| Real Name | Yorick Koster |
|---|---|
| Email address | private |
| Website | nl.linkedin.com/in/yorickkoster |
| First Active | 2009-07-17 |
| Last Active | 2024-08-31 |
The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.
f6e7eec5337ffaec3b1e39f19c1e07cbe65ea4c169f65204d92f2634cdcc1947An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, user-supplied buffers are copied into the new buffer, resulting in a corruption of the heap. By exploiting this vulnerability, it is possible for an application running with Partial Trust permissions to break from the CLR sandbox and run arbitrary code with Full Trust permissions.
06f18bdcf7bab4db2000ea8c23e48d5c1532aafa073d2ac911c6d0ee597b446dThis Metasploit module exploits a vulnerability found in Microsoft Office's ClickOnce feature. When handling a Macro document, the application fails to recognize certain file extensions as dangerous executables, which can be used to bypass the warning message. This allows you to trick your victim into opening the malicious document, which will load up either a python or ruby payload based on your choosing, and then finally download and execute our executable.
0a79ccc75253fc54a4cbf99a7599c06f3f75c9e59c1385bd9c4f718868f83665An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, one or more user-supplied buffers are copied in the new buffer, resulting in a corruption of the heap.
9f691c33118729de8b1118c45e101699844a3903353809ae5aaae2e5abda61adA logic flaw has been found in the way .NET grants permissions to ClickOnce applications. Combined with relaxed security warnings when handling OLE Packages in Office 2007 allows for attackers to run arbitrary .NET assemblies with Full Trust permissions.
00e1066c2923521d1053ae01947493005e91c3b5cd22f3ffe201033ada37e948Akamai's Download Manager allows attackers to download arbitrary files onto a user's desktop. Using a so-called "blended threat" attack it is possible to execute arbitrary code. This attack affects the ActiveX control as well as the Java applet. This was fixed in version 2.2.5.4.
29804371b07a8f9024641896f3f7d03d69f4c73848f0b53035414cb6f4660d4eIt has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options.
ab93992908b391872063eb727124195509f9b1f508ffa2326a5648dea3d63372It has been discovered that certain e-mail message cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. When a user double clicks on such an attachment or message, Outlook will proceed to execute the file that is set by the path name value. These files can be local files, but also file stored remotely for example on a file share. Exploitation is limited by the fact that its is not possible for attackers to supply command line options.
374645d7192e9108d3159d89b407cc6d190d245e40fe2cd224e4b6852b6629ecIt has been discovered that certain e-mail messages cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed.
550e736caba1e689e23530aec9809ac9c94ae8f0d154b391fe20a8e454287817getPlus suffers from an insufficient domain name validation vulnerability. A new Adobe Download Manager was released that resolves this issue.
e071af8d3f4b8b962bc5edfde3e6bfc33db4acd32f7296e78e2eaedc666e6e16iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.
d0efdc32584a23be37a59e4491447cc4ca499652cf899ad6b592297321df9b3aThe yTNEF and the Evolution TNEF attachment decoders suffer from directory traversal and buffer overflow vulnerabilities. Evolution version 2.62.2 and yTNEF version 2.6 are both affected.
fc72295298826820b54f15f505292a1f357eed26bb395249ffb5557757b9e927PulseAudio suffers from a local race condition privilege escalation vulnerability. Proof of concept exploit included.
426a9d852cba8a790cc64c95d7415f44eccf93c747b639ad6f192ca0c06f2302
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed