iDefense Security Advisory 10.13.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the msofbtOPT Office Drawing record type. This record is used to provide default values for shape properties. By inserting a specially crafted property ID, it is possible to corrupt heap memory and overwrite an object pointer. iDefense has confirmed the existence of this vulnerability in Office XP SP3.
46af8ea0d27e803521a04613c0afa93c64815bbde88e5c32277735b5dbec88c0iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 95 format files. This functionality is contained within the PP7X32.DLL. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
4d2d05f1058734610733532062ed77695c73219fd1b4fe428f8e5306abe78262iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 95 format files. This functionality is contained within the PP7X32.DLL. The vulnerabilities occur when reading sound data from a PowerPoint file. In both cases, a value representing a record length is read in from the file. This value is then used to control the number of bytes read into a fixed size stack buffer. There is no check performed to ensure that the buffer can hold the number of bytes specified, which results in a stack buffer overflow. iDefense has confirmed the existence of these vulnerabilities in Office XP SP3, and Office 2000 SP3.
fcf13fe7cfc3b8b5e14e22a30f0bbac0017a3c2415c37fc364e4eef3583b5be9iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 4.0 format files. This functionality is contained within the PP4X32.DLL. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
7ce1ffb2ba312734fc860a8482e98527498becbfccdb72bf130c0baba266299eiDefense Security Advisory 05.12.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses a string in the PowerPoint file. If the size of this data is greater than a certain value, then memory corruption will occur. This memory corruption can lead to the vulnerable code executing an attacker supplied address. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
aa746668db670cf5482d819184ba1364f23aa4473b232e3400c2f14c9eed84f8iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
d46d15bace48b692d2adac056789e54ccb908fe6ccd325abcaaea4b3359934a4iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
e3f96726fc6f8d14c3ad93532bc697410b0b18a7c8eaccbcb8df96d4b0f5eb34iDefense Security Advisory 04.17.08 - Remote exploitation of a heap based buffer overflow vulnerability in OpenOffice.org's OpenOffice, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the importer for files stored using the OLE format. When parsing the "DocumentSummaryInformation" stream, the vulnerable code does not correctly verify the size of a destination buffer before copying data from the file into it. This results in an exploitable heap overflow. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3.1. Other versions may also be affected.
beba06a82f3c37e625f8a5390af46b7f3dcc88612314ae0518e218e18547ff9eMicrosoft Office XP SP3 Powerpoint file buffer overflow exploit that spawns calc.exe. Based off of the vulnerability listed in MS08-016.
089531978b6a885785ca32c982f498cf2cc3d588bbb1be680e2a031d21497962Visual Basic suffers from a local stack overflow vulnerability in vbe6.dll that can lead to a denial of service condition.
8fb3771ca08590a5f9a0570aa7087507e34bc3f0ed87eb527f2c1b21a8c11633IrfanView version 4.10 .FPX file memory corruption exploit that launches calc.exe.
fd482517054c0ff7f8c37b28f526da644268f2b1d0c0a9c0b22aa1f90d8c9676Winamp versions 5.34 and below .MP4 file code execution exploit that spawns calc.exe or binds a shell to tcp port 4444.
5231fc6957b90c9479fe8b2675abd7027a9483ca6a35b26a845bb39958c17d7fPhotoshop CS2/CS3 and Paint Shop Pro version 11.20 .PNG buffer overflow exploit that spawns calc.exe or binds a shell to tcp port 4444.
44dfeaf4cd5e5e9633631a043b2bcbf875c49f7860b82da7d501e1c99f1a7394IrfanView versions 4.00 and below .IFF buffer overflow exploit that spawns calc.exe or binds a shell to tcp port 4444.
6dd650ea32e397aafa576e1e2350950671e7fa1936dbf73cabd78835ee545190Gimp version 2.2.14 buffer overflow exploit that spawns calc.exe or binds a shell to tcp port 4444.
920de2d6270d6f063230cc1042f5b4c5c4afce6664223b66ff088c65444ed826FreshView version 7.15 buffer overflow exploit that spawns calc.exe or binds a shell to tcp port 4444.
d363d37ae4cbcebf4bef5e49037bd2c4997d8b55cc6b25dbda893dc98db046b5ABC-View Manager version 1.42 buffer overflow exploit that spawns calc.exe or binds a shell to tcp port 4444.
c27a2328ef3eb2897dc9f237418ce988f19608c649c51a49249c7a9c3fabab4dLocal buffer overflow exploit for Ipswitch WS_FTP version 5.05 server manager that launches calc.exe.
960f29a711b4cc3973b3a7313354551e8b95893a66e6fa287ef32d8773be1da6IrfanView version 3.99 .ANI file local buffer overflow exploit. Tested against Windows XP SP2 FR. This is not related to the LoadAniIcon stack overflow.
2ddba92aaf3d6072ac14fd8c2d5f9135b0936bce4cd70eb6fb691880eec491abMicrosoft Windows Animated Cursor (.ANI) local buffer overflow exploit.
c64e34f4f1bfa0a176561e8d96efc13a1f65252b8b3bec41903a133eab142fc4NewsReactor 20070220 article grabbing remote buffer overflow exploit. Version 2.
c49ff9f3f8d736e4d2e09ccebc8708bdd984b42f9a4ecc5723fcad8bce43f4a0NewsReactor 20070220 article grabbing remote buffer overflow exploit. Version 1.
eb7462d9897190a3a357747d3f0f9f0ee000b60bbc8f290414a822cb8cbd3f9cNews Bin Pro version 5.33 local buffer overflow exploit for .NBI files.
8aba7334b89fe40eeb725e4af83382b7b7a283b8cf978741119330a896e0bb9f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed