«
Expand/Collapse
75 items tagged "invalid pointer"
Related tags:
mandriva linux [+],
mandriva [+],
linux security [+],
flash [+],
arbitrary code execution [+],
vulnerability [+],
futex [+],
zero [+],
module [+],
day [+],
code [+],
adobe flash player [+],
vupen [+],
memory corruption [+],
adobe flashplayer [+],
txt [+],
reader [+],
pointer [+],
player [+],
pkt [+],
code execution [+],
application [+],
adobe acrobat reader [+],
vulnerability research [+],
systemtap [+],
system [+],
regular expression library [+],
powerpoint user [+],
powerpoint [+],
office [+],
mit [+],
microsoft office powerpoint [+],
microsoft [+],
krb5 [+],
krb [+],
kernel memory [+],
kernel drivers [+],
kernel code [+],
kerberos 5 [+],
json [+],
instrumentation system [+],
garbage collection [+],
font metrics [+],
flaw [+],
file [+],
deslock [+],
denial of service [+],
debian [+],
deallocation [+],
d memory [+],
critical vulnerability [+],
c standard library [+],
based buffer overflow [+],
advisory [+],
word [+],
trendmicro [+],
trend micro internet security [+],
security research [+],
research [+],
red [+],
pdf [+],
moaub [+],
microsoft office word [+],
library [+],
lib [+],
font [+],
extsetowner [+],
adobe pdf [+],
linux [+],
zero day [+],
word bookmarks [+],
user [+],
sun java jdk [+],
safer use [+],
root [+],
python [+],
month [+],
mitkrb [+],
microsoft office [+],
kadmind [+],
internet explorer user [+],
integer overflow [+],
fuse [+],
function [+],
flash player [+],
excel [+],
bugtraq [+],
buffer overflows [+],
acrobat [+],
abysssec [+],
kernel [+],
adobe [+],
security [+],
service vulnerability [+],
linux kernel [+]
-
-
16:53
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.
-
16:53
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.
-
16:53
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-035 - Multiple out-of heap-based buffer read flaws and invalid pointer dereference flaws were found in the way file, utility for determining of file types processed header section for certain Composite Document Format files. A remote attacker could provide a specially-crafted CDF file, which once inspected by the file utility of the victim would lead to file executable crash. The updated packages for Mandriva Linux 2011 have been upgraded to the 5.11 version and the packages for Mandriva Linux 2010.2 has been patched to correct these issues.
-
-
19:46
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0376-01 - SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Additionally, a privileged user could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled.
-
19:46
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0376-01 - SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Additionally, a privileged user could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled.
-
19:46
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0376-01 - SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Additionally, a privileged user could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled.
-
-
7:32
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
7:32
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
7:32
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
15:59
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
15:59
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
15:59
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
-
-
16:11
»
Packet Storm Security Advisories
Debian Linux Security Advisory 2381-1 - It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.
-
16:11
»
Packet Storm Security Recent Files
Debian Linux Security Advisory 2381-1 - It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.
-
16:11
»
Packet Storm Security Misc. Files
Debian Linux Security Advisory 2381-1 - It was discovered that the IPv6 support code in Squid does not properly handle certain DNS responses, resulting in deallocation of an invalid pointer and a daemon crash.
-
-
13:33
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled.
-
13:33
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled.
-
13:33
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the U3D handling within versions 9.x through 9.4.6 and 10 through to 10.1.1 of Adobe Reader. The vulnerability is due to the use of uninitialized memory. Arbitrary code execution is achieved by embedding specially crafted U3D data into a PDF document. A heap spray via JavaScript is used in order to ensure that the memory used by the invalid pointer issue is controlled.
-
-
13:49
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2012-002 - t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document. The updated packages have been patched to correct this issue.
-
13:49
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2012-002 - t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document. The updated packages have been patched to correct this issue.
-
13:49
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2012-002 - t1lib 5.1.2 and earlier uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a specially crafted Type 1 font in a PDF document. The updated packages have been patched to correct this issue.
-
-
9:48
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2011-077 - The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request that triggers an error condition. The updated packages have been patched to correct this issue.
-
9:48
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2011-077 - The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request that triggers an error condition. The updated packages have been patched to correct this issue.
-
9:48
»
Packet Storm Security Misc. Files
Mandriva Linux Security Advisory 2011-077 - The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request that triggers an error condition. The updated packages have been patched to correct this issue.
-
-
9:33
»
Packet Storm Security Advisories
MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.
-
9:33
»
Packet Storm Security Recent Files
MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.
-
9:33
»
Packet Storm Security Misc. Files
MIT krb5 Security Advisory 2011-004 - The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash or induce the execution of arbitrary code (which is believed to be difficult). No exploit that executes arbitrary code is known to exist, but it is easy to trigger a denial of service manually.
-
-
15:40
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-123 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ppcore.dll module responsible for parsing PowerPoint (ppt) files. When parsing a malformed TimeCommandBehaviorContainer structure the process raises an exception that causes an object in memory to be freed prior to being fully parsed. Due to the lack of a check that this object has been freed, a later function references an invalid pointer element. This can be leveraged by a remote attacker to execute arbitrary code under the context of the user running PowerPoint.
-
15:40
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-123 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ppcore.dll module responsible for parsing PowerPoint (ppt) files. When parsing a malformed TimeCommandBehaviorContainer structure the process raises an exception that causes an object in memory to be freed prior to being fully parsed. Due to the lack of a check that this object has been freed, a later function references an invalid pointer element. This can be leveraged by a remote attacker to execute arbitrary code under the context of the user running PowerPoint.
-
15:40
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-123 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ppcore.dll module responsible for parsing PowerPoint (ppt) files. When parsing a malformed TimeCommandBehaviorContainer structure the process raises an exception that causes an object in memory to be freed prior to being fully parsed. Due to the lack of a check that this object has been freed, a later function references an invalid pointer element. This can be leveraged by a remote attacker to execute arbitrary code under the context of the user running PowerPoint.
-
-
8:07
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within js3250.dll. In the JSON.stringify() call chain js_HasOwnProperty() is called with an invalid pointer. The pointer becomes invalid due to being unrooted and garbage collection occurring. Dereferencing of this pointer allows a remote attacker to execute arbitrary code in the context of the user running the browser.
-
8:07
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within js3250.dll. In the JSON.stringify() call chain js_HasOwnProperty() is called with an invalid pointer. The pointer becomes invalid due to being unrooted and garbage collection occurring. Dereferencing of this pointer allows a remote attacker to execute arbitrary code in the context of the user running the browser.
-
8:07
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-103 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within js3250.dll. In the JSON.stringify() call chain js_HasOwnProperty() is called with an invalid pointer. The pointer becomes invalid due to being unrooted and garbage collection occurring. Dereferencing of this pointer allows a remote attacker to execute arbitrary code in the context of the user running the browser.
-
-
14:38
»
Packet Storm Security Advisories
A vulnerability has been discovered in one of Data Encryption Systems DESLock+ kernel drivers, an attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a denial of service attack via a page fault caused by an invalid pointer dereference.
-
14:38
»
Packet Storm Security Recent Files
A vulnerability has been discovered in one of Data Encryption Systems DESLock+ kernel drivers, an attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a denial of service attack via a page fault caused by an invalid pointer dereference.
-
14:38
»
Packet Storm Security Misc. Files
A vulnerability has been discovered in one of Data Encryption Systems DESLock+ kernel drivers, an attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a denial of service attack via a page fault caused by an invalid pointer dereference.
-
-
18:58
»
SecuriTeam
Microsoft Office Excel contains an invalid pointer vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:29
»
SecuriTeam
A critical vulnerability was discovered in Microsoft Office Word.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
11:24
»
SecuriTeam
Microsoft Office Word contains Word Bookmarks Invalid Pointer Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:01
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the handling of certain SWF movies within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
-
-
22:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-215 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service via a large ZSIZE value in a black-and-white RGB image that triggers an invalid pointer dereference. Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the expandrow function. The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
-
-
16:07
»
Packet Storm Security Recent Files
This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.
-
16:03
»
Packet Storm Security Exploits
This Metasploit module exploits a remote code execution vulnerability in Trend Micro Internet Security Pro 2010 ActiveX. When sending an invalid pointer to the extSetOwner() function of UfPBCtrl.dll an attacker may be able to execute arbitrary code.
-
-
23:00
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. This vulnerability is caused due to an invalid pointer when processing the newclass operator (bytecode 0x58), which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
23:00
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. This vulnerability is caused due to an invalid pointer when processing the newfunction operator (bytecode 0x44), which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
-
-
2:43
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
-
2:43
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
-
2:43
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
-
2:43
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the DoABC tag handling within versions 9.x and 10.0 of Adobe Flash Player. Adobe Reader and Acrobat are also vulnerable, as are any other applications that may embed Flash player. Arbitrary code execution is achieved by embedding a specially crafted Flash movie into a PDF document. An AcroJS heap spray is used in order to ensure that the memory used by the invalid pointer issue is controlled. NOTE: This Metasploit module uses a similar DEP bypass method to that used within the adobe_libtiff module. This method is unlikely to work across various Windows versions due a the hardcoded syscall number.
-
-
19:00
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-102 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page. The specific flaw exists within IE's support for the CStyleSheet object. When a style sheet array is created it contains a reference to it's root container. If the stylesheet was created as part of an element not in a markup the root container can be freed when that element is destroyed. When the application attempts to use the stylesheet after this, an invalid pointer is utilized. This can be leveraged by attackers to execute arbitrary code under the context of the user running the browser.
-
-
14:00
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a vulnerability in Sun Java JDK/JRE. The flaw is caused by an invalid pointer within the AWT (Abstract Windowing Toolkit) library when processing data passed to a specific function, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution