«
Expand/Collapse
249 items tagged "corruption"
Related tags:
realplayer [+],
glibc [+],
exploit [+],
remote [+],
gnu [+],
fnmatch [+],
function pointers [+],
denial of service [+],
vulnerability [+],
safer use [+],
overflow [+],
opera [+],
libxml [+],
Skype [+],
wireshark [+],
webkit [+],
poc [+],
perl [+],
pcap [+],
heap corruption [+],
framework [+],
cve [+],
adobe [+],
zip file [+],
zip [+],
wrf [+],
peamp [+],
linux kernel [+],
konqueror [+],
heap memory [+],
cisco webex [+],
wavesurfer [+],
version [+],
sumatrapdf [+],
security technologies [+],
security advisory [+],
red hat security [+],
red [+],
rdesktop [+],
python bindings [+],
python [+],
pypam [+],
public keys [+],
pointer [+],
perl 5 [+],
pam [+],
opera version [+],
openstack [+],
novell groupwise [+],
nova cve [+],
net [+],
mp3 file [+],
mobile devices [+],
microsoft [+],
memory access [+],
local memory [+],
libavcodec [+],
invalid addresses [+],
integer overflow vulnerability [+],
integer overflow [+],
integer [+],
htc [+],
hat [+],
groupwise [+],
gnupg [+],
gif files [+],
free [+],
fpx [+],
format string [+],
flash [+],
ffmpeg [+],
excel [+],
eviews [+],
dos [+],
director dirapi [+],
default media player [+],
database corruption [+],
database [+],
corruption issues [+],
correct memory [+],
chm [+],
cakephp [+],
cache [+],
bugtraq [+],
attacker [+],
apple security [+],
apple quicktime player [+],
advisory [+],
adobe systems inc [+],
adobe director [+],
address [+],
3g2 files [+],
x 509 [+],
usa [+],
txt [+],
torrent [+],
taglib [+],
sun java runtime environment [+],
sun java runtime [+],
soffice [+],
shockwave user [+],
security [+],
rsa public keys [+],
player [+],
pct [+],
parsing [+],
openssl [+],
mp3 center [+],
mini [+],
memmory [+],
libreoffice [+],
joshua drake tags [+],
java runtime environment [+],
java [+],
infinite loop [+],
icoolplayer [+],
gateprotectcc [+],
free memory [+],
format validation [+],
fixed [+],
e. quicktime [+],
dllmain [+],
code [+],
buffer overflows [+],
arctic [+],
arbitrary code [+],
apple officeimport [+],
apple coregraphics [+],
abu dhabi [+],
proof of concept [+],
memory corruption [+],
memory [+],
x coretext [+],
windows [+],
web player [+],
web browser [+],
vulnerabilities [+],
video player [+],
unity [+],
totem [+],
svg [+],
stack [+],
rtd [+],
reader [+],
quicktime pict [+],
quicktime media player [+],
preview [+],
playlist files [+],
player versions [+],
player v1 [+],
parser [+],
ncss [+],
movie [+],
morris worm [+],
microsoft windows [+],
memory pool [+],
keyboard layout [+],
keyboard [+],
kernel driver [+],
kernel [+],
kerio [+],
internet exploiter [+],
information store [+],
html [+],
history [+],
hacker folklore [+],
gstreamer [+],
firefox [+],
ezserver [+],
exploiter [+],
exploitation techniques [+],
exploitation [+],
dino dai zovi [+],
data execution prevention [+],
d web [+],
d memory [+],
css clip [+],
cisco [+],
buzz [+],
blazevideo [+],
avi file [+],
avast [+],
aswfw [+],
arbitrary [+],
application crash [+],
application [+],
apple mac os x [+],
apple mac os [+],
apple itunes [+],
adobe reader [+],
adobe adobe [+],
administration [+],
memory leak [+],
libpng [+],
mozilla firefox [+],
mozilla [+],
heap [+],
exploits [+],
multiple [+],
idefense security advisory [+],
code execution [+],
arbitrary code execution [+],
apple quicktime [+]
-
-
8:58
»
Packet Storm Security Advisories
GnuPG versions 1.4.12 and below are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated.
-
8:58
»
Packet Storm Security Recent Files
GnuPG versions 1.4.12 and below are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated.
-
8:58
»
Packet Storm Security Misc. Files
GnuPG versions 1.4.12 and below are vulnerable to memory access violations and public keyring database corruption when importing public keys that have been manipulated.
-
-
16:00
»
SecuriTeam
The Konqueror web browser is vulnerable to a number of memory corruption vulnerabilities.
-
-
15:46
»
Packet Storm Security Advisories
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
-
15:46
»
Packet Storm Security Recent Files
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
-
15:46
»
Packet Storm Security Misc. Files
The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
-
-
17:00
»
SecuriTeam
EzServer is affected by a remote heap corruption vulnerability.
-
-
17:00
»
SecuriTeam
This allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22.
-
-
17:00
»
SecuriTeam
This allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
-
-
17:01
»
Packet Storm Security Advisories
Core Security Technologies Advisory - A vulnerability exists in atas32.dll affecting Cisco WebEx Player version 3.26 that allows an attacker to corrupt memory, which may lead to code execution in the context of the currently logged on user.
-
17:01
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - A vulnerability exists in atas32.dll affecting Cisco WebEx Player version 3.26 that allows an attacker to corrupt memory, which may lead to code execution in the context of the currently logged on user.
-
17:01
»
Packet Storm Security Misc. Files
Core Security Technologies Advisory - A vulnerability exists in atas32.dll affecting Cisco WebEx Player version 3.26 that allows an attacker to corrupt memory, which may lead to code execution in the context of the currently logged on user.
-
-
19:45
»
Packet Storm Security Exploits
This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
-
-
15:38
»
Packet Storm Security Advisories
Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.
-
15:38
»
Packet Storm Security Misc. Files
Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.
-
-
13:42
»
Packet Storm Security Exploits
An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
-
13:42
»
Packet Storm Security Recent Files
An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
-
13:42
»
Packet Storm Security Misc. Files
An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
-
-
16:22
»
Packet Storm Security Recent Files
OpenSSL versions up to and including 1.0.1 are affected by a memory corruption vulnerability. asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.
-
16:22
»
Packet Storm Security Misc. Files
OpenSSL versions up to and including 1.0.1 are affected by a memory corruption vulnerability. asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.
-
-
16:05
»
Packet Storm Security Exploits
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
16:05
»
Packet Storm Security Misc. Files
LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
-
-
15:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - VLC v. 2.0.1.0 .tta Memory Corruption
-
-
15:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - VLC v. 2.0.1.0 .it Memory Corruption
-
-
15:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - VLC v. 1.1.11 .3gp Memory Corruption
-
15:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - VLC v. 1.1.11 .m4v Memory Corruption
-
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - PyPAM Python bindings for PAM Double Free Corruption
-
14:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[dos / poc] - PyPAM Python bindings for PAM Double Free Corruption
-
-
7:37
»
Packet Storm Security Advisories
Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
-
7:37
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
-
7:37
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2012-0311-03 - The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH set in the ELF header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption.
-
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
21:37
»
SecDocs
Authors:
Joshua Drake Tags:
memory heap overflow exploiting Java Event:
Black Hat Abu Dhabi 2011 Abstract: The Oracle (previously Sun) Java Runtime Environment (JRE) is widely viewed by security researchers as one of the weakest links in the proverbial chain. That said, the exploitation of memory corruption vulnerabilities within the JRE is not always straight-forward. This talk will focus on a collection of techniques to overcome potential issues that one may face while developing exploits against memory corruption vulnerabilities within the JRE. The talk concludes with a demonstration of the techniques as used on a selection of contrived and real-world vulnerabilities.
-
-
9:29
»
Packet Storm Security Exploits
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
-
9:29
»
Packet Storm Security Recent Files
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
-
9:29
»
Packet Storm Security Misc. Files
HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
-
-
13:27
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
13:27
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
13:27
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
-
-
15:41
»
Packet Storm Security Advisories
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
-
15:41
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
-
15:41
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
-
-
9:23
»
SecDocs
Authors:
Haroon Meer Tags:
memory exploiting Event:
Black Hat USA 2010 Abstract: Buffer Overflows, Stack Smashes and Memory Corruption Attacks have been the info sec headline stealers for the better part of 3 decades. Sadly, poor record keeping (and dismal regard for attribution of prior research) has resulted in huge gaps in our "hacker folklore". It has also resulted in several re-inventions of the wheel. This talk traces the history of memory corruption attacks and defenses, from the Morris Worm of 1988 to the awesome Pointer Inference work published by Blazakis in 2010. We will demonstrate with code samples, live demo's (and pretty pictures) the progression of these attacks, how they work, when they first came to light, and the mitigations that have been developed and deployed to thwart them.
-
-
14:58
»
Packet Storm Security Advisories
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
-
14:58
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
-
14:58
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
-
-
10:37
»
SecDocs
Authors:
Dino Dai Zovi Tags:
exploiting Event:
Black Hat USA 2010 Abstract: The latest advances in exploitation of memory corruption vulnerabilities revolve around applying return-oriented exploitation techniques to evade non-executable memory protections such as Microsoft's Data Execution Prevention (DEP), CPU-supported non-executable memory (NX/XD), and mandatory code-signing such as on iPhone OS. Although the ideas behind these exploitation techniques can be traced quite far back, they are receiving more attention as non-executable memory protections become more prevalent. This presentation will cover the current state of memory corruption exploitation and exploit mitigation as well as an in-depth discussion of a variety of return-oriented exploitation techniques. Finally, the presentation will discuss what ramifications return-oriented exploitation techniques have for exploit developers, software vendors, malware analysts, and enterprise IT security professionals.
-
-
22:10
»
Packet Storm Security Recent Files
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
22:10
»
Packet Storm Security Tools
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
22:10
»
Packet Storm Security Misc. Files
Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
-
-
21:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[dos / poc] - Mini FTP Server 1.1 Buffer Corruption Remote Denial Of Service
-
18:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[dos / poc] - Mini FTP Server 1.1 Buffer Corruption Remote Denial Of Service
-
-
21:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - Zortam Mp3 Center 3.50 memory corruption
-
21:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - icoolplayer v1.0.1.0 memory corruption
-
18:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - Zortam Mp3 Center 3.50 memory corruption
-
18:00
»
0day.today (was: 1337day, Inj3ct0r, 1337db)
[local exploits] - icoolplayer v1.0.1.0 memory corruption
-
-
20:59
»
Packet Storm Security Advisories
iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
-
20:59
»
Packet Storm Security Recent Files
iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
-
20:59
»
Packet Storm Security Misc. Files
iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
-
-
20:59
»
SecuriTeam
Remote exploitation of a heap memory corruption vulnerability in Apple Inc.'s CoreGraphics.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:59
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
15:54
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:45
»
SecuriTeam
Remote exploitation of a memory corruption vulnerability in Apple QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:23
»
Packet Storm Security Advisories
The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).
-
13:23
»
Packet Storm Security Recent Files
The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).
-
13:23
»
Packet Storm Security Misc. Files
The Apple QuickTime player does not properly parse .fpx media files, which causes a memory corruption by opening a malformed file with an invalid value located in PoC repro.fpx at offset 0x49. Tested vulnerable are versions 7.6.8 (1675) and 7.6.6 (1671).
-
-
9:11
»
Packet Storm Security Exploits
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.
-
9:11
»
Packet Storm Security Recent Files
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.
-
9:11
»
Packet Storm Security Misc. Files
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution. It seems like Microsoft code inadvertently increments a vtable pointer to point to an unaligned address within the vtable's function pointers. This leads to the program counter being set to the address determined by the address "[vtable+0x30+1]". The particular address depends on the exact version of the mshtml library in use. Since the address depends on the version of mshtml, some versions may not be exploitable. Specifically, those ending up with a program counter value within another module, in kernel space, or just not able to be reached with various memory spraying techniques. Also, since the address is not controllable, it is unlikely to be possible to use ROP to bypass non-executable memory protections.
-
-
16:01
»
Packet Storm Security Recent Files
iDefense Security Advisory 11.11.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a maliciously constructed Excel record. Specific values within this record can trigger a memory corruption vulnerability, and result in values from the file being used as function pointers. This allows an attacker to execute arbitrary code.
-
16:00
»
Packet Storm Security Advisories
iDefense Security Advisory 11.11.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a maliciously constructed Excel record. Specific values within this record can trigger a memory corruption vulnerability, and result in values from the file being used as function pointers. This allows an attacker to execute arbitrary code.
-
-
22:17
»
Packet Storm Security Exploits
This Metasploit module exploits a memory corruption vulnerability within Microsoft's HTML engine (mshtml). When parsing an HTML page containing a specially crafted CSS tag, memory corruption occurs that can lead arbitrary code execution.
-
-
19:01
»
Packet Storm Security Recent Files
Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.
-
19:00
»
Packet Storm Security Advisories
Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version.
-
-
16:59
»
SecuriTeam
Adobe Director is prone to a memory corruption vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
13:57
»
SecuriTeam
Adobe Director is prone to a memory corruption vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:17
»
SecuriTeam
Adobe Director is prone to a memory corruption vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:34
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-088 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code responsible for parsing 3D objects defined inside Director files. An undocumented 4-byte field within record type 0xFFFFFF49 can be modified to cause corruption of heap memory. This corruption can be used to modify function pointers and achieve code execution.
-
20:34
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-088 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the code responsible for parsing 3D objects defined inside Director files. An undocumented 4-byte field within record type 0xFFFFFF49 can be modified to cause corruption of heap memory. This corruption can be used to modify function pointers and achieve code execution.