what you don't know can hurt you
Showing 1 - 25 of 90 RSS Feed

Files from Carsten Eiram

First Active2003-04-24
Last Active2013-09-10
GameHouse Unsafe Permissions / Use-After-Free
Posted Sep 10, 2013
Authored by Carsten Eiram

This whitepaper is aptly named An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism. It discusses unsafe permission and use-after-free vulnerabilities and how it exposes users' systems.

tags | advisory, vulnerability
MD5 | 7573d36c8e5c60c8b9b2b0ec133898d3
NTR ActiveX Control Check() Method Buffer Overflow
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.

tags | exploit, web, code execution, activex
systems | windows, vista, 7
advisories | CVE-2012-0266, OSVDB-78252
MD5 | d9429e02b0749c6070e28df7c47954a1
NTR ActiveX Control StopModule() Remote Code Execution
Posted Sep 22, 2012
Authored by Carsten Eiram, juan vazquez | Site metasploit.com

This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, code execution, activex
advisories | CVE-2012-0267, OSVDB-78253
MD5 | de0a843ca0d9e37bb628a6ee0568795c
Novell GroupWise iCalendar Date/Time Parsing Denial of Service
Posted Sep 17, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to cause a DoS (Denial of Service). However, no checks are performed by a function in iCalendar to ensure that the supplied date-time string is longer than 8 characters. This may result in an out-of-bounds read access violation, causing GWIA to crash in case a shorter date-time string was supplied via e.g. an e-mail with a specially crafted .ics attachment. Novell GroupWise version 8.0.2 HP3 is affected.

tags | advisory, denial of service
advisories | CVE-2011-3827
MD5 | 295a73ebe071ceada11101ab06f90a70
Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow
Posted Sep 3, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation in Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images. This can be exploited via a specially crafted TIFF image to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2012-0275
MD5 | d6f088d9d94fadce902ce1bdb93b21d3
Cisco Linksys PlayerPT ActiveX Control SetSource sURL argument Buffer Overflow
Posted Aug 3, 2012
Authored by Carsten Eiram, juan | Site metasploit.com

This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.

tags | exploit, web, overflow, code execution
systems | cisco
advisories | CVE-2012-0284
MD5 | ecab8e56ceac6dddbd1e6960e3f65b68
Cisco Linksys PlayerPT Active-X SetSource() Buffer Overflow
Posted Jul 17, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.

tags | advisory, overflow, arbitrary, activex
systems | cisco
advisories | CVE-2012-0284
MD5 | 7f6a48e8406e1e958428ab0ef9b73cf2
NTR ActiveX Control StopModule() Input Validation
Posted Jan 12, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.

tags | advisory, arbitrary, activex
advisories | CVE-2012-0267
MD5 | 2c8a2024bca6163f58a076a2997feca7
NTR ActiveX Control Four Buffer Overflows
Posted Jan 12, 2012
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.

tags | advisory, overflow, activex
advisories | CVE-2012-0266
MD5 | bb2fb73522f7d89a541f1a1680cf29bb
DVR Remote ActiveX Control DVRobot Library Loading
Posted Nov 17, 2011
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.

tags | advisory, remote, web, arbitrary, activex
advisories | CVE-2011-3828
MD5 | 6617e4dcfda6c32a809c242d20e34a30
Novell GroupWise Internet Agent HTTP Interface Buffer Overflow
Posted Sep 27, 2011
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.

tags | advisory, web, denial of service, overflow, tcp
advisories | CVE-2011-0334
MD5 | 44fbab0b842830e629ffba61537857fd
Novell GroupWise Internet Agent TZNAME Parsing
Posted Sep 27, 2011
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2011-0333
MD5 | 8577c3bf385c08cc68b0d6332631fde5
Microsoft Office TIFF Image Converter Two Buffer Overflows
Posted Dec 20, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

tags | advisory, overflow, arbitrary, vulnerability
advisories | CVE-2010-3947
MD5 | c936a3c75f287646d175d3e6d8984e12
Microsoft Office Document Imaging Endian Conversion
Posted Dec 20, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-3950
MD5 | 534087e2724e5e7c79ecc962f1d30834
Microsoft Office TIFF Image Converter Endian Conversion
Posted Dec 20, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).

tags | advisory, arbitrary
advisories | CVE-2010-3949
MD5 | 780b6c26e88ea2de275ecb5b134156ed
RealPlayer AAC Spectral Data Parsing
Posted Dec 20, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of AAC audio content and can be exploited to corrupt memory via specially crafted spectral data. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-0125
MD5 | 0aa1f6e0445e5f5ec810383ec2c8a82f
QuickTime Track Dimensions Buffer Overflow
Posted Dec 8, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when copying track content based on the track's dimensions and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1508
MD5 | d0b224acd73fb622c54986e75999123e
Winamp NSV Table of Contents Parsing Integer Overflow
Posted Dec 2, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2586
MD5 | d90570f576f4d513045a44eb57043f26
QuickTime Sorenson Video 3 Array-Indexing
Posted Nov 11, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error when parsing Sorenson Video 3 content and can be exploited to corrupt memory during decompression via a specially crafted file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-3793
MD5 | 19e4a12ee66721e2d22ea536d5b490aa
Adobe Shockwave Player "DEMX" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2582
MD5 | 061d0e03670a14fb830e0d5925cefc41
Adobe Shockwave Player "pamm" Chunk Parsing
Posted Oct 29, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2010-2581
MD5 | a728cd76edd25558331438f7dcb649d7
Winamp VP6 Content Parsing Buffer Overflow
Posted Oct 28, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream. Successful exploitation may allow execution of arbitrary code. Version 5.581 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1523
MD5 | bb16292a6c7745ef07eb2fa4ab0caf6a
RealPlayer QCP Sample Chunk Parsing Buffer Overflow
Posted Oct 19, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in RealPlayer SP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of sample chunks when parsing QCP audio content. This can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. RealPlayer SP 1.0.5 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-2578
MD5 | 9f365bc68e79404491f1b8b4eef7f5f8
Microsoft Excel Lotus 1-2-3 File Parsing Vulnerability
Posted Oct 14, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the parsing of certain records in Lotus 1-2-3 workbooks. This can be exploited to cause a heap-based buffer overflow via a Lotus 1-2-3 file containing a specially crafted, overly long record. Successful exploitation may allow execution of arbitrary code. Microsoft Excel versions 2002 SP3 and 2003 SP3 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-3233
MD5 | 3de9bf69ffb1f11da1d01b274da2d23f
Novell iPrint Client call-back-url Buffer Overflow
Posted Aug 21, 2010
Authored by Carsten Eiram | Site secunia.com

Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the handling of the "call-back-url" parameter value for a "op-client-interface-version" operation where the "result-type" parameter is set to "url". This can be exploited to cause a stack-based buffer overflow via an overly long "call-back-url" parameter value. Successful exploitation allows execution of arbitrary code when a user visits a malicious website. Version 5.42 is affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2010-1527
MD5 | 0a7067086c1057afdfa89dec5e8739d3
Page 1 of 4
Back1234Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    22 Files
  • 15
    Nov 15th
    18 Files
  • 16
    Nov 16th
    1 Files
  • 17
    Nov 17th
    3 Files
  • 18
    Nov 18th
    22 Files
  • 19
    Nov 19th
    17 Files
  • 20
    Nov 20th
    15 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close