Scribd Logo
Upload

Welcome to Scribd!

  • Id Vul Id Description Link

    Uploaded by

    Iytzaz Barkat
    38 views3 pages
    This document lists several vulnerabilities along with their CVE identifiers, descriptions, and links. The vulnerabilities would allow an attacker to gain various levels of access on an affected system, ranging from running arbitrary code with system privileges to complete control of the system. Exploiting vulnerabilities in software like Windows, Internet Explorer, Java, and Firefox could enable installation of malware, viewing/changing/deleting of data, or creation of new accounts without permission.

    Original Description:

    Original Title

    EHAssignment

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document lists several vulnerabilities along with their CVE identifiers, descriptions, and links. The vulnerabilities would allow an attacker to gain various levels of access on an affected system, ranging from running arbitrary code with system privileges to complete control of the system. Exploiting vulnerabilities in software like Windows, Internet Explorer, Java, and Firefox could enable installation of malware, viewing/changing/deleting of data, or creation of new accounts without permission.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    38 views3 pages

    Id Vul Id Description Link

    Uploaded by

    Iytzaz Barkat
    This document lists several vulnerabilities along with their CVE identifiers, descriptions, and links. The vulnerabilities would allow an attacker to gain various levels of access on an affected system, ranging from running arbitrary code with system privileges to complete control of the system. Exploiting vulnerabilities in software like Windows, Internet Explorer, Java, and Firefox could enable installation of malware, viewing/changing/deleting of data, or creation of new accounts without permission.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Id Vul Id Description Link

    RPC-DCOM MS03-026 An attacker who successfully https://www.


    exploited this vulnerability exploit-db.co
    CVE-2003-0352 would be able to run code with m/exploits/16
    Local System privileges on an 749
    affected system.
    The attacker would be able to
    take any action on the system,
    Including installing
    programs,viewing changing or
    deleting data,or creating new
    accounts with full privileges

    IE Animated MS07-017 An attacker who successfully https://www.


    Loadimage exploited the most severe of exploit-db.co
    CVE-2007-1215 these vulnerabilities could take m/exploits/37
    complete control of an affected 55
    system. An attacker could then
    install programs; view, change,
    or delete data; or create new
    accounts with full user rights.

    IIS printer buffer MS01-023 This could enable a remote https://www.


    overflow attacker to conduct a buffer exploit-db.co
    CVE-2001-0241 overrun attack and cause code of m/exploits/20
    her choice to run on the 816
    server.Such code would run in the
    Local System security
    context.This would give the
    attacker complete control of the
    server,and would enable her to
    take virtually any action she
    chose.

    Java Signed CVE-2005-4197 Java Signed Applet Attack is https://www.


    Applet a Client Side exploit and is exploit-db.co
    m/exploits/26
    based on a human 771
    vulnerability as opposted to
    software vulnerability. This
    attack affects targets with
    Java installed and enabled in
    their browsers. In this
    example we create a
    malicious Java applet which
    will execute code of our
    choice.

    IE OLE Code MS14-064 An attacker who https://www.


    Execution successfully exploited the exploit-db.co
    CVE-2014-6352 m/exploits/35
    vulnerabilities could run 020
    arbitrary code in the context
    of the current user.If the
    current user is logged on
    with administrative user
    rights,an attacker could
    then install programs;
    View,change,or delete
    data;or create new accounts
    with full user rights.
    Customers whose accounts
    are configured to have
    fewer user rights on the
    system could be less
    impacted than users who
    operate with administrative
    user rights.

    Eternal Blue CVE-2002-1060 EternalBlue allowed the https://www.


    ransomware to gain access exploit-db.co
    m/exploits/21
    to other machines on the 649
    network. Attackers can
    leverage DoublePulsar, also
    developed by the Equation
    Group and leaked by the
    Shadow Brokers, as the
    payload to install and launch
    a copy of the ransomware
    on any vulnerable target.

    SMBv2 negotiate CVE-2009-3103 An attacker who https://www.


    function index successfully exploited this exploit-db.co
    m/exploits/10
    vulnerability could cause a 005
    user's system to stop
    responding until manually
    restarted.

    Firefox xpi CVE-2007-3844 An attackerdynamically https://www.


    bootstrap addon creates a .xpi addon file. exploit-db.co
    m/exploits/30
    The resulting bootstrapped 439
    Firefox addon is presented
    to the victim via a web
    page. The victim's Firefox
    browser will pop a dialog
    asking if they trust the
    addon. Once the user clicks
    "install", the addon is
    installed and executes the
    payload with full user
    permissions. As of Firefox
    4, this will work without a
    restart as the addon is
    marked to be
    "bootstrapped". As the
    addon will execute the
    payload after each Firefox
    restart, an option can be
    given to automatically
    uninstall the addon once
    the payload has been
    executed.

    You might also like