ACROS Security Problem Report #2011-08-18-2 - A binary planting vulnerability in Mozilla Thunderbird allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
50de284a562edf3e280b13793e1465d67dae9d1e5e58327d7f298a855f29a9c1
ACROS Security Problem Report #2011-08-18-1 - A binary planting vulnerability in Mozilla Firefox allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
81c08ec71122a547d4d5f3b499ccf4eb2eb2b4311cc7c73af9122046fa6db400
Proof of concept exploit for the COM server-based binary planting presentation given at Hack in the Box in Amsterdam.
660882c80064fb7a27e3efa3e517d23e2721d9b7415e35656ca010ab4e47b744
ACROS Security Problem Report #2011-02-11-2 - A binary planting vulnerability in Adobe Flash Player allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
b2964cc6ea47c3ff494ac0ba09943749a17bee103f4f028ad03907e1a5f75be0
ACROS Security Problem Report #2011-02-11-1 - A binary planting vulnerability in Adobe Reader allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
b1e77d5df00205c724b329b0db4a695471855c8bec22c065a64777d969db1c55
ACROS Security Problem Report #2011-01-11-1 - A binary planting vulnerability in F-Secure Internet Security 2010 and 2011, F-Secure Anti-Virus 2010 and 2011 and multiple other F-Secure products allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
01f52cb96345599ee288a5aaf14347b748cc0327df5569dc06d00aff5958486b
ACROS Security Problem Report #2010-12-14-1 - A binary planting vulnerability in Windows Address Book and Windows Contacts allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
5d01b3714e5a1a07936f8d579e1f7f0c5b96811e39e1536e72e0ff2fd817f142
ACROS Security Problem Report #2010-11-10-02 - A binary planting vulnerability in Microsoft Word 2010 for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
39cad8e7dbdb46dd9950300db060a957a65f86625e02967c627e6fd585188855
ACROS Security Problem Report #2010-11-10-03 - A binary planting vulnerability in Microsoft Excel 2010 for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
372b067ad956bff5c5fe8c059ec5b674e34786161a23b90e60aea1fcf580aa01
ACROS Security Problem Report #2010-11-10-01 - A binary planting vulnerability in Microsoft PowerPoint 2010 for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
a329c4134ecfbda8db94bc668a6c672d4361d55bd4c8152e98d15e161f6e7be7
ACROS Security Problem Report #2010-11-05-01 - A binary planting vulnerability in Adobe Flash Player for local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
20d4011cacea1a5e897650169d0a521c09da2450f7b2ee46be82b6edd78f5903
Microsoft Visual Studio can automatically make an application binary planting-positive (i.e., vulnerable) even when the developer makes no programming errors.
c0aac373bffee68fe54e852d86ae18b53aec0d15a35e61bf4dfca325de3986f4
ACROS Security Problem Report #2010-09-08-1 - A binary planting vulnerability in Apple Safari for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
32cb665d6f322c391a6a1c38cae156abee997050ebc2bc06e5fd56f4d9b5541c
ACROS Security Problem Report #2010-08-18-1 - A "binary planting" vulnerability in Apple iTunes for Windows allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
edfc6547e76ce14e38a894626f62b9e37d86313d79b92a1f4362183bd1a7e662
ACROS Security Problem Report #2010-04-12-1 - A "binary planting" vulnerability in VMware Tools for Windows allows local or remote (possibly Internet-based) attackers to deploy and execute malicious code on virtual Windows machines in the context of logged-on users.
1a33ad33d61288c5a2f1bc8851a66d3420578051913dd9eb34bba9d650c3d21b
ACROS Security Problem Report #2010-04-12-2 - A "binary planting" vulnerability in VMware Tools for Windows allows a local non-administrative attacker, under certain circumstances, to execute a malicious executable on virtual Windows machines in the context of logged- on users.
f4ab6e48b6664883b247cd29bef48610a751f93149811ac6017b3e330925de9b
ACROS Security Problem Report #2009-10-30-1 - There is an HTML Injection vulnerability in the WebLogic server version 10.3 administration console that allows the attacker to gain administrative access to the server.
afb874f67261c2f5e3869658a0249ee9cea2ebb6a0e437486664f71a9744d1c9
The BEA WebLogic Server Console suffers from a HTML injection vulnerability. Version 10.0 is affected.
0e87edddc628b1f48b68ef24eeb6ae463a27c7749fcdf234b6e3a7419d4abb61
WebLogic Server and WebLogic Express, Service Pack 4, are susceptible to cross site scripting flaws.
2619b3310f3c47e89eec1626a229bb5d830f5decc8011308daf41b04d6db1c6a
WebLogic Server and WebLogic Express, Service Pack 4, suffer from an HTML injection vulnerability.
4e1a06fc9b94d88a2cec7ac59f0f8068f2d468c16b54bafaf9f0330407427003
ACROS Security Problem Report #2004-10-14-2 - A session fixation vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
a8a0911bb92bb34272d7603cf5792186b24b0b081db2b0c08b5ad280955b04b4
ACROS Security Problem Report #2004-10-14-1 - An HTML injection vulnerability exists in JRun Management Console, enabling attackers to hijack administrative sessions using cross site scripting. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
487af986bd012c24d6a3e7e4dfd960e7c9e9331bc24d864abeb1255a1d845802
ACROS Security Problem Report #2004-10-14-3 - An HTTP response splitting vulnerability exists in JRun server session management. It allows an attacker to issue an arbitrary HTTP header or HTTP body to a browser. Version affected: JRun 4 for Windows, Service Pack 1a, possibly others.
e6f43a53cf3a775f98b530eb7119a6ed338615cc3fda3c5261f7bfb46238ec5a
ACROS Security Problem Report #2004-10-13-1 - The public report released discussing the poisoning of cached HTTPS documents in Internet Explorer including workarounds and mitigating factors.
b31003f292ce532e33ac3e00b98fd52f3b033acdcbb19bcde9eb0dc39d7e3160