MWI - professional "means of delivery", the exploit pack on the basis of a number of the most urgent one-day vulnerabilities in the products of Microsoft Office Word. Document generated MWI may contain exploits with up to 4 at once:
1. CVE-2010-3333
2. CVE-2012-0158
3. CVE-2013-3906
4. CVE-2014-1761
+ i make update sploit and crypt stability
And updates private exploits to clients
Executable .exe file may be contained in the body of the document itself, and extend the link to the web-server. What distinguishes this exploit from all other solutions:
Uniqueness MWI - this is the only solution on the market .doc exploits,
which represents multieksployt and attack multiple vulnerabilities simultaneously.
This approach increases the chances of success and allows to attack two vectors update:
Operating system and Office suite of applications itself.VersatilityMWI covers almost the whole
range of versions of Microsoft Office: Word XP, Word 2003, Word 2007, Word 2010. Each exploit
is implemented to be able to attack as much as possible the vulnerable versions
and operating systems. Coverage of vulnerable systems MWI favorably with all alternatives.
Exploit the most independent of all sorts of conditions for a successful attack: whether the version of the software installed in the system or certain defenses OS. Each stage of exploit careful attention to detail.Bypass protectionExploit the most complicates their detection: each element is protected from the exploit detected by a complex of means: from the banal to the polymorphism of obfuscation and encryption. Each generated exploit has its own unique signature, maximum randomized structure and data. In addition to the counter signature methods exploit uses a variety of methods to bypass proactive (behavioral) detection equipment. In particular, the launch .exe-file made from a trusted system process context.Support and continuous developmentMWI for a wide audience was introduced to the market, although its first versions were created and used in a rather narrow circle of people. The project progressively refine and improve, acquiring new exploits and modules vkontse fully formed to exploit the whole pack with a flexible, modular architecture. The project is constantly evolving and not static. We regularly release updates that make cleaning supplement exploit pack new exploits and modules. We are committed to long-term cooperation.
innovation
Additional Information:
CVE-2010-3333: RTF pFragments Stack Buffer Overwrite Remote Code Execution Exploit [MS10-087]
EXPLOITABLE WORD VERSIONS:
Word 2003 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2007 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2010 32-bit XP, Vista, Win7, Win8 32 & 64 bit
VULNERABLE MODULE PATHS:
Word 2003 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
Word 2007 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
Word 2010 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll
PATCHES:
Word 2003 mso.dll 11.0.8329.0000
Word 2007 mso.dll 12.0.6545.5004
Word 2010 mso.dll 14.0.5128.5000
alternative solutions: Complete versatility and reliability, the only universal and real working solution
CVE-2012-0158: MSCOMCTL.OCX ListView Stack Buffer Overwrite Remote Code Execution Exploit [MS12-027]
EXPLOITABLE WORD VERSIONS:
Word 2003 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2007 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2010 32-bit XP, Vista, Win7, Win8 32 & 64 bit
VULNERABLE MODULE PATHS:
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\Windows\SysWOW64\MSCOMCTL.OCX
EXPLOITABLE VERSIONS:
MSCOMCTL.OCX 6.01.9545
MSCOMCTL.OCX 6.01.9782
MSCOMCTL.OCX 6.01.9786
MSCOMCTL.OCX 6.01.9813
MSCOMCTL.OCX 6.01.9816
MSCOMCTL.OCX 6.01.9818
PATCHES:
MSCOMCTL.OCX 6.01.9833
MSCOMCTL.OCX 6.01.9834
* the vulnerability is not present in some assemblies MSOffice, do not support ActiveX, such as Office 2010 Starter, and various pirate assemblies, where the module MSCOMCTL.OCX just missing.
CVE-2013-3906: TIFF Heap Overflow via Integer Overflow [MS13-096]
EXPLOITABLE WORD VERSIONS:
Word 2007 32-bit XP, Vista, Win7 32 & 64 bit
Word 2010 32-bit XP 32 bit
*the exploit is based on technology heap-spray
1. EXPLOITATION OF OGL.DLL (Office 2007)
VULNERABLE MODULE PATHS:
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
EXPLOITABLE:
OGL.DLL 12.0.6509.5000
OGL.DLL 12.0.6420.1000
OGL.DLL 12.0.6420.1000
OGL.DLL 12.0.6415.1000
and others
PATCHES:
OGL.DLL 12.0.6700.5000
OGL.DLL 12.0.6688.5000
OGL.DLL 12.0.6679.5000
OGL.DLL 12.0.6659.5000
OGL.DLL 12.0.6604.1000
2. EXPLOITABLE VERSIONS OF OGL.DLL (Office 2010 + XP)
VULNERABLE MODULE PATHS:
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OGL.DLL
EXPLOITABLE:
OGL.DLL 4.0.7577.4098
OGL.DLL 4.0.7577.4392
and others
PATCHES:
OGL.DLL 4.0.7577.4415
difference ga me from all the alternative solutions: - speed heap-spray - Universality (the attack immediately to the office2007 + office2010) - Universal ROP once for the two versions MSCOMCTL.OCX 983x - Opportunities for further cleansing and exploit obfuscation - Minimum detectable exploit (exploit only in RTF)
CVE-2014-1761: RTF ListOverrideCount Memory Corruption / Object Confusion [MS14-017]
EXPLOITABLE WORD VERSIONS:
Word 2010 32-bit Win7, Win8
VULNERABLE MODULE PATHS:
C:\Program Files\Microsoft Office\Office14\wwlib.dll
EXPLOITABLE:
wwlib.dll 14.0.4762.1000
and others
PATCHES:
wwlib.dll 14.0.7121.5004
alternative solutions: - Support for windows 8/10 - Undetectable exploit
MWISTAT 2.0: statistic Web-server statistics mwistat allows to conduct complete statistics of exploit, from logging when and how much was open document or booted .exe-file from any IP-address and some other information, such as User-Agent.Menu:FILES - downloadable .exe-fileLOGS - logsSTATS - StatisticsTOOLS - ext. Tools (IP-whois)Section FILES is a table with the following columns:FILE_ID - file identifier (8 digits)FILE_NAME - the name of the .exe fileFILE_DATE - date file downloadFILE_STAT_URL - so-called "stat" for a link to this file (specified in bildere)FILE_LOGS - buttons to see logs / statistics on the file (LOGS | STATS)ACTION - a button to download, edit (reupload), delete the file (GET | EDIT | DEL)ADD NEW FILE button allows you to download .exe-file to the server.Section LOGS is a table with the following columns
ATE_TIME - date and time of the request (when you are sorted by time in reverse order)FILE_ID - file identifier (8 digits)IP_ADDRESS - IP-addressIP_INFO - the country, the flag (when pressed displays all IP-whois information)ACTION - is of three kinds: 1. OPEN - opening a document. 2. LOAD - the download .exe file. if marked with failed - .exe-file has been deleted from the server and was not loaded. 3. SUSP or SUSPICIOUS - a suspicious request. it may be hacking attempts or other activities of hackers, antivirus companies, researchers and other undesirables.USER_AGENT - Field HTTP-package User-AgentGET_DATA - GET parameters passed to id and act HTTP-requestCLEAN STATS button allows you to clear all the logs and statistics.Section STATS - several tables.Statistics on requests:TOTAL REQUESTS - all received requests to the serverOPENED - of these requests is openLOADED - loadedSUSPICIOUS - suspicious requestsStatistics on the unique IP-addresses:TOTAL IPs - all unique IP-addressesOPENED - openLOADED - loadedSUSPICIOUS - suspicious requestsTOTAL% - the percentage of punchingStatistics on the unique IP-addresses (extended list attacked IP)IP-ADDRESS - IP-address (when pressed - to view all the requests from this IP)IP-INFO - the country, the flag (when pressed displays all IP-whois information)OPENED - of these requests is openLOADED - loadedSUSPICIOUS - suspicious requestsCLEAN STATS button also allows you to clear all the logs and statistics.TOOLS section contains IP-whois service - enter the IP, and click whois obtain the required information.
Estimated price for the builder: $ 300
there are more budget options (trimmed assembly) standart price $ 50
Multi Pack Price = 300$
on technical matters, if you already have a product developer if you want to purchase the product and have questions, please write here:
Accept PerfectMoney and BTC Bitcoin
1. CVE-2010-3333
2. CVE-2012-0158
3. CVE-2013-3906
4. CVE-2014-1761
+ i make update sploit and crypt stability
And updates private exploits to clients
Executable .exe file may be contained in the body of the document itself, and extend the link to the web-server. What distinguishes this exploit from all other solutions:
Uniqueness MWI - this is the only solution on the market .doc exploits,
which represents multieksployt and attack multiple vulnerabilities simultaneously.
This approach increases the chances of success and allows to attack two vectors update:
Operating system and Office suite of applications itself.VersatilityMWI covers almost the whole
range of versions of Microsoft Office: Word XP, Word 2003, Word 2007, Word 2010. Each exploit
is implemented to be able to attack as much as possible the vulnerable versions
and operating systems. Coverage of vulnerable systems MWI favorably with all alternatives.
Exploit the most independent of all sorts of conditions for a successful attack: whether the version of the software installed in the system or certain defenses OS. Each stage of exploit careful attention to detail.Bypass protectionExploit the most complicates their detection: each element is protected from the exploit detected by a complex of means: from the banal to the polymorphism of obfuscation and encryption. Each generated exploit has its own unique signature, maximum randomized structure and data. In addition to the counter signature methods exploit uses a variety of methods to bypass proactive (behavioral) detection equipment. In particular, the launch .exe-file made from a trusted system process context.Support and continuous developmentMWI for a wide audience was introduced to the market, although its first versions were created and used in a rather narrow circle of people. The project progressively refine and improve, acquiring new exploits and modules vkontse fully formed to exploit the whole pack with a flexible, modular architecture. The project is constantly evolving and not static. We regularly release updates that make cleaning supplement exploit pack new exploits and modules. We are committed to long-term cooperation.
innovation
Additional Information:
CVE-2010-3333: RTF pFragments Stack Buffer Overwrite Remote Code Execution Exploit [MS10-087]
EXPLOITABLE WORD VERSIONS:
Word 2003 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2007 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2010 32-bit XP, Vista, Win7, Win8 32 & 64 bit
VULNERABLE MODULE PATHS:
Word 2003 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll
Word 2007 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll
Word 2010 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll
PATCHES:
Word 2003 mso.dll 11.0.8329.0000
Word 2007 mso.dll 12.0.6545.5004
Word 2010 mso.dll 14.0.5128.5000
alternative solutions: Complete versatility and reliability, the only universal and real working solution
CVE-2012-0158: MSCOMCTL.OCX ListView Stack Buffer Overwrite Remote Code Execution Exploit [MS12-027]
EXPLOITABLE WORD VERSIONS:
Word 2003 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2007 32-bit XP, Vista, Win7, Win8 32 & 64 bit
Word 2010 32-bit XP, Vista, Win7, Win8 32 & 64 bit
VULNERABLE MODULE PATHS:
C:\WINDOWS\system32\MSCOMCTL.OCX
C:\Windows\SysWOW64\MSCOMCTL.OCX
EXPLOITABLE VERSIONS:
MSCOMCTL.OCX 6.01.9545
MSCOMCTL.OCX 6.01.9782
MSCOMCTL.OCX 6.01.9786
MSCOMCTL.OCX 6.01.9813
MSCOMCTL.OCX 6.01.9816
MSCOMCTL.OCX 6.01.9818
PATCHES:
MSCOMCTL.OCX 6.01.9833
MSCOMCTL.OCX 6.01.9834
* the vulnerability is not present in some assemblies MSOffice, do not support ActiveX, such as Office 2010 Starter, and various pirate assemblies, where the module MSCOMCTL.OCX just missing.
CVE-2013-3906: TIFF Heap Overflow via Integer Overflow [MS13-096]
EXPLOITABLE WORD VERSIONS:
Word 2007 32-bit XP, Vista, Win7 32 & 64 bit
Word 2010 32-bit XP 32 bit
*the exploit is based on technology heap-spray
1. EXPLOITATION OF OGL.DLL (Office 2007)
VULNERABLE MODULE PATHS:
C:\Program Files\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
EXPLOITABLE:
OGL.DLL 12.0.6509.5000
OGL.DLL 12.0.6420.1000
OGL.DLL 12.0.6420.1000
OGL.DLL 12.0.6415.1000
and others
PATCHES:
OGL.DLL 12.0.6700.5000
OGL.DLL 12.0.6688.5000
OGL.DLL 12.0.6679.5000
OGL.DLL 12.0.6659.5000
OGL.DLL 12.0.6604.1000
2. EXPLOITABLE VERSIONS OF OGL.DLL (Office 2010 + XP)
VULNERABLE MODULE PATHS:
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\OGL.DLL
EXPLOITABLE:
OGL.DLL 4.0.7577.4098
OGL.DLL 4.0.7577.4392
and others
PATCHES:
OGL.DLL 4.0.7577.4415
difference ga me from all the alternative solutions: - speed heap-spray - Universality (the attack immediately to the office2007 + office2010) - Universal ROP once for the two versions MSCOMCTL.OCX 983x - Opportunities for further cleansing and exploit obfuscation - Minimum detectable exploit (exploit only in RTF)
CVE-2014-1761: RTF ListOverrideCount Memory Corruption / Object Confusion [MS14-017]
EXPLOITABLE WORD VERSIONS:
Word 2010 32-bit Win7, Win8
VULNERABLE MODULE PATHS:
C:\Program Files\Microsoft Office\Office14\wwlib.dll
EXPLOITABLE:
wwlib.dll 14.0.4762.1000
and others
PATCHES:
wwlib.dll 14.0.7121.5004
alternative solutions: - Support for windows 8/10 - Undetectable exploit
MWISTAT 2.0: statistic Web-server statistics mwistat allows to conduct complete statistics of exploit, from logging when and how much was open document or booted .exe-file from any IP-address and some other information, such as User-Agent.Menu:FILES - downloadable .exe-fileLOGS - logsSTATS - StatisticsTOOLS - ext. Tools (IP-whois)Section FILES is a table with the following columns:FILE_ID - file identifier (8 digits)FILE_NAME - the name of the .exe fileFILE_DATE - date file downloadFILE_STAT_URL - so-called "stat" for a link to this file (specified in bildere)FILE_LOGS - buttons to see logs / statistics on the file (LOGS | STATS)ACTION - a button to download, edit (reupload), delete the file (GET | EDIT | DEL)ADD NEW FILE button allows you to download .exe-file to the server.Section LOGS is a table with the following columns
Estimated price for the builder: $ 300
there are more budget options (trimmed assembly) standart price $ 50
Multi Pack Price = 300$
on technical matters, if you already have a product developer if you want to purchase the product and have questions, please write here:
Accept PerfectMoney and BTC Bitcoin