Core Security Technologies Advisory - There are stack overflows on WebEx that can be exploited by sending maliciously crafted .atp and .wrf files to a vulnerable WebEx user. When opened, these files trigger a reliably exploitable stack based buffer overflow. Code execution is trivially achieved on the .wrf case because WebEx Player allocates a function pointer on the stack that is periodically used in what seems to be a callback mechanism, and also because DEP and ASLR are not enabled. In the .atp case an exception handler can be overwritten on the stack, and most registers can be trivially overwritten.
352f1691497ff70b83f9039f8094fb6c41b1beb68e1b341fbc1f1722864dc8d2
Core Security Technologies Advisory - This advisory describes two vulnerabilities that provide access to any file stored in on a user's desktop system if it is running a vulnerable version of Internet Explorer. These vulnerabilities can be used in attacks combined with a number of insecure features of Internet Explorer to provide remote access to locally stored files without the need for any further action from the victim after visiting a website controlled by the attacker.
c800a9c7100145533df8300c9ca9eb4514a7c1bea12adc78a2c14e81e1b7f5a6
Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.
33e0a80ee6c61a4d22a3cf12e25ffae5a8a5d7ba8e5f4ef6d5683d7078fb5bc7