This paper explains the TLS / SSLv3 vulnerability for a broader audience and summarizes the information that is currently available.
e3e2ec70ee2040efbdbd9bc976ec570be8d2ff285c3860f57e0e4a9dff455e2f
Improper parsing of the PDF structure by various McAfee products leads to evasion of detection of malicious PDF documents at scantime and runtime.
74ef4730aa72a94a3d6fb571ee56a4ae27ce295cced8e9dca51ce6c1107da9f3
Improper parsing of the PDF structure by various F-Secure products leads to evasion of detection of malicious PDF documents at scantime and runtime.
9f02651ae92071b892771f844ff0763ef40c20e6cfbe5d8fad99e50e0bae8ead
Improper parsing of the PDF structure by various Symantec products leads to evasion of detection of malicious PDF documents at scantime and runtime.
c5195c92e8b5682c7ce5d732aadf8cc4e11df997abb11873f6eaa932099bcaa0
Improper handling of a specially crafted RAR archive file by the CA Anti-Virus engine arclib component leads to heap corruption and allows the attacker to cause a denial of service or possibly further compromise the system.
68c74583d8c2259e62743fb500c3ba5a7a8e32c2b91f70c32aba0e9279bc5cbd
Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code. Arbitrary remote code execution can be achieved by creating a special website and enticing the victim into visiting that site. iPhone OS versions 1.x through 2.2.1 and iPhone OS for iPod Touch versions 1.x through 2.2.1 are affected.
133f492014f2bfbfa80c0caa0d28b13729b130a662880909a1e4dec7f7c492d9
ECMAScript in IE5, IE6, IE7, IE8, Netscape, Firefox, Safari, Opera, Konqueror, Seamonkey, Wii, PS3, iPhone, iPod, Nokia, Siemens and various other browsers allows for a denial of service condition.
0565fa347a433f911f7bc37200f43fcc3f38e665338086d0cdaaf81a0163b693
The parsing engine in ClamAV versions below 0.96 can be bypassed by manipulating CAB (Filesize) archives in a "certain way" that the ClamAV engine cannot extract the content but the end user is able to.
5b71b0644c8e2c68a39b65b1d09e406706b0f0049ebfe813efb8f19923797186
The F-prot parsing engine can be bypassed by a specially crafted and formatted RAR archive.
0c190472862f04e28464f2f343fd6dc64e9cdc0911fa339c1390d3d426c7c594
The parsing engine in ClamAV versions below 0.95.2 can be bypassed by manipulating RAR and ZIP archives in a "certain way" that the ClamAV engine cannot extract the content but the end user is able to.
cd01713e1fa44a2538cd9d9db21917cfb29f9249b3fbe9364d85a76bebad8d77
Calling a CSS attr attribute with a large number leads to memory corruption in Apple Safari.
8696c6faba5a8300579b75b6979bea48b7c31cb18483efb7802cc5c6b277d26c
Apple Safari and QuickTime programs suffer from a denial of service vulnerability.
afebe5688f42de20f215c74637ba9a8e5c736d7c2a3f411f2ba4e22b0910b105
The F-prot parsing engine can be bypassed by a specially crafted and formatted TAR archive.
dfbeadbf4429aedb4b3293e8587c35d54104a2ec76c6f28051b8946cbab51a94
Norman with decompression engine versions below 5.99.07 suffer from a RAR related bypass vulnerability.
2752bd6cbaf45a3d245c65d2ae96d8968b3aaa13fc4e7e50d8bb6ee07d35ab7e
The Ikarus parsing engine versions below 1.1.58 suffer from CAB, RAR, and ZIP related bypass vulnerabilities.
358d51815c888893939a997bfb094d5961c12e6b4660b3012c271b5bda414c4b
It looks like all Kaspersky products suffer from a PDF evasion vulnerability.
cd9d34fb528ed2819f9b8bb441d40e6bcdba1169339605041dabcf34b70afc0f
The Avira Antivir Anti-Virus engine can by bypassed by specially crafted RAR, CAB, ZIP, and LH files.
b507728df20115d41c0d77dcddee65a95d9169e3affd2bae91bb1bf6aaa9fc62
Mozilla Firefox 3.x suffers from a remote denial of service vulnerability.
3dc1b9655716e15b6e5baacdba75bde317977a3227906edce4971b5f07d58c57
Mozilla Firefox 3.x suffers from a remote denial of service vulnerability.
6d915b4fa8b3b70bdca7951a40dc0558ec127c9f1f83c8070f46b77b85da1bac
The Panda parsing engine can be bypassed by a specially crafted RAR archive.
9ac3c241ee06ef07fe371b852889a42be9b6c33339e671ea7b19b30e46b88d46
The Panda parsing engine can be bypassed by a specially crafted CAB archive.
fa9e2c473bbcd3968fb0d5ba3f2f9b5dadd39e366e25f2815a3d29269c8faac8
Avira Antivir suffers from a generic PDF evasion vulnerability.
c422cef1fb8f5e6a290025368c6ea7a997667b1917a52175b810af05426a9c05
Bitdefender suffers from a generic PDF evasion vulnerability.
99a2cdc0ce6ef059b98aa6f4787625025485aefec24e2544574ee5c5cb5faee2
The F-Prot parsing engine can be bypassed by a specially crafted and formatted CAB archive.
77841a27d8754fba599c35e59f6a1993d8b7e9688fe7c6cbb6d1ba67295bcb2f
The AVG parsing engine can be bypassed by a specially crafted and formatted ZIP archive.
78ba2d958676f1093de1a3b7ea680a645c2d7465b65693c1fd0ed5118e9ef9fd