Private Exploits and Payloads

 Home / Products / Private Exploits and Payloads

Private Exploits and Payloads


During the last few years, a significant increase of attacks exploiting vulnerabilities in commonly used programs such as Adobe Reader and Microsoft Office is being observed. This is currently the primary infection vector used to compromise computers that have Internet access.


Although there are many ways to protect against these attacks and threats, governments and corporations need to leverage the most detailed security intelligence to evaluate and qualify risks, and protect their infrastructures and assets.


ASL IT Security provides in-depth binary analysis of the most significant public vulnerabilities and vulnerability found by us based on disassembly, reverse engineering, protocol analysis, and code auditing. Our dedicated team regularly keeps on fuzzing to find new vulnerabilities and keeps a constant watch on the CVE's released to develop reliable exploits for them. We also collect malware from wild to study them and to learn their exploitation and various security evasion techniques so we can make and deliver most up to dated and reliable exploits in the market. We have a huge database of private exploits and public ones also which we have modified to make them more reliable and undetectable. We have also released few exploits publically which were not of much use to our clients.


Exploits Which We Have Publically Released

MS Office 2007 and 2010 - OLE Arbitrary Command Execution

http://www.exploit-db.com/exploits/35216/


Microsoft Word Record Parsing Buffer Overflow

http://packetstormsecurity.com/files/92937/Microsoft-Word-Record-Parsing-Buffer-Overflow.html


SAP Player 0.9 Buffer Overflow

http://packetstormsecurity.com/files/92937/Microsoft-Word-Record-Parsing-Buffer-Overflow.html


Microsoft Office memory corruption code execution exploit that demonstrates a malformed property vulnerability.

http://packetstormsecurity.com/files/93302/Microsoft-Office-Property-Code-Execution.html


Microsoft Excel Featheader buffer overflow exploit that leverages the vulnerability noted in MS09-067.

http://packetstormsecurity.com/files/92977/Microsoft-Excel-Featheader-Buffer-Overflow.html


Microsoft Office 2008 SP0 RTF Pfragments exploit for the Mac.

http://packetstormsecurity.com/files/111961/Office-2008-SP0-RTF-Pfragments-MAC-Exploit.html


Digital Music Pad version 8.2.3.4.8 SEH overflow exploit.

http://packetstormsecurity.com/files/97146/Digital-Music-Pad-8.2.3.4.8-SEH-Overflow.html


Quick Player version 1.3 unicode SEH exploit.

http://packetstormsecurity.com/files/94356/Quick-Player-1.3-Unicode-SEH-Exploit.html


This Metasploit module exploits a buffer overflow in Digital Music Pad version 8.2.3.3.4. When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.

http://packetstormsecurity.com/files/94303/Digital-Music-Pad-8.2.3.3.4-SEH-Overflow.html


DJ Studio Pro version 8.1.3.2.1 SEH overwrite exploit.

http://packetstormsecurity.com/files/93983/DJ-Studio-Pro-8.1.3.2.1-SEH-Overwrite.html


Audiotran version 1.4.2.4 SEH overflow exploit that creates a malicious .pls file.

http://packetstormsecurity.com/files/93705/Audiotran-1.4.2.4-SEH-Overflow.html


Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit.

http://packetstormsecurity.com/files/93502/Virtual-DJ-Trial-6.1.2-Buffer-Overflow.html


Mediacoder version 0.7.5.4710 buffer overflow exploit that binds a shell to port 5555.

http://packetstormsecurity.com/files/92457/Mediamonkey-3.2.1.1297-Denial-Of-Service.html


Video Workstation Version 5.3.9.4 dll hijacking (iacenc.dll, ir50_lcs.dll)!!

http://1337day.com/exploits/14314


iworkstation Version 9.3.2.1.4 dll hijacking exploit

http://1337day.com/exploits/14286


  •   2369, Shadikhampur West Patel Nagar,
    New Delhi - 110008
  •   +91 9899395593
  •   +91 9899395593
  • info@aslitsecurity.com

About ASL IT Security

Our goal is to provide highest levels of technical excellence, combined with the equally important qualities of trustworthiness, responsiveness and excellent customer service. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.


Read more
Choose Theme Options


Predefined Color Skins