A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files.
9aa5ede2ea03c876775407f0098c013dfd3c503cc4ebb1ee7306284def339699This whitepaper discusses low-level reversing of the BLUEKEEP vulnerability.
0677b8441e78f758bec54dab3454d421969b72e6583840ca61e41fe11d0be904Core Security Technologies Advisory - VAMPSET version 2.2.145 is vulnerable to a stack-based and heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.
57fc076cced40621b525e0c4d60739b93696cbf99216bd6939f718ba48293d6dCore Security Technologies Advisory - Advantech WebAccess version 7.2 suffers from multiple buffer overflow vulnerabilities.
909690e95e7b916c1fbab64b4af5b09fb3ba04112c7ca47c95bbd232e68cb553Core Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack). Versions 16.0.2.32 and 16.0.3.51 are affected.
138c669ee28a20c01fad95f2ddae01490a953b8043d0631d15f8c2f418a3d9c1Core Security Technologies Advisory - XnView is prone to a security vulnerability when processing PCT files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.
ca26300ca7108c01d37afc023226b062ec8f28da70b639d5efffa6f4508c47ceCore Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
df8058279a3a470f0f6120f9c7043177979a194827cfc608434c36cb3b42c698Core Security Technologies Advisory - Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC. Versions 1.1.4 through 1.1.7 are affected.
8be83321208dda4d6d31da8ff809448217d99f09c95ce0362ee9c5369cec08f6Core Security Technologies Advisory - Adobe Acrobat Reader is prone to a use-after-free vulnerability due to an invalid usage of a released memory chunk. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Acrobat Reader to open a specially crafted file and click on PAGES thumbnails.
b904c5a6e5a8de97f43c56644b6a9ba52dae475e7eef0a3f2c048059d81b1e24Core Security Technologies Advisory - A vulnerability has been found in the ActiveX control DLL (axvlc.dll) used by VLC player. This library contains three methods whose parameters are not correctly checked, and may produce a bad initialized pointer. By providing these functions specially crafted parameters, an attacker can overwrite memory zones and execute arbitrary code. Vulnerable versions include VLC media player 0.86, 0.86a, 0.86b and 0.86c.
a87e849266c4e77d90eb2721b17cdf3a56fc7d7192d74bad333d639a52d5e13e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed