A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. This can result in arbitrary code execution under the context of the current user.
69fedebd39ae5325af19cf3b911107a594218eaf78e8854814af705e0eb836e1A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. During copying of this to the newly allocated buffer, the application will overwrite heap structures with attacker-supplied data that can then be leveraged to achieve code execution with the privileges of the application.
64031b7963a8183849481e9b4f497d24a2a4b9e9c4d0c42051491727813240a3A vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing specially formulated xml, the application will corrupt an internal data structure. Whilst deallocating this data structure, the application can be tricked into freeing a single allocated chunk multiple times, which can potentially lead to code execution.
0a3bb0651dccdaccf0dce67e0c5fad1b2a93d2ec1c4babc22f0814d43b035077A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. When creating a tooltip for an image, the application generates an XML tag including a property containing the filename. This data is then copied directly into a stack-based buffer without any length verifications which can eventually lead to code execution with the privileges of the client.
ccf4a13dfd890cabd4e17cd20131ee7971a15f2f9efbd2d2ff84366a9eea1e91iDefense Security Advisory 08.12.08 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Office filter for WordPerfect Graphics Files, could allow an attacker to execute arbitrary code with the privileges of the victim. This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code. iDefense has confirmed this vulnerability in the following versions of Microsoft Office; Office XP SP3, Office 2003 SP2, Office 97. Other versions may also be affected.
741b9a8dfe66a386492a78748e537e58ca472a1b8d510f626a6e5ff078151ef0A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.
87cfdcbb6613e14cedaf10c5b3083bd9012df90c3f6873619469e64a0001b4c8A vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code.
5beac44d9fa93dd531a5772fb664510c95b8fb10a85ab02246b9e9235be2a914iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for reading in sections within a PE binary packed with the WWPack executable compressor. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
4d031b3623c5acf6d2df2a012826f123b600e16b2467a042482a60b36cd59aabiDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for decompressing sections within a PE binary packed with the PeSpin executable protector. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
12c041db8179f0af23b92ec5c1b92fa5e93528888fedbef1b5e18790d04781faiDefense Security Advisory 02.12.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Works Converter, as included with Microsoft Office, could potentially allow an attacker to execute arbitrary code as the current user. This vulnerability stems from improper input validation of OLE structures within wkcvqd01.dll when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, heap corruption can occur. This leads to a potentially exploitable condition. iDefense has confirmed that wkcvqd01.dll version 7.03.0616.0, as included with Microsoft Office 2003, is vulnerable to this issue. Older versions are assumed to be vulnerable as well. Additionally, Microsoft Works itself is suspected to be vulnerable.
32ffb0aa2cf242fe619293167d1c2c969fe87d8c43749f7ae32ff4984f67495aiDefense Security Advisory 02.16.07 - TrendMicro's ServerProtect product uses a web interface which runs on port TCP 14942 to configure the product. This interface is protected with a user configurable password. Upon successful login, a cookie is set with the name 'splx_2376_info' and a valid session id as its value. The ServerProtect web application suffers from a design error vulnerability in its authorization checking routines. Attackers can gain full access to the web application by requesting any internal page while supplying their own 'splx_2376_info' cookie with an arbitrary value. iDefense has confirmed this vulnerability in Trend ServerProtect v1.3 for Linux. This vulnerability is not present in the Windows based versions of Server protect.
7526f737f4d486bbd52cceb0d0f0278593c220859fda585bc67acd98645d1085iDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Heap Overflow attack when scanning malformed CHM archives. Specifically, if the CHM file has a Window_size of 0 set in a LZX decompression header then memory corruption will occur. Sophos Antivirus for Linux product version 4.03 and engine version 4.05 are affected.
182af370ccde593d5804cd8d52fb3416866ed89454cd4bd2364de8c278d29f3aiDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Memory Corruption vulnerability when scanning malformed CHM archives. This memory corruption vulnerability can be triggered when Sophos Antivirus engine scans a malformed CHM file which has a large name length specified in a CHM chunk header. Affected includes Sophos Small business edition (Linux) product version 4.06.1 and engine version 2.34.3.
ee9c0956599b2f599795e3855ac7854534cef49c18fe996453def6c145846b4biDefense Security Advisory 12.08.06 - Remote exploitation of a denial of service vulnerability in Multiple Vendors' Antivirus engines allows an attacker to cause the engines to consume excessive resources. The affected vendors' scan engines are vulnerable to a DoS attack when scanning specially malformed RAR archives. Specifically, the malformed archives will have the head_size and pack_size fields set to zero in Archive Header section. When such a file is encountered, the affected scan engines will enter an infinite loop. Confirmed systems affected: Sophos Small business edition (Windows/Linux) 4.06.1 with engine version 2.34.3. Trend Micro PC Cillin - Internet Security 2006. Trend Micro Office Scan 7.3. Trend Micro Server Protect 5.58.
67c4a280c65b80adddfea7555c151689fa0a7b7c4e14641e6726e9b11f3ce9f5ImageMagick versions 6.2.8 and below suffer from a heap overflow in ReadSGIImage().
5950a0314acf70e0dd34e433fec8db1056c5f593a0011bb867946fcbe9014527Remote exploitation of a heap overflow vulnerability in ClamAV versions below 0.88.4 could allow execution of arbitrary code or cause a denial of service.
1cd849986b87713037475de463f4c103a2493f35031e88976bb88641e50d07a1Overflow.pl Security Advisory #5 - Clam AntiVirus Win32-UPX Heap Overflow: Remote exploitation of an integer overflow vulnerability could allow execution of arbitrary code or cause denial of service.
a079b9e2c3c8cd3397a0b0dcf893077f32ec7c922641600173613bedb7dccf63Overflow.pl Security Advisory #4 - Blender BlenLoader Integer Overflow - Remote exploitation of an integer overflow vulnerability could allow execution of arbitrary code or cause denial of service.
ecad4ecf01d7a30fd3c0c8494f3547a01b76cffdd091d9ddd8de47fbe8856d76SHOUTcast DNAS/Linux version 1.9.4 format string remote exploit. Tested on slackware 9.1 and 10.0. Bind a shell to port 7000.
d2c5f4ccf6da4f8162e3796a3521048971da31a1653d14c5d1dc589793cbd7bd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed