iDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
5692748af42e9e662e7a1d8d5215229cc7299a504565cac5bb0c4e3bafd8e0df
iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When parsing a series of SVG tags, and then manipulating them via JavaScript, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by manipulating the animVal property of various SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
99c8cb11dcb256c511dc2217aaa40292d8c285040e8f55bc2b42756ce98c3948
iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. This can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
451fa0ffe2995cf2fabae89ed282d4b2fbe5371f34e100141b87a568287fd5e3
iDefense Security Advisory 07.20.11 - Remote exploitation of a use-after-free vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
53730b1d8512f5363490f9170bba7812a1775127b9e9b802e2a0d79ffc794e42
This Metasploit module exploits a stack-based buffer overflow in the handling of the 'pFragments' shape property within the Microsoft Word RTF parser. All versions of Microsoft Office prior to the release of the MS10-087 bulletin are vulnerable. This Metasploit module does not attempt to exploit the vulnerability via Microsoft Outlook. The Microsoft Word RTF parser was only used by default in versions of Microsoft Word itself prior to Office 2007. With the release of Office 2007, Microsoft began using the Word RTF parser, by default, to handle rich-text messages within Outlook as well. It was possible to configure Outlook 2003 and earlier to use the Microsoft Word engine too, but it was not a default setting.
c781a6b1c954888d98e9d2d99bf09fd7064aa318d76af4eac5e983b427860a6b
iDefense Security Advisory 11.09.10 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of a specific control word in an RTF document. Under certain circumstances, Word will copy its property strings into a stack buffer without checking the length, which causes a stack buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007.
d4d9f9e20e9077a6175a55782b57058b141ca5e690b63999ac4ac7d7e985c23a
iDefense Security Advisory 08.10.10 - Remote exploitation of an memory corruption vulnerability in Microsoft's Office RTF Parsing Engine could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a RTF document containing certain control words, the RTF parsing engine may incorrectly read a value from the RTF file. This value may directly affect the control of execution flow within the RTF parsing engine.
b5e0d708c7afc4fb28b1ce1539313fd783bff59a1505c38d75cbd5f66b9d464d
iDefense Security Advisory 08.10.10 - Remote exploitation of a heap buffer overflow vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user. This vulnerability specifically exists in the handling of some drawing object control words in an RTF document. Under certain circumstances, Word will copy a property value into a heap buffer without checking the length, which causes a heap buffer overflow. iDefense has confirmed the existence of this vulnerability in Microsoft Word 2003, Microsoft Word 2007, and Microsoft Outlook 2007. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-056.
25855763a2da9fa2593ee54ea20cb23b8412b955183bf26b2866e5577463f29d
iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.
bae091af2398a6905bf7b190dfabb58f5965eb1526edb5df68eef29f862a6007
iDefense Security Advisory 03.11.10 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Google Chrome 3.0.195.38 and Safari 4.0.4. Previous versions are suspected to be vulnerable. A full list of affected Apple products can be found in Security Advisory APPLE-SA-2010-03-11-1 Safari 4.0.5.
1fc117df7706d0d6948b053056eb674537fc56cfce4e2641349a4d3e5274d8b4
iDefense Security Advisory 10.13.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Windows GDI+ could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing a malformed TIFF file. By supplying incorrect values in a BitsPerSample tag, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of this vulnerability in Windows XP Service Pack 2. Please see the Microsoft bulletin for additional details on affected software.
cf6057235dc06deabb97059dcda36a22488060fd8671a6c4fbe352badb98d851
iDefense Security Advisory 06.08.09 - Remote exploitation of a memory corruption vulnerability in multiple vendors' WebKit browser engine could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers. iDefense has confirmed the existence of this vulnerability in WebKit-r42162. Previous versions may also be affected.
2435fec72e75174b6080e9ba92c5e1f2ac6084a0c73ee3e6e95f87039ff1207f
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the victim to open the malformed BIFF (.xls) document. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed record, user-supplied data is copied into a stack-based buffer using a size that is calculated using contents from the record.
7113a32f28e1f4666388b1b7ce49b8355c7c7da30583bc448fdd2531f9318f3a
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing a combination of RTF tags a heap overflow occurs. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
ce5e0e1da217cf6a295fc152a35c405a6f643eab3dd911f17018432089b72331
Yahoo! Messenger version 8.1.0.413 webcam remote crash denial of service exploit.
32de211035f6458d2a00dfe2984d39fc12c90a66af5afd9370e90ac28abc405b
MSN Messenger 7.x VIDEO remote heap overflow exploit.
e7591e5b020fdc229d344b0d91c9c90fd1e912c85e046c6c5783f789597a5c17