Karalon - News Update | Network Security Assessment | Vulnerability Assessment | Vulnerability Scanner | Network Security Scanner | Security Assessment

Home Products Downloads News Partners About Us

Karalon News Update
20th April 2007

Traffic File Update April 2007

Traffic IQ Pro is already the most comprehensive testing and validation solution available today for network and inline devices. With its ease of use and extensive library of normal and threat traffic files the product can be used to easily create and replay simple or complex stateful testing scenarios to allow the validation of the configuration of inline network devices such as firewalls, IPS, routers, switches and other critical network systems in a controlled, repeatable and safe way.

Note: Traffic file updates are available to licensed users only.

This update includes the following traffic files:

Application Exploits

ACDSee BMP Image Memory Corruption (w3intof.bmp)
ACDSee BMP Image Memory Corruption (w4intof.bmp)
ACDSee BMP Image Memory Corruption (wh3intof.bmp)
ACDSee BMP Image Memory Corruption (wh4intof.bmp)
FTP FileCOPA LIST Command Handling Buffer Overflow
HTTP MS MDAC Code Execution (MS06-014) POC_1
HTTP Windows ANI LoadAniIcon() Chunk Size Overflow (windows_exec)
Microsoft Word 2007 WWLib.DLL Buffer Overflow POC_1
Windows Animated Cursor Buffer Overflow (MS07-017 kernal32)
Windows Animated Cursor Buffer Overflow (MS07-017 win2k3)
Windows Animated Cursor Buffer Overflow (MS07-017) POC_1
Windows Animated Cursor Buffer Overflow (MS07-017) POC_2
Windows Animated Cursor Buffer Overflow (MS07-017) POC_3
Windows Animated Cursor Buffer Overflow (Vista)
Windows Animated Cursor Exploit (Ani-Marsu)

Security Evasion Techniques

Evasion HTML base64 (ANI Vuln MS07-017)
Evasion HTML base64 (double_pad) (for CVE-2006-0003)
Evasion HTML base64 (for CVE-2006-0003)
Evasion HTML base64 (single_pad) (for CVE-2006-0003)
Evasion HTML base64 double pad (ANI Vuln MS07-017)
Evasion HTML base64 single pad (ANI Vuln MS07-017)
Evasion HTML DynamicSehRecord (for CVE-2006-0003)
Evasion HTML javascript escape (ANI Vuln MS07-017)
Evasion HTML javascript escape (for CVE-2006-0003)
Evasion HTML junk headers (ANI Vuln MS07-017)
Evasion HTML random_space_injection (ANI Vuln MS07-017)
Evasion HTML random_space_injection (for CVE-2006-0003)
Evasion HTML unicode (utf-16be) (ANI Vuln MS07-017)
Evasion HTML unicode (utf-16be) (for CVE-2006-0003)
Evasion HTML unicode (utf-16be-marker) (ANI Vuln MS07-017)
Evasion HTML unicode (utf-16be-marker) (for CVE-2006-0003)
Evasion HTML unicode (utf-16le) (for CVE-2006-0003)
Evasion HTML unicode (utf-32le) (ANI Vuln MS07-017)
Evasion HTTP chunked (ANI Vuln MS07-017)
Evasion HTTP chunked (for CVE-2006-0003)
Evasion HTTP Compression (deflate) (ANI Vuln MS07-017)
Evasion HTTP Compression (gzip) (ANI Vuln MS07-017)
Evasion HTTP gzip compression (for CVE-2006-0003)
Evasion HTTP Header Folding (for CVE-2006-0003)
Evasion HTTP Headers Folding (ANI Vuln MS07-017)
Evasion HTTP junk headers (for CVE-2006-0003)
Evasion SMB obscure_trans_pipe_level_2 (CVE-2006-3942)
Evasion SMB obscure_trans_pipe_level_3 (CVE-2006-3942)
Evasion SMB pad_file_level_1 (CVE-2006-3942)
Evasion SMB pad_file_level_2 (CVE-2006-3942)
Evasion SMB pad_file_level_3 (CVE-2006-3942)
Evasion TCP Max Segment Size (ANI Vuln MS07-017)
Evasion TCP Maximum Send Size (for CVE-2006-0003)
Evasion TCP Send Delay (ANI Vuln MS07-017)
Evasion TCP Send Delay (for CVE-2006-0003)