«
Expand/Collapse
554 items tagged "memory"
Related tags:
mozilla firefox [+],
mozilla [+],
freetype [+],
cve [+],
apple ios [+],
code execution [+],
corruption [+],
usa [+],
substr [+],
kernel [+],
internet [+],
overwrite [+],
overflow [+],
openoffice [+],
libxml [+],
heap memory [+],
heap [+],
adobe [+],
rose protocol [+],
rose [+],
protocol [+],
privilege [+],
local privilege escalation [+],
integer overflow [+],
escalation [+],
agp [+],
vulnerability [+],
service vulnerability [+],
realplayer [+],
powerhmi [+],
php [+],
org [+],
movicon [+],
microsoft excel [+],
microsoft [+],
memory limit [+],
exploitation [+],
eregi [+],
beta [+],
xpath expressions [+],
xml file [+],
wordperfect documents [+],
wireshark [+],
winlicense [+],
vulnerability research [+],
vsprintf [+],
virtual memory [+],
virtual machine [+],
svg [+],
sumatrapdf [+],
string [+],
spotify [+],
software suite [+],
sketchup [+],
shockwave [+],
security risk [+],
security advisory [+],
search box [+],
script injection [+],
safer use [+],
safari [+],
rcsl [+],
quicktime [+],
proof [+],
process [+],
pid [+],
peter vreugdenhil [+],
peter [+],
pc to [+],
passport [+],
org versions [+],
oreans [+],
opera [+],
ocx versions [+],
object memory [+],
novell groupwise [+],
mobile devices [+],
memory space [+],
memory layout [+],
memory exhaustion [+],
manager [+],
malformed request [+],
local memory [+],
linux kernels [+],
linux [+],
libwpd [+],
libreoffice [+],
libavcodec [+],
jonathan brossard [+],
javascript event handler [+],
invalid addresses [+],
internet explorer object [+],
idefense [+],
htc [+],
host memory [+],
host [+],
holdem [+],
groupwise [+],
google [+],
format string [+],
format [+],
flash [+],
ffmpeg [+],
expression [+],
explorer [+],
exhaustion [+],
eviews [+],
event [+],
denial [+],
default media player [+],
dae [+],
d remote [+],
critical vulnerability [+],
corruption bug [+],
chm [+],
chaos communication congress [+],
chancel [+],
barbella [+],
apple security [+],
advisory [+],
adobe systems inc [+],
adobe shockwave player [+],
Skype [+],
x 509 [+],
windows [+],
volatools [+],
volatile memory [+],
visual classification [+],
textual window [+],
taglib [+],
sun java runtime environment [+],
sun java runtime [+],
soffice [+],
set [+],
server [+],
samba [+],
rsa public keys [+],
reverser [+],
python [+],
pro face [+],
poc [+],
petroni [+],
openssl [+],
mp3 center [+],
module [+],
microsoft crash [+],
memory leak [+],
memory issues [+],
libpng [+],
kernel memory [+],
joshua drake tags [+],
java runtime environment [+],
java [+],
investigation process [+],
infinite loop [+],
icoolplayer [+],
greg conti [+],
gateprotectcc [+],
dead authors [+],
crash [+],
conversion tool [+],
bugtraq [+],
brad spengler [+],
audioop [+],
apple quicktime [+],
abu dhabi [+],
aaron walters nick petroni [+],
multiple [+],
remote [+],
security [+],
xpra [+],
xnview [+],
x quicktime [+],
voc [+],
vmware [+],
video player [+],
unspecified [+],
type font [+],
touch [+],
tom sawyer software [+],
tom sawyer [+],
tiff file [+],
tiff [+],
suite [+],
stunnel [+],
sram [+],
signalsec [+],
reverse engineering [+],
response [+],
quantified [+],
proficy [+],
powerpoint graphics [+],
pmp [+],
player [+],
plant applications [+],
physical memory [+],
physical [+],
php 5 [+],
patching [+],
paper [+],
ncss [+],
mxf [+],
movie file [+],
movie [+],
morris worm [+],
microcontrollers [+],
memory memory [+],
memory effects [+],
memory allocations [+],
matrix [+],
martin barbella [+],
libtiff [+],
jordi chancel [+],
interface [+],
integrating [+],
inspircd [+],
input matrix [+],
information store [+],
history [+],
heavy lifting [+],
hardware assistance [+],
hacks [+],
hacker folklore [+],
free memory [+],
forensics [+],
firefox [+],
file [+],
factory [+],
external memory interface [+],
extension [+],
exploitation techniques [+],
escher [+],
eric rogers [+],
engineering [+],
disclosure [+],
dino dai zovi [+],
denial of service attack [+],
data execution prevention [+],
cxx [+],
computer study [+],
buzz [+],
black hat [+],
backdoor [+],
arduino [+],
arbitrary [+],
apple mac os x [+],
apple mac os [+],
apple coregraphics [+],
apple [+],
proof of concept [+],
memory corruption [+],
denial of service [+],
ubuntu [+],
idefense security advisory [+],
exploits [+],
kernel stack [+],
dan rosenberg [+],
arbitrary code execution [+],
linux kernel [+],
exploit [+],
webkit [+],
network stack [+],
ios [+],
excel [+],
eric dumazet [+],
alex shi [+],
zsl,
zlib,
zip,
zach hoffman,
x. this,
x physical,
x kernel,
x event,
x coretext,
word document,
whitepaper,
webcore,
vulnerabilities,
volatile,
virus,
virtual pc,
virtual,
vintage arcade,
vintage,
video,
vasiliy kulikov,
value,
user,
usb memory stick,
usb,
uninvited,
uninitialized,
uninitialised memory,
unified memory,
unified,
uart driver,
txt,
tool,
times,
time input,
tiff image,
tgz,
terabyte hard drive,
target user,
taichi,
table layout,
system programmer,
system privileges,
synthesizer,
subsystem,
sslvpn,
srose,
speed commander,
space programs,
sol jerome,
snort,
slides,
size,
silberman,
shockwave player,
service,
security notice,
secunia,
scsi subsystem,
scoreboard,
score,
sched,
samba project,
rtd,
rootkit,
root privileges,
rich smith,
reverse,
reuse,
research,
realnetworks inc,
realnetworks,
realaudio content,
real time,
reader,
read,
rdesktop,
rafal wojtczuk,
quicktime pict,
quicktime media player,
qtextengine,
publisher,
pseudo,
psd,
protection,
program,
preview,
pre,
point,
png image,
png file,
png,
pktcdvd,
pki client,
pki,
pidgin,
peter silberman,
persistent memory,
pentest,
pdf,
pcap,
pc. yes,
pc hypervisor,
passive network,
parser,
parent,
oscar plugin,
order,
oracle database,
oracle,
opiereadrec,
opie,
operation,
oliver nash,
object pointer,
object element,
null pointer,
notice 974,
nguyen anh,
napster,
namoroka,
minimal memory,
microsoft virtual pc,
microsoft publisher,
microsoft corp,
meterpreter,
memory resident,
memory registers,
memory protection,
memory pages,
memory management,
memory issue,
memory information,
memory footprint,
memory error,
memory database,
memory consumption,
memory card,
memory board,
memory blocks,
memory analysis,
memory allocation,
memory address,
memory access,
mdvsa,
martijn wargers,
mark dowd,
mandriva linux,
mandriva,
malware,
mainline kernel,
magnetic core memory,
machine authors,
machine,
mac os x,
mac os,
lookaside,
listener,
lighttpd,
lib,
li ming,
length,
layoutdata,
kernel internals,
kernel extensions,
kernel changes,
kernel 32,
kernel 2,
kerberos,
kdb,
jpeg image data,
jeff walden,
isapi,
irix,
irfanview,
invalid string,
invalid,
internet explorer,
internet exploiter,
intelligent,
insufficient space,
insufficient size,
information disclosure vulnerability,
information,
inclusion,
impress,
imageio,
image,
igor bukanov,
ieee,
html,
how to impress girls,
henry sivonen,
halo,
gustav rydstedt,
gustav,
granularity,
gourdin,
glibc,
gig,
gary kwong,
gain root privileges,
fuzzing,
function pointers,
function,
frequent reader,
frank,
framework,
fpx,
format validation,
forensic tools,
forensic,
flashpix,
flash memory,
fixed,
external hd,
extended,
exposed,
exploiting,
exploiter,
exploitation activities,
exec system,
etoken,
ethernet,
elements,
electronics kit,
dos vulnerability,
dos,
dominic chell,
disk blocks,
directory services,
directory,
director dirapi,
del,
debugging,
david kerb,
dave chinner,
database,
daniel kozlowski,
dangling pointer,
cups,
css clip,
css,
cpp,
corporate desktop,
core,
cook,
controller area network,
consumption,
completeftp,
commander,
com,
colin ames,
code microsoft,
code,
client,
classic,
clamav,
cisco security advisory,
cisco security,
cisco ios software,
cisco ios,
chrome,
christian holler,
childhood,
chell,
checkpoint,
card,
buffer overflows,
buffer overflow vulnerability,
buffer overflow vulnerabilities,
brutessh,
browser,
boston,
boot,
blog entry,
bill blunden,
ben north,
ben hawkes,
baptiste gourdin,
bad memories,
bad,
avr programming,
avr,
avi file,
authors,
audio,
attacker,
asfheader,
arbitrary code,
application crash,
apple safari,
apple quicktime player,
apple officeimport,
apple directory,
apache http server,
antimeter,
alpha,
alloca,
alexander sotirov,
alan cox,
aladdin etoken,
aladdin,
adobe reader version,
adobe reader,
adobe director,
address,
act,
acrylic case,
Support,
Software,
Related,
Programming,
Issues,
General,
Final,
BackTrack,
6 606
-
-
7:53
»
Packet Storm Security Exploits
Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from a misaligned memory denial of service vulnerability.
-
-
7:43
»
Packet Storm Security Advisories
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
-
7:43
»
Packet Storm Security Recent Files
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
-
7:43
»
Packet Storm Security Misc. Files
OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.
-
-
17:16
»
Packet Storm Security Recent Files
A review of the code in filter/source/msfilter msdffimp.cxx in OpenOffice.org versions 3.3 and 3.4 Beta revealed some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.
-
-
12:22
»
Packet Storm Security Recent Files
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
12:22
»
Packet Storm Security Misc. Files
Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included.
-
-
5:12
»
Packet Storm Security Advisories
The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven.
-
5:12
»
Packet Storm Security Recent Files
The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven.
-
5:12
»
Packet Storm Security Misc. Files
The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven.
-
-
16:22
»
Packet Storm Security Recent Files
OpenSSL versions up to and including 1.0.1 are affected by a memory corruption vulnerability. asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.
-
16:22
»
Packet Storm Security Misc. Files
OpenSSL versions up to and including 1.0.1 are affected by a memory corruption vulnerability. asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.
-
-
16:05
»
Packet Storm Security Exploits
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
16:05
»
Packet Storm Security Misc. Files
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
-
23:09
»
Packet Storm Security Exploits
Spotify version 0.8.2.610 suffers from a memory exhaustion vulnerability. The vulnerability is caused due to the Search box function not checking the boundary of user input.
-
23:09
»
Packet Storm Security Recent Files
Spotify version 0.8.2.610 suffers from a memory exhaustion vulnerability. The vulnerability is caused due to the Search box function not checking the boundary of user input.
-
23:09
»
Packet Storm Security Misc. Files
Spotify version 0.8.2.610 suffers from a memory exhaustion vulnerability. The vulnerability is caused due to the Search box function not checking the boundary of user input.
-
-
20:59
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
20:59
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
20:59
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
-
-
22:38
»
SecDocs
Authors:
Jonathan Brossard Tags:
memory Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Pmcma is a tool aimed at automating the most time consuming taskes of exploitation. It for instance determine why an application is triggering a segmentention fault, evaluate if the faulting instruction can be used to write to memory or execute arbitrary code, and list all the function pointers potentially called from a given point in time by an application. Pmcma is a totally new kind of debugger, which allows for easy experimentation with a process in memory by forcing it to fork. The exact replicas of the process created in memory can then be intrumented while keeping the properties (eg: state of variables, ASLR, permissions...) of the original process. Pmcma is an easily extensible framework available under the Apache 2.0 license from http://www.pmcma.org/ . In this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, based on dataflow analysis after a memory corruption bug has occured inside a running process. We will expose a methodology which shall help writting a reliable exploit out of a PoC triggering an invalid memory write, in presence of security defense mechanisme such as compiler enchancements (full RELRO, SSP...), or kernel anti exploitation features (ASLR, NX...). We will demonstrate how to:find all the function pointers inside a running process, how to determine which ones would have been dereferenced after the crash, which ones are truncable (in particular with 0x00000000). In case all of the above fail, how to test for specific locations overwrites in order to indirectly trigger a second vulnerability allowing greater control and eventually control flow hijacking. All of the above without source code, indeed ;) In the case of invalid memory reads, we will exemplify how indirectly influence the control flow of execution by reading arbitary values, how to trace all the unaligned memory access and how to test if an invalid read can be turned into an invalid write or used to infere the mapping of the binary. We will also introduce a new debugging technique which allows for very effective testing of all of the above by forcing the debugged process to fork(). Automatically. And with a rating of the best read/write location based on probabilities of mapping addresses (because of ASLR). Finally, since overwriting function pointers doesn't allow direct shellcode execution because of W^X mappings, we introduce a new exploitation technique which works even in the most hardcore kernels such as grsecurity. IT is called "stack desynchronization" and allows frame faking inside the stack itself. Those techniques are implemented in the form of a proof of concept tool available under the Apache 2.0 license at : http://www.pmcma.org/ .
-
22:38
»
SecDocs
Authors:
Jonathan Brossard Tags:
memory Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Pmcma is a tool aimed at automating the most time consuming taskes of exploitation. It for instance determine why an application is triggering a segmentention fault, evaluate if the faulting instruction can be used to write to memory or execute arbitrary code, and list all the function pointers potentially called from a given point in time by an application. Pmcma is a totally new kind of debugger, which allows for easy experimentation with a process in memory by forcing it to fork. The exact replicas of the process created in memory can then be intrumented while keeping the properties (eg: state of variables, ASLR, permissions...) of the original process. Pmcma is an easily extensible framework available under the Apache 2.0 license from http://www.pmcma.org/ . In this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, based on dataflow analysis after a memory corruption bug has occured inside a running process. We will expose a methodology which shall help writting a reliable exploit out of a PoC triggering an invalid memory write, in presence of security defense mechanisme such as compiler enchancements (full RELRO, SSP...), or kernel anti exploitation features (ASLR, NX...). We will demonstrate how to:find all the function pointers inside a running process, how to determine which ones would have been dereferenced after the crash, which ones are truncable (in particular with 0x00000000). In case all of the above fail, how to test for specific locations overwrites in order to indirectly trigger a second vulnerability allowing greater control and eventually control flow hijacking. All of the above without source code, indeed ;) In the case of invalid memory reads, we will exemplify how indirectly influence the control flow of execution by reading arbitary values, how to trace all the unaligned memory access and how to test if an invalid read can be turned into an invalid write or used to infere the mapping of the binary. We will also introduce a new debugging technique which allows for very effective testing of all of the above by forcing the debugged process to fork(). Automatically. And with a rating of the best read/write location based on probabilities of mapping addresses (because of ASLR). Finally, since overwriting function pointers doesn't allow direct shellcode execution because of W^X mappings, we introduce a new exploitation technique which works even in the most hardcore kernels such as grsecurity. IT is called "stack desynchronization" and allows frame faking inside the stack itself. Those techniques are implemented in the form of a proof of concept tool available under the Apache 2.0 license at : http://www.pmcma.org/ .
-
22:38
»
SecDocs
Authors:
Jonathan Brossard Tags:
memory Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Pmcma is a tool aimed at automating the most time consuming taskes of exploitation. It for instance determine why an application is triggering a segmentention fault, evaluate if the faulting instruction can be used to write to memory or execute arbitrary code, and list all the function pointers potentially called from a given point in time by an application. Pmcma is a totally new kind of debugger, which allows for easy experimentation with a process in memory by forcing it to fork. The exact replicas of the process created in memory can then be intrumented while keeping the properties (eg: state of variables, ASLR, permissions...) of the original process. Pmcma is an easily extensible framework available under the Apache 2.0 license from http://www.pmcma.org/ . In this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, based on dataflow analysis after a memory corruption bug has occured inside a running process. We will expose a methodology which shall help writting a reliable exploit out of a PoC triggering an invalid memory write, in presence of security defense mechanisme such as compiler enchancements (full RELRO, SSP...), or kernel anti exploitation features (ASLR, NX...). We will demonstrate how to:find all the function pointers inside a running process, how to determine which ones would have been dereferenced after the crash, which ones are truncable (in particular with 0x00000000). In case all of the above fail, how to test for specific locations overwrites in order to indirectly trigger a second vulnerability allowing greater control and eventually control flow hijacking. All of the above without source code, indeed ;) In the case of invalid memory reads, we will exemplify how indirectly influence the control flow of execution by reading arbitary values, how to trace all the unaligned memory access and how to test if an invalid read can be turned into an invalid write or used to infere the mapping of the binary. We will also introduce a new debugging technique which allows for very effective testing of all of the above by forcing the debugged process to fork(). Automatically. And with a rating of the best read/write location based on probabilities of mapping addresses (because of ASLR). Finally, since overwriting function pointers doesn't allow direct shellcode execution because of W^X mappings, we introduce a new exploitation technique which works even in the most hardcore kernels such as grsecurity. IT is called "stack desynchronization" and allows frame faking inside the stack itself. Those techniques are implemented in the form of a proof of concept tool available under the Apache 2.0 license at : http://www.pmcma.org/ .
-
-
17:36
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. Adobe Flash Player versions 11.1.102.62 and below are affected.
-
17:36
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. Adobe Flash Player versions 11.1.102.62 and below are affected.
-
17:36
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. Adobe Flash Player versions 11.1.102.62 and below are affected.
-
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
-
8:26
»
Packet Storm Security Exploits
This is the Mempodipper local root exploit for Linux. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process's virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels greater than and equal to 2.6.39 are vulnerable.
-
8:26
»
Packet Storm Security Recent Files
This is the Mempodipper local root exploit for Linux. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process's virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels greater than and equal to 2.6.39 are vulnerable.
-
8:26
»
Packet Storm Security Misc. Files
This is the Mempodipper local root exploit for Linux. /proc/pid/mem is an interface for reading and writing, directly, process memory by seeking around with the same addresses as the process's virtual memory space. In 2.6.39, the protections against unauthorized access to /proc/pid/mem were deemed sufficient, and so the prior #ifdef that prevented write support for writing to arbitrary process memory was removed. Anyone with the correct permissions could write to process memory. It turns out, of course, that the permissions checking was done poorly. This means that all Linux kernels greater than and equal to 2.6.39 are vulnerable.
-
9:29
»
Packet Storm Security Exploits
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
-
9:29
»
Packet Storm Security Recent Files
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
-
9:29
»
Packet Storm Security Misc. Files
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
-
-
9:01
»
Hack a Day
Reading from a large number of inputs, like this piano keyboard, can be tedious. Even when multiplexing there’s a lot to keep track of. But if you choose the right microcontroller, you may have hardware assistance. Here’s an ATmega640 is using it’s external memory interface to read the key matrix. You may remember the Open [...]
-
-
8:25
»
Packet Storm Security Exploits
Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a memory corruption vulnerability. Proof of concept included.
-
-
14:11
»
Packet Storm Security Advisories
Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.
-
14:11
»
Packet Storm Security Recent Files
Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.
-
14:11
»
Packet Storm Security Misc. Files
Apple Security Advisory 2011-10-26-1 - QuickTime 7.7.1 is now available and addresses memory disclosure, arbitrary code execution, script injection, and various other vulnerabilities.
-
-
20:09
»
Packet Storm Security Advisories
iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
-
20:09
»
Packet Storm Security Recent Files
iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
-
20:09
»
Packet Storm Security Misc. Files
iDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
-
-
13:27
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
13:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
13:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
-
16:39
»
Packet Storm Security Advisories
Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
16:39
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
16:39
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1218-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
-
15:41
»
Packet Storm Security Advisories
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
-
15:41
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
-
15:41
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
-
10:39
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Event:
Black Hat USA 2010 Abstract: This talk is introducing MoonSols Windows Memory Toolkit aims at being the ultimate memory and crash dump acquisition and conversion tool for Windows. Including live acquisition on Windows of Microsoft crash dumps, the conversion of hibernation file into crashdump, and even to get a crashdump of a running VMWare Virtual Machine without rebooting it and without any BSOD!
-
-
11:52
»
SecDocs
Authors:
Matthieu Suiche Tags:
forensic Event:
Black Hat USA 2010 Abstract: This talk is introducing MoonSols Windows Memory Toolkit aims at being the ultimate memory and crash dump acquisition and conversion tool for Windows. Including live acquisition on Windows of Microsoft crash dumps, the conversion of hibernation file into crashdump, and even to get a crashdump of a running VMWare Virtual Machine without rebooting it and without any BSOD!
-
-
18:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
18:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
18:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1216-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
-
18:09
»
SecuriTeam
A memory corruption vulnerability in Tom Sawyer Software's GET Extension Factory could allow an attacker to execute arbitrary code with the privileges of the affected user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
9:23
»
SecDocs
Authors:
Haroon Meer Tags:
memory exploiting Event:
Black Hat USA 2010 Abstract: Buffer Overflows, Stack Smashes and Memory Corruption Attacks have been the info sec headline stealers for the better part of 3 decades. Sadly, poor record keeping (and dismal regard for attribution of prior research) has resulted in huge gaps in our "hacker folklore". It has also resulted in several re-inventions of the wheel. This talk traces the history of memory corruption attacks and defenses, from the Morris Worm of 1988 to the awesome Pointer Inference work published by Blazakis in 2010. We will demonstrate with code samples, live demo's (and pretty pictures) the progression of these attacks, how they work, when they first came to light, and the mitigations that have been developed and deployed to thwart them.
-
-
15:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1208-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
15:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1208-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
14:58
»
Packet Storm Security Advisories
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
-
14:58
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
-
14:58
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
-
14:55
»
Packet Storm Security Advisories
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. An invalid value of the length field in the record header can trigger an error condition and result in using memory content which has already been freed and may allow arbitrary code execution.
-
14:55
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. An invalid value of the length field in the record header can trigger an error condition and result in using memory content which has already been freed and may allow arbitrary code execution.
-
14:55
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. An invalid value of the length field in the record header can trigger an error condition and result in using memory content which has already been freed and may allow arbitrary code execution.
-
-
22:13
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
22:13
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1203-1 - Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Alex Shi and Eric Dumazet discovered that the network stack did not correctly handle packet backlogs. A remote attacker could exploit this by sending a large amount of network traffic to cause the system to run out of memory, leading to a denial of service. Various other issues were also addressed.
-
22:10
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.
-
22:10
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1202-1 - Dan Rosenberg discovered that several network ioctls did not clear kernel memory correctly. A local user could exploit this to read kernel stack memory, leading to a loss of privacy. Brad Spengler discovered that stack memory for new a process was not correctly calculated. A local attacker could exploit this to crash the system, leading to a denial of service. Dan Rosenberg discovered that the Linux kernel TIPC implementation contained multiple integer signedness errors. A local attacker could exploit this to gain root privileges. Various other issues were also addressed.
-
-
10:37
»
SecDocs
Authors:
Dino Dai Zovi Tags:
exploiting Event:
Black Hat USA 2010 Abstract: The latest advances in exploitation of memory corruption vulnerabilities revolve around applying return-oriented exploitation techniques to evade non-executable memory protections such as Microsoft's Data Execution Prevention (DEP), CPU-supported non-executable memory (NX/XD), and mandatory code-signing such as on iPhone OS. Although the ideas behind these exploitation techniques can be traced quite far back, they are receiving more attention as non-executable memory protections become more prevalent. This presentation will cover the current state of memory corruption exploitation and exploit mitigation as well as an in-depth discussion of a variety of return-oriented exploitation techniques. Finally, the presentation will discuss what ramifications return-oriented exploitation techniques have for exploit developers, software vendors, malware analysts, and enterprise IT security professionals.
-
-
16:01
»
Hack a Day
How much memory do you really need? We suppose it’s not really our place to judge how you misuse use memory in your projects. But we do appreciate the clean and orderly technique that [Eric Rogers] uses to add multiple SPI SRAM chips to an Arduino. The heavy lifting is done with a CPLD shield [...]
-
10:24
»
SecDocs
Authors:
Greg Conti Sergey Bratus Tags:
reverse engineering Event:
Black Hat USA 2010 Abstract: When analyzing large binary objects such as process memory dumps, proprietary data files, container file formats, and network flow payloads, security researchers are limited by the tiny textual window a hex editor and common command line utilities typically provide. To the uninitiated, these objects may appear to be homogeneous, but -- as reverse engineers know -- in reality they consist of many diverse parts: text, images, compressed data, encrypted regions, audio samples, data structures, and much more. Some of these parts are instantly recognizable to a seasoned reverser, and the nature of others (e.g., compressed data) may be guessed when suitably depicted. Yet, visual classification remains arcane and unaided by convenient tools that would both present objects at a glance and help segment them. The authors of this talk attempt to remedy this. The authors have laboriously gathered, cataloged, and studied forms of binary structure and will present a (concise) "visual dictionaries" of the binary structures you find in the wild and in the lab. You will see and understand the constituent parts found within binary objects, essential knowledge for the reverser, forensic analyst, and security researcher. You will be far better prepared to dissect proprietary data files, conduct memory forensics and deeply analyze any large binary object you may encounter.
-
10:23
»
SecDocs
Authors:
Greg Conti Sergey Bratus Tags:
reverse engineering Event:
Black Hat USA 2010 Abstract: When analyzing large binary objects such as process memory dumps, proprietary data files, container file formats, and network flow payloads, security researchers are limited by the tiny textual window a hex editor and common command line utilities typically provide. To the uninitiated, these objects may appear to be homogeneous, but -- as reverse engineers know -- in reality they consist of many diverse parts: text, images, compressed data, encrypted regions, audio samples, data structures, and much more. Some of these parts are instantly recognizable to a seasoned reverser, and the nature of others (e.g., compressed data) may be guessed when suitably depicted. Yet, visual classification remains arcane and unaided by convenient tools that would both present objects at a glance and help segment them. The authors of this talk attempt to remedy this. The authors have laboriously gathered, cataloged, and studied forms of binary structure and will present a (concise) "visual dictionaries" of the binary structures you find in the wild and in the lab. You will see and understand the constituent parts found within binary objects, essential knowledge for the reverser, forensic analyst, and security researcher. You will be far better prepared to dissect proprietary data files, conduct memory forensics and deeply analyze any large binary object you may encounter.
-
-
14:45
»
Packet Storm Security Exploits
BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
-
14:45
»
Packet Storm Security Recent Files
BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
-
14:45
»
Packet Storm Security Misc. Files
BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
-
-
22:10
»
Packet Storm Security Recent Files
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
22:10
»
Packet Storm Security Tools
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
22:10
»
Packet Storm Security Misc. Files
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
-
17:04
»
SecuriTeam
A memory corruption vulnerability was discovered in Microsoft Excel.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:59
»
Packet Storm Security Advisories
iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
-
20:59
»
Packet Storm Security Recent Files
iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
-
20:59
»
Packet Storm Security Misc. Files
iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
-
-
17:35
»
Packet Storm Security Advisories
CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.
-
17:35
»
Packet Storm Security Recent Files
CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.
-
17:35
»
Packet Storm Security Misc. Files
CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability. The vulnerability occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.
-
8:39
»
Packet Storm Security Advisories
Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
-
8:39
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
-
8:39
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1150-1 - Multiple vulnerabilities were fixed in Thunderbird. Multiple memory vulnerabilities were discovered in the browser rendering engine. Martin Barbella discovered that under certain conditions, viewing a XUL document while JavaScript was disabled caused deleted memory to be accessed. Jordi Chancel discovered a vulnerability on multipart/x-mixed-replace images due to memory corruption. Various other issues were also addressed.
-
-
3:16
»
Packet Storm Security Advisories
A memory corruption vulnerability in the Dirapi.dll component of Adobe Shockwave Player could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory.
-
3:16
»
Packet Storm Security Recent Files
A memory corruption vulnerability in the Dirapi.dll component of Adobe Shockwave Player could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory.
-
3:16
»
Packet Storm Security Misc. Files
A memory corruption vulnerability in the Dirapi.dll component of Adobe Shockwave Player could lead to code execution. By crafting specific values within rcsL substructures an attacker can corrupt memory.
-
-
20:59
»
SecuriTeam
Remote exploitation of a heap memory corruption vulnerability in Apple Inc.'s CoreGraphics.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution