what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Ganesh Devarajan

TPTI-07-15.txt

Posted Sep 20, 2007

Authored by Ganesh Devarajan | Site tippingpoint.com

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the Automated Solutions Modbus TCP Slave ActiveX Control. Authentication is not required to exploit this vulnerability. The specific flaw exists within MiniHMI.exe which binds to TCP port 502. When processing malformed Modbus requests on this port a controllable heap corruption can occur which may result in execution of arbitrary code.

tags | advisory, remote, arbitrary, tcp, activex

advisories | CVE-2007-4827

SHA-256 | f0520f8bf90c6787cc532807988649bb63df556515fb667dade3c955d0dd7f3a

Download | Favorite | View

TPTI-07-07.txt

Posted May 12, 2007

Authored by Ganesh Devarajan | Site dvlabs.tippingpoint.com

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Sample Table Sample Descriptor (STSD) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption.

tags | advisory, arbitrary

systems | apple

advisories | CVE-2007-0754

SHA-256 | dc75dfbd5da0df2bcba75f15114c0fdac22be3a985c5ea1813ab5f1516b53302

Download | Favorite | View