Webkit memory corruption proof of concept exploit that can be leveraged against Safari versions prior to 5.1 and 5.0.6.
7cbbe6a6e224542c1004153d9ed66d546c29d2059231bcdba385d168b24ca219
Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When processing DOM queries to SVG tags, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by query some properties of SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
620665bfdb86a30421dd34b615a797945553c63b075518ac3852faa9ab9219e1
Proof of concept exploit that demonstrates the Microsoft Windows XP WmiTraceMessageVa integer truncation vulnerability as described in MS11-011.
e31bad28776892e292acb8989472895fc26f1565c00e163191c7322984a43a3b
CA Internet Security Suite 2010 KmxSbx.sys kernel pool overflow exploit.
45cfd15c0d06529b52ab386688566f0e8278373a75d9c5eb2be383fe50071a20
G Data TotalCare 2011 suffers from a NtOpenKey race condition vulnerability.
9f1feab0a328442b162f8104968fe25bd57a32efde392e06e7f6b5125ad53a02
G Data Totalcare 2011 local kernel exploit.
da43e18bec79496110a6dc0bbaa56c4065a4f2694579e4ebb125fc8ce47db60a
Avast! Internet Security aswtdi.sys local denial of service proof of concept exploit.
c2f743fbc2e7e54b3ef75ccc0f16b9c1dd0c7b3b53159fe043e7f548cd0249ec
The avipbb.sys kernel driver distributed with Avira Premium Security Suite contains a race condition vulnerability in the handling parameters of NtCreatekey function. Proof of concept included.
c7a322a2c2f49b80da7890160c04b2a4cf83452613be02530e2c277ec67dba34
AVG Internet Security version 9.0.851 local denial of service exploit.
1aa14cbfe82cb4f2d6df48a5e516c1b0830d155a2f245b15861a9ccb885b4b5e
Trend Micro Titanium Maximum Security 2011 local kernel exploit.
41ae2da1a23fdf3762a7621107424dc976249cd0b79f4c34c0438d8d2ac15510
Positive Technologies Research Team has discovered a denial of service (DoS) vulnerability in CA Internet Security Suite. The IOCTL handler in vetmonnt.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system.
5e302735926df7a191cd4c4df3119475cbea6aad9029461f9bb55779ca994495
Positive Technologies Research Team has discovered a privilege escalation vulnerability in Windows Message Queuing service (MSMQ). The IOCTL handler in mqac.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary code with SYSTEM privileges.
8ffd0feedce3b0229ddad304c6664e17c7f172827df31047e4e31a0d9b51cb9a
Positive Technologies Research Team has discovered several vulnerabilities in PGP Desktop version 9.9.0 build 397.The IOCTL handler in pgpdisk.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system. The IOCTL handler in pgpwded.sys does not properly validate buffer data associated with the Irp object, which allows local users to crash the system or execute arbitrary code with SYSTEM privileges.
fd5eb6e092f6ede62acc2131f53c5d1028be46e09b1d5723579e413840eb7309
Positive Technologies Research Team has discovered denial of service vulnerabilities in VMware products. The IOCTL handler in hcmon.sys does not properly validate buffer data associated with the Irp object, which allows local users with administrative privileges to crash the system.
8dfa92c260d4fac7e9d8c687edbedf3df93ac8a4ae132c58baa7bd66e23e9527
Positive Technologies Research Team has discovered privilege escalation vulnerabilities in VMware products. Buffer overflow vulnerability exists in vmci.sys driver. Local user with administrative privileges can execute arbitrary code with SYSTEM privileges.
e8d8290d8dfef07338b1189deb335ea179d581425e273da9ba47e663b96875d1
Positive Technologies Research Team has discovered multiple privilege escalation vulnerabilities in Trend Micro products. The IOCTL handler in tmactmon.sys uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate buffer data associated with the Irp object, which allows local users to gain SYSTEM privileges.
55ea736f59fb7ae8994b65029d905f7cae968eb2e5909d99df231a466897d933
Multiple products from SlySoft suffer from a ElbyCDIO.sys related denial of service vulnerability. These include AnyDVD versions 6.5.2.2 and below, Virtual CloneDrive versions 5.4.2.3 and below, CloneDVD versions 2.9.2.0 and below, and CloneCD versions 5.3.1.3 and below.
0ce75cc8c75a32c60529ae528a90d4590e31aac42ede1863d10a2a91bea510e8