Private Exploits and Payloads

 Home / Products / Private Exploits and Payloads

Private Exploits and Payloads

During the last few years, a significant increase of attacks exploiting vulnerabilities in commonly used programs such as Adobe Reader and Microsoft Office is being observed. This is currently the primary infection vector used to compromise computers that have Internet access.

Although there are many ways to protect against these attacks and threats, governments and corporations need to leverage the most detailed security intelligence to evaluate and qualify risks, and protect their infrastructures and assets.

ASL IT Security provides in-depth binary analysis of the most significant public vulnerabilities and vulnerability found by us based on disassembly, reverse engineering, protocol analysis, and code auditing. Our dedicated team regularly keeps on fuzzing to find new vulnerabilities and keeps a constant watch on the CVE's released to develop reliable exploits for them. We also collect malware from wild to study them and to learn their exploitation and various security evasion techniques so we can make and deliver most up to dated and reliable exploits in the market. We have a huge database of private exploits and public ones also which we have modified to make them more reliable and undetectable. We have also released few exploits publically which were not of much use to our clients.

Exploits Which We Have Publically Released

MS Office 2007 and 2010 - OLE Arbitrary Command Execution

Microsoft Word Record Parsing Buffer Overflow

SAP Player 0.9 Buffer Overflow

Microsoft Office memory corruption code execution exploit that demonstrates a malformed property vulnerability.

Microsoft Excel Featheader buffer overflow exploit that leverages the vulnerability noted in MS09-067.

Microsoft Office 2008 SP0 RTF Pfragments exploit for the Mac.

Digital Music Pad version SEH overflow exploit.

Quick Player version 1.3 unicode SEH exploit.

This Metasploit module exploits a buffer overflow in Digital Music Pad version When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.

DJ Studio Pro version SEH overwrite exploit.

Audiotran version SEH overflow exploit that creates a malicious .pls file.

Virtual DJ Trial version 6.1.2 SEH buffer overflow crash proof of concept exploit.

Mediacoder version buffer overflow exploit that binds a shell to port 5555.

Video Workstation Version dll hijacking (iacenc.dll, ir50_lcs.dll)!!

iworkstation Version dll hijacking exploit

  •   D-15, Sai Appartments, Sector-13, Rohini,
    New Delhi. 110085
  •   +91 9899395593
  •   +91 9899395593

About ASL IT Security

Our goal is to provide highest levels of technical excellence, combined with the equally important qualities of trustworthiness, responsiveness and excellent customer service. Nowhere else will you find such a highly targeted combination of resources specifically dedicated to the success of today's IT-security professional.

Read more
Choose Theme Options

Predefined Color Skins