what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 12 of 12 RSS Feed

Files from Hossein Lotfi

First Active2010-12-07
Last Active2018-03-22
Microsoft Windows Embedded OpenType Font Engine hdmx Table Information Disclosure
Posted Mar 22, 2018
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose certain information. The vulnerability is caused due to an error when processing hdmx table and can be exploited to cause an out-of-bounds read memory access.

tags | advisory
systems | windows
advisories | CVE-2018-0761
SHA-256 | 2a94f7f054339d0976d53276ff87ada9d27f79dcb60ae3b25de95d30dae509bf
Microsoft Windows Embedded OpenType Font Engine Font Glyphs Handling Information Disclosure
Posted Mar 22, 2018
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose certain information. The vulnerability is caused due to an error within the t2embed.dll module when handling font glyphs and can be exploited to cause an out-of-bounds read memory access.

tags | advisory
systems | windows
advisories | CVE-2018-0760
SHA-256 | 0b68577b47235ad1c056c8041f6bba0b8dde116c586be554597f34d36dc08fa6
Microsoft Windows Embedded OpenType Font Engine "MTX_IS_MTX_Data()" Information Disclosure
Posted Mar 22, 2018
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose certain information. The vulnerability is caused due to an error within the "MTX_IS_MTX_Data()" function (t2embed.dll) and can be exploited to cause an out-of-bounds read memory access.

tags | advisory
systems | windows
advisories | CVE-2018-0755
SHA-256 | 2327aa0a2086a47bafe6a4dd4c56ff434f4ad7532bf68b3c9f82ef90955d8b00
Microsoft Windows LoadUvsTable() / LoadFont() Overflows
Posted May 23, 2017
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered multiple vulnerabilities in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. An error within the "LoadUvsTable()" function can be exploited to cause a heap-based buffer overflow via a font file containing specially crafted Unicode Variation Sequences tables. An integer overflow error within the "LoadFont()" function can be exploited to cause a heap-based buffer overflow via a font file containing specially crafted Unicode Variation Sequences tables. Successful exploitation of the vulnerabilities allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, vulnerability
systems | windows
advisories | CVE-2017-0014
SHA-256 | 6171c4189358444433b6d183844713287c38ff36227d913c707846f7d310476c
Microsoft Windows LoadUvsTable() Buffer Overflow
Posted Mar 15, 2017
Authored by Hossein Lotfi

Microsoft Windows suffers from a LoadUvsTable() heap-based buffer overflow vulnerability.

tags | exploit, overflow
systems | windows
advisories | CVE-2016-7274
SHA-256 | 6c3a2f1a4a9fce3cb5b0969cffc7d3bb342fad7daeefec4c8a8bf5c8ce602491
Microsoft Windows OTF Parsing Table Encoding Record Offset
Posted Nov 10, 2016
Authored by Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing CMAP table within Open Type Font (OTF) files and can be exploited to cause a kernel crash or disclose kernel memory via a specially crafted table encoding record offset within a OTF file.

tags | advisory, denial of service, overflow, kernel
systems | windows
advisories | CVE-2016-7210
SHA-256 | b3fe5824069c9a4b95decbd65be8308681bcd9c605cd54f833850c4f9d059f76
Microsoft Unicode Scripts Processor Arbitrary Code Execution
Posted Dec 17, 2015
Authored by Secunia, Hossein Lotfi

On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.

tags | advisory, web, arbitrary, code execution
advisories | CVE-2015-6130
SHA-256 | ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
Microsoft Windows usp10.dll "GetFontDesc()" Integer Underflow
Posted Dec 10, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer underflow error within the "GetFontDesc()" function in usp10.dll when processing font files cmap table and can be exploited to cause a heap-based buffer overflow via a font file containing cmap table data with specially crafted offset within encoding records. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | windows
advisories | CVE-2015-6130
SHA-256 | d65fab95536006f5a8a8545eff4d02524698f63bed04d5515fe21776d1ea97e1
Google Picasa CAMF Section Integer Overflow
Posted Nov 12, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing CAMF section in FOVb images and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | db72a3562dc68479de1367e98146b3c4c4222d69e61574ce70158fc840cac565
Google Picasa Phase One Tags Processing Integer Overflow
Posted Oct 26, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing data related to phase one 0x412 tag and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.9.140 Build 239 and 3.9.140 Build 248 running on Windows.

tags | advisory, overflow, arbitrary
systems | windows
SHA-256 | 5ae53f5fbef1f5539ef71eddc2a163711178502a8a9d788c3571296844ce496d
Microsoft Windows GDI "MRSETDIBITSTODEVICE ::bPlay()" EMF Parsing Memory Corruption
Posted Apr 16, 2015
Authored by Secunia, Hossein Lotfi | Site secunia.com

Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "MRSETDIBITSTODEVICE::bPlay()" function (GDI32.dll) and can be exploited to cause a memory corruption via an EMF file with a specially crafted EMR_SETDIBITSTODEVICE record. Successful exploitation allows execution of arbitrary code.

tags | advisory, arbitrary
systems | windows
advisories | CVE-2015-1645
SHA-256 | ed3d517ee666d030f5df6830cf8981005659fc92cb0c554af44305ac144591c1
iDEFENSE Security Advisory 2010-12-07.1
Posted Dec 7, 2010
Authored by iDefense Labs, Hossein Lotfi | Site idefense.com

iDefense Security Advisory 12.07.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the way specially crafted PICT image files are handled by the QuickTime PictureViewer. When processing specially crafted PICT image files, Quicktime PictureViewer uses a set value from the file to control the length of a byte swap operation. The byte swap operation is used to convert big endian data to little endian data. QuickTime fails to validate the length value properly before using it. When a length value is larger than the actual buffer size supplied, it will corrupt heap memory beyond the allocated buffer, which could lead to an exploitable condition. QuickTime Player versions prior to 7.6.9 are vulnerable.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2010-3800
SHA-256 | 4bb677daf3bb8a3483d603a95401b8fbc17090e4dfc5ab0ec2cab5cd33f94563
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close