809 with full patches up to January 2019. both x86 and x64 architectures.

# CVE : n/a


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46220.zip

last Exploits
Microsoft Windows VCF or Contact’ File – URL Manipulation-Spoof Arbitrary Code Execution的更多信息

FathFTP 1.8 – ‘EnumFiles Method’ ActiveX Buffer Overflow (SEH)：
Freefloat FTP Server – Remote Buffer Overflow (DEP Bypass)：
VMware OVF Tools – Format String (Metasploit) (1)：
Polycom – Command Shell Authorization Bypass (Metasploit)：
Home FTP Server 1.10.2.143 – Directory Traversal：
Docker Daemon – Unprotected TCP Socket (Metasploit)：
Quest Privilege Manager 6.0.0 – Arbitrary File Write：
Cisco Prime Infrastructure Health Monitor – TarArchive Directory Traversal (Metasploit)：