what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 36 RSS Feed

Files from Tobias Klein

Email addresstk at trapkit.de
First Active2005-11-08
Last Active2012-03-03
VLC Media Player RealText Subtitle Overflow
Posted Mar 3, 2012
Authored by Tobias Klein, SkD, juan vazquez | Site metasploit.com

This Metasploit module exploits a stack buffer overflow vulnerability in VideoLAN VLC versions prior to 0.9.6. The vulnerability exists in the parsing of RealText subtitle files. In order to exploit this, this module will generate two files: The .mp4 file is used to trick your victim into running. The .rt file is the actual malicious file that triggers the vulnerability, which should be placed under the same directory as the .mp4 file.

tags | exploit, overflow
advisories | CVE-2008-5036, OSVDB-49809
SHA-256 | 9952cf454696629976235ec8de966c57016db79252896be88870fdf2312f2133
iDefense Security Advisory 10.12.11 - OfficeImport
Posted Oct 14, 2011
Authored by iDefense Labs, Tobias Klein | Site idefense.com

iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.

tags | advisory, remote, arbitrary
systems | cisco, apple
advisories | CVE-2011-3260
SHA-256 | 942d74f656f37c0e192a61cad927f560e615855d6d84fc3d9b682b994f4e47bf
iDEFENSE Security Advisory 2011-03-21.1
Posted Mar 22, 2011
Authored by iDefense Labs, Tobias Klein

iDefense Security Advisory 03.21.11 -Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a certain maliciously constructed record. This record is used to describe a formula that is shared between multiple cells. In this record, the 'formula' field is used to specify the formula used. By corrupting certain opcodes within this formula it is possible to trigger a memory corruption vulnerability. This can lead to the execution of arbitrary code. Apple has reported Mac OS X and OS X Server 10.6 through 10.6.6 vulnerable.

tags | advisory, remote, arbitrary
systems | apple, osx
SHA-256 | 63116851ec25226dbd4100de9d28241e487287adbf0d2b37b83b6a4707c90918
iDEFENSE Security Advisory 2010-11-11.1
Posted Nov 12, 2010
Authored by iDefense Labs, Tobias Klein | Site idefense.com

iDefense Security Advisory 11.11.10 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing an Excel file with a maliciously constructed Excel record. Specific values within this record can trigger a memory corruption vulnerability, and result in values from the file being used as function pointers. This allows an attacker to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2010-3786
SHA-256 | ff890312e47483c8b1244f6d7d408e3d962c8062c33a929494899fcca53cf69b
Process Dumper 1.1 Windows Version
Posted Apr 23, 2010
Authored by Tobias Klein

Process Dumper is able to make a dump of a running process in a forensical manner. Windows version.

tags | tool, forensics
systems | windows
SHA-256 | 4bc0e65d8f2c0bf6645f69209e08992fbcb9193f1f25e64e825c0275d08dca20
Process Dumper 1.1 Linux Version
Posted Apr 23, 2010
Authored by Tobias Klein

Process Dumper is able to make a dump of a running process in a forensical manner. Linux version.

tags | tool, forensics
systems | linux
SHA-256 | 4e60a60adc611b7b94aa58472701a8fe1f939fbf445141ab433d39f4ad84d3b7
ScoopyNG - The VMware Detection Tool
Posted Apr 23, 2010
Authored by Tobias Klein

ScoopyNG combines the detection tricks of Scoopy Doo and Jerry as well as some new techniques to determine if a current OS is running inside a VMware Virtual Machine (VM) or on a native system. ScoopyNG should work on all modern uni-, multi- and multi-core cpu's. ScoopyNG is able to detect VMware even if "anti-detection-mechanisms" are deployed.

SHA-256 | 2d85b2d9706260fbcc4f2d2841c4301c97e18a67ae40072ee2956cbf75b2f720
Google Chrome 4.1.249.1042 Array Indexing Bug
Posted Apr 3, 2010
Authored by Tobias Klein

Google Chrome is vulnerable to an out-of-bounds array indexing bug, caused by the improper handling of FTP PWD command server responses. By persuading a victim to visit a specially-crafted web site containing an iframe pointing to a malicious FTP server, a remote attacker could exploit this bug and cause the browser to crash. Versions 4.1.249.1042 (Build 42199) and below are affected. Proof of concept included.

tags | exploit, remote, web, proof of concept
SHA-256 | 46a3ad56ce252ccdbd6329ea06843f21e89e1fb198ea8f464ae783e4feff2e7f
WebEx UCF atucfobj.dll ActiveX NewObject Method Buffer Overflow
Posted Mar 4, 2010
Authored by Tobias Klein, Elazar Broad, Guido Landi | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in WebEx's WebexUCFObject ActiveX Control. If an long string is passed to the 'NewObject' method, a stack- based buffer overflow will occur when copying attacker-supplied data using the sprintf function. It is noteworthy that this vulnerability was discovered and reported by multiple independent researchers.

tags | exploit, overflow, activex
advisories | CVE-2008-3558
SHA-256 | e43768f68be7b3013f27418eda7f1bf2522747aecec1b523657fd01ec1c70da7
Avast! 4.8 / 5.0 Kernel Memory Corruption
Posted Feb 25, 2010
Authored by Tobias Klein | Site trapkit.de

Avast! versions 4.8 and 5.0 suffer from a aavmker4.sys kernel memory corruption vulnerability.

tags | advisory, kernel
SHA-256 | 423e14acc68af28b36348077feb4ef7ada79727abeb0a3fa6fe5fcf347f9aa5c
Solaris / OpenSolaris UCODE_GET_VERSION ioctl Denial Of Service
Posted Feb 9, 2010
Authored by Tobias Klein | Site trapkit.de

This is a denial of service (kernel panic) proof of concept exploit for the UCODE_GET_VERSION ioctl NULL pointer dereference vulnerability on Solaris / OpenSolaris.

tags | exploit, denial of service, kernel, proof of concept
systems | solaris
advisories | CVE-2010-0453
SHA-256 | 0bb0ba7efbaa3375e563e5bdee9caa226403113256a518e9673c3e85f5d0a27d
Oracle Denial Of Service
Posted Feb 2, 2010
Authored by Tobias Klein | Site trapkit.de

The kernel of Oracle Solaris contains a vulnerability in the code that handles UCODE_GET_VERSION IOCTL requests. The vulnerability allows a local unprivileged user the ability to panic a Solaris x86 Intel-based system (32-bit/64-bit mode) due to a NULL pointer dereference. The ability to panic a system is a type of Denial of Service (DoS). The issue can be triggered by sending a specially crafted IOCTL request to the kernel.

tags | advisory, denial of service, x86, kernel, local
systems | solaris
advisories | CVE-2010-0453
SHA-256 | a524a1ba9d5742e9a071414fff6dae55d1497bb58dc841e1c7577a689c3d653c
Apple iPhone OS AudioCodecs Heap Buffer Overflow
Posted Sep 15, 2009
Authored by Tobias Klein | Site trapkit.de

The iPhone OS AudioCodecs library contains a heap buffer overflow vulnerability while parsing maliciously crafted AAC or MP3 files. The vulnerability may be exploited by an attacker to execute arbitrary code in the context of an application using the vulnerable library. One attack vector are iPhone ringtones with malformed sample size table entries. It was successfully tested that iTunes uploads such malformed ringtones to the phone.

tags | advisory, overflow, arbitrary
systems | apple, iphone
advisories | CVE-2009-2206
SHA-256 | f5526418de98c9657cbd763047a324da3b927f706fa76dd4b3293e0a4a6b43d0
libsndfile/Winamp VOC Heap Buffer Overflow
Posted May 19, 2009
Authored by Tobias Klein | Site trapkit.de

lidsndfile versions 1.0.19 and below and Winamp versions 5.552 and below suffer from a VOC processing heap buffer overflow vulnerability.

tags | advisory, overflow
SHA-256 | 426f002e38e1c490a9f976a610dedb222d0edadadfe570535bcf5629995c0307
xine-lib Quicktime STTS Atom Integer Overflow
Posted Apr 6, 2009
Authored by Tobias Klein | Site trapkit.de

Xine-lib contains an integer overflow vulnerability while parsing malformed STTS atoms of Quicktime movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of an application using the xine library. Versions 1.1.16.2 and below are affected.

tags | advisory, remote, overflow, arbitrary
SHA-256 | e630315f5a4f17bed6c30a6e60f105c698b76e14980eecb44cd918005fc63440
FFmpeg Type Conversion Vulnerability
Posted Jan 28, 2009
Authored by Tobias Klein | Site trapkit.de

FFmpeg contains a type conversion vulnerability while parsing malformed 4X movie files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of FFmpeg or an application using the FFmpeg library.

tags | advisory, remote, arbitrary
SHA-256 | fdcf90835a6517d5d2a479f58cb2df9924557def551619884e79cb3f547d6180
GStreamer Heap Overflow And Out Of Bounds
Posted Jan 23, 2009
Authored by Tobias Klein | Site trapkit.de

GStreamer gst-plugins-good versions below 0.10.12 suffer from heap overflow and array index out of bounds vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | ae5d5f7a93915193f6bbfe67a4de2d6d96a10f53637af659ba372970130ceede
Amarok Integer Overflow / Unchecked Allocation Vulnerabilities
Posted Jan 12, 2009
Authored by Tobias Klein | Site trapkit.de

Amarok contains several integer overflows and unchecked allocation vulnerabilities while parsing malformed audible digital audio files. The vulnerabilities may be exploited by a (remote) attacker to execute arbitrary code in the context of Amarok.

tags | advisory, remote, overflow, arbitrary, vulnerability
SHA-256 | b94ef4ce7d1b2e477a85e81fe7d6abeaf756a2d58b5544818985f2c20cb90bb6
Sun Solaris aio_suspend() Kernel Integer Overflow
Posted Jan 12, 2009
Authored by Tobias Klein | Site trapkit.de

Sun Solaris suffers from an aio_suspend() kernel integer overflow vulnerability.

tags | advisory, overflow, kernel
systems | solaris
SHA-256 | cf4e53dd00147f6634c2f3e122968aec17988d62f758b49a1e1ca73472516ca8
Sun Solaris NULL Pointer
Posted Dec 22, 2008
Authored by Tobias Klein | Site trapkit.de

Sun Solaris suffers from a SIOCGTUNPARAM IOCTL kernel null pointer vulnerability.

tags | advisory, kernel
systems | solaris
SHA-256 | a891f595f6f13435a2f5b8eb4f88c409b8f3d63c0a46587d1d8311e4fb22ed15
MPlayer TwinVQ Processing Stack Buffer Overflow
Posted Dec 15, 2008
Authored by Tobias Klein | Site trapkit.de

MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of MPlayer. Versions 1.0rc2 below r28150 and SVN trunk below r28149 are affected.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 3d02003114810b5a72337c7ed271ed1847f5dd7313989408e20fa407cb420c3c
TKADV2008-013.txt
Posted Dec 1, 2008
Authored by Tobias Klein | Site trapkit.de

VLC media players versions below 0.9.7 suffer from a RealMedia processing integer overflow vulnerability.

tags | advisory, overflow
advisories | CVE-2008-5276
SHA-256 | 277cdb483e2c61d2d88a42e96e43abfe8296e8b9635bed39a04fda60afbd6b13
TKADV2008-012.txt
Posted Nov 7, 2008
Authored by Tobias Klein | Site trapkit.de

The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions below 0.9.6 are affected.

tags | advisory, remote, overflow, arbitrary
SHA-256 | bacacae2218bff994d1f4690cf40e8cb5c6f0b1cbb4bd868b2cb024828b76d85
TKADV2008-011.txt
Posted Nov 7, 2008
Authored by Tobias Klein | Site trapkit.de

The VLC media player contains a stack overflow vulnerability while parsing malformed RealText (rt) subtitle files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions below 0.9.6 are affected.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 61e27c6eddbf9e4287833b974a6c98a8cbff9ad64f0e65b56725d5eebcbb162b
TKADV2008-010.txt
Posted Oct 21, 2008
Authored by Tobias Klein | Site trapkit.de

The VLC media player contains a stack overflow vulnerability while parsing malformed TiVo ty media files. The vulnerability can be trivially exploited by a (remote) attacker to execute arbitrary code in the context of VLC media player. Versions 0.9.4 and below are affected.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 3d082ad5cd82a028089e95d1402f60f67f5c3ffebc9cd1673006a937b81a57a7
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close