Zero Day Initiative Advisory 11-079 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3D assets within a director movie. The routine responsible for parsing 3D record type 0xFFFFFF45 does not properly validate a count field within the structure. If this value is too large, the process can create a faulty allocation. Later, when the rendering routine attempts to use this buffer memory is corrupted. This can be abused by remote attackers to execute arbitrary code under the context of the user running the browser.
4aedd4bb4d1deaad57866acc6368ac0682cf648de2631fee1111da6ebb45103aZero Day Initiative Advisory 11-078 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3D assets within a director movie. The routine responsible for parsing 3D record type 0xFFFFFF88 does not properly validate multiple fields within the structure. If these values are too large, the process can create a faulty allocation. Later, when the rendering routine attempts to use this buffer memory is corrupted. This can be abused by remote attackers to execute arbitrary code under the context of the user running the browser.
551077bbcdbc20e88d17ce6a140cf7492b7ee25d7ca4760b4197be8892d5a6f8Zero Day Initiative Advisory 11-076 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the temporary file naming scheme used for storage of references to Real Media files. This easily predictable temporary filename can be brute forced and used in combination with the OpenURLinPlayerBrowser function available in classid:FDC7A535-4070-4B92-A0EA-D9994BCC0DC5 to execute the file. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
b64af996fba65a6fad3a4858272b41fc067a43700f0a86b634c422c12fe30200Zero Day Initiative Advisory 11-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application.
97cb2db7d4506345cd480076cb26cfd54bfb85760f9c82a8991fcde3dd24cd16MIT krb5 Security Advisory 2011-001 - The MIT krb5 KDC database propagation daemon (kpropd) is vulnerable to a denial-of-service attack triggered by invalid network input. If a kpropd worker process receives invalid input that causes it to exit with an abnormal status, it can cause the termination of the listening process that spawned it, preventing the slave KDC it was running on from receiving database updates from the master KDC.
7cf25f2ff026501a57cf8c31911a2fe6b46fe68de815df7baaf8ae13556ff833iDefense Security Advisory 02.08.11 - Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host. An integer overflow vulnerability exists in the "shimgvw" library. During the processing of an image within a certain function, a bitmap containing a large "biWidth" value can be used to cause an integer calculation overflow. This condition can lead to the overflow of a heap buffer and may result in the execute arbitrary code on the targeted host.
f6124a1b8cbfad6d5655d8dd9b8857fd339410ce72f7e673b15b3fbb4d62778cZero Day Initiative Advisory 11-075 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rt3d.dll component explicitly trusting a length embedded within a particular file in order to calculate the length of a buffer. The application will then duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.
61ec0e9fc614fc15d89ba9f014b8575218633e7fa69ae8e27846d6202d04e00brpc.cmsd / Calendar Manager RPC service remote proof of concept buffer overflow exploit for Solaris, AIX, and HP-UX.
5b93d417eda40ad6a76cd6bd81c57c1a00b7622bb6aa9d80ff8bb2625d7e3c02Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
a4872e60f6e6ed7cb64dd8d36558ce6d15d045f8e973c78e8477ab1e05a2e3f9DESlock+ versions 4.1.10 and below local kernel ring0 SYSTEM exploit.
6d81d37ec3a4bd0dff474da4bfb9bee0c80d7d3647cf53e3788e2745cd5e0127A vulnerability has been discovered in one of Data Encryption Systems DESLock+ kernel drivers, an attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a denial of service attack via a page fault caused by an invalid pointer dereference.
7a85dca3c14a043d5c16bd8fe365050baffb5a1043967d8a4d01b841f9701f6fWebAsyst Shop-Script version 2011.01.23 suffers from cross site scripting vulnerabilities.
5903cb3b651f231ada8820726d8baea28a5c6b738758a594afd5ab3d57080ddfZero Day Initiative Advisory 11-073 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the ICC parsing component of ACE.dll. It is possible to cause an integer overflow due to several multiplications of controlled byte values. This leads to the allocation of a small buffer which can subsequently be overflowed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running Reader.
5377eaefd1b16bdd7c45ed58a3f1023c146fc042640043e07d743d13564d3b84Zero Day Initiative Advisory 11-072 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of rt3d.dll. When allocating a destination buffer for handling 4/8-bit RLE compressed bitmaps, the process uses the bitmap bits per pixel and number of colors values directly. A pointer is created based on the specified color depth, which can then be used to copy user supplied data into the fixed-length color data buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
a0307babb5f84b7474b4227719e00a3f47917438731ace1d1001e36facc4f373ViArt Shop version 4.0.5 suffers from multiple cross site scripting vulnerabilities.
64c028598a63647a7426731f268b4ab2e7c0f6f73f11def2837cb27a9d57f85ePHP-Fusion Auto Database System version 1.0 Infusion suffers from a remote SQL injection vulnerability.
707572eda0949f9187d7f0eb4227494189e0f6d0dd2ddc05a645688c48d316b8Zero Day Initiative Advisory 11-071 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the Bitmap parsing component of 2d.dll. When allocating a destination buffer for handling RLE_8 compressed bitmaps the process uses the bitmap height and width values directly. Certain assumptions are made regarding minimum values of these fields during decompression resulting in a copy user supplied data into a fixed-length buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user.
22978ec004ed6f3a2031d7a3b2b2c25cfdebb726503ec302e89a3c5c66547512Zero Day Initiative Advisory 11-070 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. Due to the decompression being unbounded by the actual buffer size, a buffer overflow can be made to occur leading to code execution under the context of the application.
ea50930574b31667e88077d8eb8ea4e114c3c4f0993f65a2c2a02d7848ac7115Zero Day Initiative Advisory 11-069 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use a supplied size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. Due to the decompression being unbounded by the actual buffer size, a buffer overflow can be triggered leading to code execution under the context of the application.
c658f7e11ed0ee360abf96b040e9228b109d1f4f50258666bd466d8339844b64Zero Day Initiative Advisory 11-068 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. Due to the decompression being unbounded by the actual buffer size, a buffer overflow can be triggered leading to code execution under the context of the application.
6a4db328b804e49f249f1fbf52089541c082ebdd1a26b2e4be5fe742a80b57f2Zero Day Initiative Advisory 11-067 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. Due to the decompression being unbounded by the actual buffer size, a buffer overflow can be triggered leading to code execution under the context of the application.
639487d6ca63385d588e72caf048d7cbf80cb55137fd677a5665f8d82f61f8e4Zero Day Initiative Advisory 11-066 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. Due to the decompression being unbounded by the actual buffer size, a buffer overflow can be made to occur leading to code execution under the context of the application.
e3bcc174f08bb966116fe48b546b45c1b01bcd1e98977a0d74d0053f25393163Zero Day Initiative Advisory 11-065 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AcroRd32.dll. Initially, a pointer passed to memset can be miscalculated and the resulting copy operation corrupts heap memory. Later, the application attempts to use the modified data which can be leveraged to execute arbitrary code under the context of the user invoking the Reader application.
a6c233a1c88593c34db25f020f92574ca0f0f05fc8ae99e478c6d4ec3bd1e7daZero Day Initiative Advisory 11-064 - This vulnerability allows local attackers to execute arbitrary code from the context of kernelspace on vulnerable installations of Microsoft Windows. The ability to make a system call is required in order to exploit this vulnerability. The specific flaw exists within the kernel's support for Trace Events. Due to a bad type conversion, the kernel will use a truncated length for allocating data from userspace. When populating this buffer the kernel will use a differing length causing a buffer overflow. This will cause memory corruption and can lead to code execution under the context of the kernel.
fb34574bb8d5c5f4bc812c8231d09f55b00c7481accb6d8d909623a5d3709219Zero Day Initiative Advisory 11-063 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Visio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Visio handles parsing the VisioDocument stream. Upon handling a malformed stream, the application will raise an exception. While handling this exception, the application will access the vtable of an object that hasn't been completely initialized yet. Successful exploitation could lead to code execution under the context of the application.
d68296c9567cbc004232b7c3e619d2141f25fc11114ae43b0d5f3a59520d7fea
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed