This whitepaper is aptly named An Analysis of the (In)Security State of the GameHouse Game Installation Mechanism. It discusses unsafe permission and use-after-free vulnerabilities and how it exposes users' systems.
cb01f95c23dc75b664abdad90dadd63aa8c3e97f89381bd35a60538e5b3975dbThis Metasploit module exploits a vulnerability found in NTR ActiveX 1.1.8. The vulnerability exists in the Check() method, due to the insecure usage of strcat to build a URL using the bstrParams parameter contents, which leads to code execution under the context of the user visiting a malicious web page. In order to bypass DEP and ASLR on Windows Vista and Windows 7 JRE 6 is needed.
71b360ec4aa13486de7017b18411dfb19378317ae8e8699d3895d166df0771b8This Metasploit module exploits a vulnerability found in the NTR ActiveX 1.1.8. The vulnerability exists in the StopModule() method, where the lModule parameter is used to dereference memory to get a function pointer, which leads to code execution under the context of the user visiting a malicious web page.
6acce73c09ae26c0cdd0799d7b6afb5dff55a6136f9b0ac4216f6537527d0c5cSecunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to cause a DoS (Denial of Service). However, no checks are performed by a function in iCalendar to ensure that the supplied date-time string is longer than 8 characters. This may result in an out-of-bounds read access violation, causing GWIA to crash in case a shorter date-time string was supplied via e.g. an e-mail with a specially crafted .ics attachment. Novell GroupWise version 8.0.2 HP3 is affected.
47079011e77d4b03dcf622040e29f04c46c08e437a5ae7d2a92d9802266de359Secunia Research has discovered a vulnerability in Adobe Photoshop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation in Photoshop.exe when decompressing SGI24LogLum-compressed TIFF images. This can be exploited via a specially crafted TIFF image to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
5b250b817b803791ecb2d09e8b49b1e908f5a7faf39121b38e3d74b57f9b9b57This Metasploit module exploits a vulnerability found in Cisco Linksys PlayerPT 1.0.0.15 as the installed with the web interface of Cisco Linksys WVC200 Wireless-G PTZ Internet Video Camera. The vulnerability, due to the insecure usage of sprintf in the SetSource method, when handling a specially crafted sURL argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page.
5a88ff9a13dc712f648150200591ec804a09cb0631600c4db7449f3c17604a4bSecunia Research has discovered a vulnerability in Cisco Linksys PlayerPT ActiveX Control, which can be exploited by malicious people to compromise a user's system. Successful exploitation allows execution of arbitrary code. Cisco Linksys PlayerPT ActiveX Control version 1.0.0.15 is affected. Other versions may also be affected.
a88c10267158fe9cf2d434bc63948819deb102117186a70288596b16e3102081Secunia Research has discovered a vulnerability in NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of the "StopModule()" method and can be exploited via a specially crafted "lModule" parameter to reference an expected module structure at an arbitrary memory address. This can be exploited to dereference an arbitrary value in memory as a function pointer. Successful exploitation allows execution of arbitrary code. NTR ActiveX Control version 1.1.8 is affected.
f4c7913670d60302279ef9cbc25fdd9fd7774592fda24b75eade05cc79505853Secunia Research has discovered four buffer overflows in the NTR ActiveX control, which can be exploited by malicious people to compromise a user's system. NTR ActiveX Control version 1.1.8 is affected.
749b21b3ffb4706107fa23982681c9002436ae13b7acd96089e1d8988fdcb778Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control version 2.1.0.39, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by the ActiveX control during instantiation automatically downloading and loading DVRobot.dll from the "manifest" folder of the web server invoking the ActiveX control. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file.
e641c5041e65c7dcb486319e4f9f229021c6007e19079a2a67952f9abfd2a4b8Secunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by a boundary error in GroupWise Internet Agent (gwia.exe) within the HTTP interface (port 9850/tcp) when handling requests for certain .css resources. This can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request.
0a0e3b9755408f3ac4d24cfc5ddaa02db84cde579ed5eb0e2b98699b9e5ace5fSecunia Research has discovered a vulnerability in Novell GroupWise, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer truncation error in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses "TZNAME" variables in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation may allow execution of arbitrary code.
098e587acb10c0083b88ba844ed01cfbf1ec6d61bdeb69e7e6a4f2b9e4413126Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. An input validation error in the TIFF Import/Export Graphic Filter when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Another input validation error in the TIFF Import/Export Graphic Filter when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. Successful exploitation of the vulnerabilities may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
9dba3d0d50ecb04d6b0e88ad279009be8dcf8e519a8e80f0bd5acd274e688272Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images. This can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. Successful exploitation may allow execution of arbitrary code.
623e21468d54f2db461001bc0b8983f1dc7a59785a4ad47663b3d0349af2f8ceSecunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data. This can be exploited to corrupt memory via e.g. a specially crafted TIFF image. Successful exploitation may allow execution of arbitrary code when processing a TIFF image in an application using the graphics filter (e.g. opening the image in Microsoft Photo Editor or importing it into an Office document).
28a0cbd4c91dc6908098a5bb540ee31c831d78a7df3e6e91cc796712c465d9faSecunia Research has discovered a vulnerability in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of AAC audio content and can be exploited to corrupt memory via specially crafted spectral data. Successful exploitation may allow execution of arbitrary code.
e1d707d2fdf5b309bfa5099effc7b3f06ec130515db11e823db3c81a62298aafSecunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when copying track content based on the track's dimensions and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
911bd4b055ba39de0bc64e6b9b69f88e96dd93acfe80f04f10e0363185f748a4Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.
0e11ad9228e8586e68caa98094db7b108049945b5e471bad6d6329da58669380Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error when parsing Sorenson Video 3 content and can be exploited to corrupt memory during decompression via a specially crafted file. Successful exploitation may allow execution of arbitrary code.
e114b679b8b2a77228eda194e3cac070aeb1c50ddabcdbb4ade3ae86857bb33eSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a logic error in TextXtra.x32 when parsing "DEMX" chunks. This can be exploited to cause a heap-based buffer overflow via a specially crafted Director file as a function does not reallocate a buffer to contain a section of data as expected, but another function to still copy chunk data into the insufficiently sized buffer. Successful exploitation allows execution of arbitrary code.
0520606f6722058230d81d2805a4528a191ff0ab419df32cfb2367dc2efaca0cSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which may be exploited by malicious people to compromise a user's system. The vulnerability is caused by a function in dirapi.dll not validating the size and number of sub-chunks inside a "pamm" chunk during initial parsing of the sub-chunks. This can be exploited to corrupt memory outside the bounds of a buffer allocated for the "pamm" data via a specially crafted Director file. Successful exploitation may allow execution of arbitrary code.
a3e29c613af64c8ecff2b697ddfc189577bbb6d153195c683e72b4cc58a495abSecunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error in the VP6 codec (vp6.w5s) when parsing VP6 video content. This can be exploited to cause a heap-based buffer overflow via a specially crafted media file or stream. Successful exploitation may allow execution of arbitrary code. Version 5.581 is affected.
589a067f3f1289bab05e944bfaf2f2cc31e132d0938bcb4b2965adc396c3972bSecunia Research has discovered a vulnerability in RealPlayer SP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation in the handling of sample chunks when parsing QCP audio content. This can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. RealPlayer SP 1.0.5 is affected.
eeeb4329cff7001ffd06cec1862563c1994e5260cf8c7aa4113f614fd72bb98eSecunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the parsing of certain records in Lotus 1-2-3 workbooks. This can be exploited to cause a heap-based buffer overflow via a Lotus 1-2-3 file containing a specially crafted, overly long record. Successful exploitation may allow execution of arbitrary code. Microsoft Excel versions 2002 SP3 and 2003 SP3 are affected.
eaa3b220e89e395f1191b6a6206ef0e5d0192c66b80b7db1d9065ae7233e71adSecunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the handling of the "call-back-url" parameter value for a "op-client-interface-version" operation where the "result-type" parameter is set to "url". This can be exploited to cause a stack-based buffer overflow via an overly long "call-back-url" parameter value. Successful exploitation allows execution of arbitrary code when a user visits a malicious website. Version 5.42 is affected.
86ec5434f28f41769e1ad6322513f98a99f533295cafe1d92ffb54acee744c55
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed