| Real Name | Yorick Koster |
|---|---|
| Email address | private |
| Website | nl.linkedin.com/in/yorickkoster |
| First Active | 2009-07-17 |
| Last Active | 2020-09-30 |
WordPress Email Users plugin version 4.8.2 suffers from a cross site scripting vulnerability.
d654807b929b6f367ad58d1f8550c77413849b7b0bb9c1483f72aa7ebba83717Microsoft Visio suffers from a DLL hijacking vulnerability.
53c0212c96208c6e0d2e1e1d7370c5d98fdadabd301ae83fe691067fc4c7adc9A DLL side loading vulnerability was found in the .NET Framework version 4.6 when running on Windows Vista or Windows 7. This issue can be exploited by luring a victim into opening an Office document from the attacker's share. An attacker can use this issue to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system. If the WebDAV Mini-Redirector is enabled, it is possible to exploit this issue over the internet. This issue can be exploited even if the Office document is opened in Protected View.
1fb365836205d5377a82bf14506445c9d12b9a1770f630bfeaefcc48a647ab60A DLL side loading vulnerability was found in the Windows Mail Find People DLL.
ea917827aad00097e1d2145c6360443bad6934c6dc351135b29531a3c97f5ddeA DLL side loading vulnerability was found in the MapsUpdateTask Task DLL that ships with Windows 10. This issue can be exploited by loading COM control as an embedded OLE object. When instantiating the object Windows will try to load the DLL phoneinfo.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
2d60a51e6e82dbfc3d3f990fd98e9da3a6ed414a4dda68ab35f60ef08899c1e2A DLL side loading vulnerability was found in the BDA MPEG2 Transport Information Filter that ships with Windows Vista. This issue can be exploited by loading the filter as an embedded OLE object. When instantiating the object Windows will try to load the DLL ehTrace.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
46c78e46c86080f3c7dc443a900413e500d7f7d0f20d2fca23e1a30ed0482f7cA DLL side loading vulnerability was found in the NPS Datastore server DLL that ships with Windows Vista. This issue can be exploited by loading the affected DLL as an embedded OLE object. When instantiating the object Windows will try to load the DLL iasdatastore2.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
1b2dddead234857b365162684d8bbf28ae57f80f5af04c34105b408b35df5d6eHP LaserJet Fax Preview suffers from a DLL side loading vulnerability.
721ffa41099ce7463dac9923b9ade96397824e09316ea38a3387862a8741397dHP ToComMsg suffers from a DLL side loading vulnerability.
5382193b94279fc564bde95457f5fc4b48d6610a617583cd1262ce644ed102a4LEADTOOLS Active-X control suffers from multiple DLL side loading vulnerabilities.
5765a786f5fa25578ee0bc6a814af69b28abb785455fb61a51f48c7d3739e0e5Multiple DLL side loading vulnerabilities were found in the OLE DB Provider for Oracle. These issues can be exploited by loading various OLE components as an embedded OLE object. When instantiating the object Windows will try to load the DLLs oci.dll, and ociw32.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
780d7323edb86b5d1ef9bec50bd1ae3f33562db71bf215b552d8c2ebc37b7cc4A DLL side loading vulnerability was found in the Flash version that ships with Windows. This issue can be exploited by loading the Shockwave Flash object as an embedded OLE object. When instantiating the object Windows will try to load the DLL spframe.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
05acd97f15be7119fb1100ff641cd7b269e04fe167eaf70a9f77c55c83191102A DLL side loading vulnerability was found in the Shutdown UX DLL. This issue can be exploited by loading the Authentication UI Shutdown Choices object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
b96ff440d177a2b1c8d194a3eeb5ba6a3405ca91223f3d328cdc4c4755b3ac20A DLL side loading vulnerability was found in the Windows Authentication UI DLL. This issue can be exploited by loading the Slide To Shut Down Screen object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
b2bb672c4c110c7c16d0e9ef991684cd7daa9c8d8c09eced5e54ae7fe67e03c2Multiple DLL side loading vulnerabilities were found in the Event Viewer Snapin that ships with Windows. These issues can be exploited by loading various COM components as an embedded OLE object. When instantiating vulnerable object Windows will try to load the DLL elsext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
ff6eb730c87054d650838455d83f9cca8cb8c8d8b89144297dc18cce97b656bdA DLL side loading vulnerability was found in the COM+ Services component that ships with Windows. This issue can be exploited by loading the QC Queue Administration Class as an embedded OLE object. When instantiating the object Windows will try to load the DLL mqrt.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
414f5627fbbd2443682471bf2dc35edb9723e7ade491a45806779d961f625826Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points. By exploiting this vulnerability is is possible for the attacker to gain root privileges. Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Linux.
66660159f211f495d60f7ca1acea5dbe4e444722621da4f69354d6747a67fc1bCisco AnyConnect Secure Mobility Client for Windows is affected by an vulnerability that allows local attackers to execute arbitrary DLL files with elevated privilege. By exploiting this vulnerability is is possible for the attacker to gain SYSTEM privileges.
6e297eee712fe356db2c53d7b036bfdab4084dfcf2f39784ebf1a1798f5494f2An integer overflow exists in the System.DirectoryServices.Protocols.Utility class of the .NET Framework. Triggering this issue results in an overflown integer that is used to allocate a buffer on the heap that is too small, resulting in memory corruption. Exploiting this issues appears to be difficult. Consequently, Microsoft has decided to not release a security bulletin.
1afa865b50719d016f840d929f46021c297eaaf847046ef8e5bb08fa3a10902dThe Cisco RV series suffers from arbitrary file overwrite, arbitrary command execution, and cross site request forgery vulnerabilities.
ab1cc7e024746d65f1cc4a6bf8683bd942b18bb262e9cd877a1b315a168cf955Outlook.com for Android fails to properly validate SSL server certificates allowing for man-in-the-middle attacks. This issue was found in Outlook.com for Android version 7.8.2.12.49.2176 and version 7.8.2.12.49.6434.
feb52f7f3c4f0ae9883f60191249254d8403bfb4759cf2e2b7f8a017088d241aAdobe Reader versions less than 11.2.0 exposes insecure native interfaces to untrusted javascript in a PDF. This Metasploit module embeds the browser exploit from android/webview_addjavascriptinterface into a PDF to get a command shell on vulnerable versions of Reader.
69ded45839e62a1eaba48f4c3a1ce02d6b51e29a52d0dd93b2dcdbc8d905f180Adobe Reader for Android exposes several insecure Javascript interfaces. This issue can be exploited by opening a malicious PDF in Adobe Reader. Exploiting this issue allows for the execution of arbitrary Java code, which can result in a compromise of the documents stored in Reader and files stored on SD card.
741530d92bfaf4da803497f453dc0837b679b2a5894ee4de6911a114130250c9The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.
f6e7eec5337ffaec3b1e39f19c1e07cbe65ea4c169f65204d92f2634cdcc1947An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, user-supplied buffers are copied into the new buffer, resulting in a corruption of the heap. By exploiting this vulnerability, it is possible for an application running with Partial Trust permissions to break from the CLR sandbox and run arbitrary code with Full Trust permissions.
06f18bdcf7bab4db2000ea8c23e48d5c1532aafa073d2ac911c6d0ee597b446d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed