A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qts library responsible for parsing Kodak encoded images. A lack of proper error checking can result in a heap based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. Version 7.4.1 is affected.
5a0f77158c978f158930d805cbf54223c82dcde935126e51c91eed9af13d4e95Microsoft Word 2003 is prone to a memory corruption vulnerability while parsing a specially crafted Word file. The vulnerability is caused by calculation errors while parsing certain fields within the barely documented, File Information Block (FIB). Fortinet Endpoint Solution For Enterprise, FortiClient is prone to a local privilege escalation due to the improper device filtering carried out by its filter driver, fortimon.sys.
ccdb4a7ba12daed204e5937fc64ff6cfdfc687f2f6d87262aed8224268f84dc6K-Plugin for Kartoffel that exploits WDM Audio Drivers.
042ebae1315d13a3c95adcddabacc43987a422b3e6eef43023174235e2f8c7bbWhitepaper called Exploiting WDM Audio Drivers. This paper explains an attack vector inherent to certain WDM audio drivers running on Windows Vista, XP, 2000 and 2003. Successful exploitation could lead to local escalation of privileges.
9cbca45b4be7edc8ff733bf3de9195c2f60ed5817c5be356604c988f2adb213fA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious image file. The specific flaw exists in the parsing of the pict file format. If an invalid length is specified for the UncompressedQuickTimeData opcode, a stack based buffer overflow occurs, allowing the execution of arbitrary code. QuickTime version 7.2 is affected.
c02cab1df640e091a923dcfe61a2ca82c092fa0048c2a4ca4cac05c8466adc61A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of Poly type opcodes (opcodes 0x0070-74). Due to improper handling of a malformed element in the structure heap corruption occurs. If properly constructed this can lead to code execution. QuickTime version 7.2 is affected.
b703a5542306c05169cf942ffeffd6c780cfb163f202ecd430986c7e85b13405A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist in the parsing of the PackBitsRgn field (Opcode 0x0099). Due to improper handling of a malformed element in the structure, heap corruption occurs. If properly constructed this can lead to code execution running under the credentials of the user. QuickTime version 7.2 is affected.
32eb11628e589a075650eb1d310a3bdc448d1426d99253e29834677fac4146b0A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the parsing of the CTAB atom. While reading the CTAB RGB values, an invalid color table size can cause QuickTime to write past the end of the heap chunk. This memory corruption can lead to the execution of arbitrary code. QuickTime version 7.2 is affected.
f41eb0c98c59bc787e7c6f5beb244f618216d6a53083be1858854cbcb546744aiDefense Security Advisory 10.25.07 - Local exploitation of a buffer overflow vulnerability within Tmxpflt.sys, as included with Trend Micro Inc.'s AntiVirus engine, could allow an attacker to execute arbitrary code in kernel context. iDefense Labs has confirmed the existence of this vulnerability in following Trend Micro Products: Trend Micro's PC-Cillin Internet Security 2007, Tmxpflt.sys version 8.320.1004 and 8.500.0.1002. All products using Trend Micro's scan engine such as Trend Micro ServerProtect, Trend Micro OfficeScan are also suspected to be vulnerable.
b314be90bd52c861475b0bc304415f6bb6eefe9113b790ec7a615f586d84fc43Macrovision Safedisc secdrv.sys privilege escalation exploit for use with Kartoffel. Exploit Microsoft Windows XP SP2 and 2003.
d6d916e9ed801ae67787048fc759ceaab183f26a46e0550aaf9a5901c539b061ZoneAlarm versions prior to 7.0.362 suffer from an insufficient buffer validation vulnerability.
186aa6262740ac32b55607074f0859fce81bc42af25ca304328d258ce4e7d0e6iDefense Security Advisory 08.20.07 - Local exploitation of multiple input validation vulnerabilities within multiple Check Point Zone Alarm products could allow an attacker to execute arbitrary code in kernel (ring0) context. The problems specifically exist within the IOCTL handling code in the vsdatant.sys device driver. The device driver fails to validate user-land supplied addresses passed to IOCTL 0x8400000F and IOCTL 0x84000013. Since the Irp parameters are not correctly validated, an attacker could utilize these IOCTLs to overwrite arbitrary memory with the constant double-word value of 0x60001 or the contents of a buffer returned from ZwQuerySystemInformation. This includes kernel memory as well as the code segments of running processes. iDefense has confirmed the existence of these vulnerabilities within version 6.5.737.0 of vsdatant.sys as installed with Check Point Zone Labs Zone Alarm Free. All other products within the Zone Alarm product line are suspected to be vulnerable. Previous versions are also suspected to be vulnerable.
ac81452faefe840d9f43dafabb215a820a2aa179a4f8fc68dcd428acf8f7a47dMicrosoft DirectX is prone to a heap overflow vulnerability due to the improper handling of targa files.
03e1bb283cdd5f170e5ea16130b2dfe7f4e54b654371ea164596ad7f327b13ddiDefense Security Advisory 07.18.07 - Exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX library could allow an attacker to execute arbitrary code in the context of the current user. The vulnerability specifically exists in the way RLE compressed Targa format image files are opened. The Targa format allows multiple color depths and image storage options, depths and image storage options, and includes the ability to use run-length encoding (RLE), compression on the image data. This is a compression method which finds a 'run' of the pixels the same color and instead of storing the value multiple times, encodes the number of times to repeat one value. For example, instead of storing 'AAAAAAAA', it may encode that into 'store "A" 8 times'. The buffer allocated for the image data is based on the width, height and color depth stored in the image, but when decoding this type of file, no checks against writing past the end of the buffer are performed. If the encoding specifies more data than has been allocated, a controlled heap overflow can occur. iDefense has confirmed that libraries in Microsoft's DirectX SDK (February 2006) are vulnerable, as are the DirectX End User Runtimes (February 2006). It is suspected that previous versions are also affected, including the DirectX 9.0c End User Runtimes.
65a8ef11d3c0825d101a4d5aa33da3d8ed332c01adf3fd8cffe1d192e5863cedVmware Virtualization products are affected by a design flaw which can lead to a local denial of service vulnerability within the Guest OS.
eec194da74af6c25c85bfcfe36dfa83c8ac14e7f88170847a208041bd6b35692ZoneAlarm's srescan.sys versions 5.0.155 and below suffer from a local privilege escalation vulnerability.
775c99470739d0eb1c3a8cd2b64abad45293f4d798c6987cc8f13256f43795e6iDefense Security Advisory 04.20.07 - Local exploitation of multiple design error vulnerabilities within multiple Check Point Zone Alarm products could allow an attacker to gain elevated privileges. iDefense has confirmed the existence of these vulnerabilities within version 5.0.63.0 of srescan.sys as installed with Check Point Zone Labs Zone Alarm Free. All other products within the Zone Alarm product line are suspected to be vulnerable. Previous versions are also suspected to be vulnerable.
83b862129517b60146e0d9b85f3dc72dbcc63462a1d0dc679845a5fee0f1a5c2The NDISTAPI.sys kernel-mode component of Microsoft Windows XP SP2 and Microsoft Windows 2003 Server SP1 is exposed to unprivileged users.
272d9b14991d19fac00b4d563780df43dbdd22f220e603e77d0daf0566a13ab9iDefense Security Advisory 03.05.07 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user. The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed. iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.
fec5cfa3ca512e52554badeb637b6197568fa66695d6a4894d6a34b8670d4953TmComm.sys is exposed through various Trend Micro products allowing for arbitrary code execution.
5603190000d5df1f93eef7520f7a177e84d9495b9d251ee328b31970e97b72bdiDefense Security Advisory 02.07.07 - Local exploitation of an input validation vulnerability within version 1.5.0.1052 of TmComm.sys as included with Trend Micro's AntiVirus engine could allow an attacker execute arbitrary code in kernel context. This vulnerability specifically exists due to insecure permissions on the \\.\TmComm DOS device interface. The permissions on this device allows "Everyone" write access. This could allow a locally logged in user to access functionality via IOCTLs which was designed for privileged use only. Additionally, the IOCTL handlers for this DOS device interface do not validate addresses passed to them. As such, it is possible to overwrite arbitrary memory or execute attacker-supplied code in the context of the kernel (RING 0).
47e891511817c6191b842e3d5cab713abafda306c646da3189ce8577d7ead857Microsoft Windows NTRaiseHardError Csrss.exe proof of concept memory disclosure exploit.
f954af75e1a5a52b8e2352b2535467abe1a62f9e896a3fc3b8df24efc02ce1ecLocal privilege escalation exploit for the kmxstart.sys Computer Associates "Host Intrusion Prevention System" engine driver version 6.5.4.10.
57ff05933d26f1638a98a4a6b218930859f8eeb4d7d658107b258f0ac117cf50Local privilege escalation exploit for the kmxfw.sys Computer Associates "Host Intrusion Prevention System" engine driver version 6.5.4.31.
dcf3649d586540d0bc82df887451bb3335ecbb7b2a38d347c8ebe6057c64e1ecThe Computer Associates "Host Intrusion Prevention System" engine drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges.
88676a9217a7cd3f24ed9e5986432dc1d76aa939fcc6e29be5b6454e6ef74c46
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed