The VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free error in the WebKit library when handling certain iframe events, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page. Versions 5.0.3 and below are affected.
80e96a9a3ad610f44e28f2afac84eacff444a571e1cc7649b9d31addcf586567VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a buffer overflow error in the Windows Shell graphics processor when parsing the "biCompression" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.
e45dd38c15740c3e6e5ddc9d40c8fcbd4f3bb920137a89049bbe72c5ba971917VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "height" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.
9a72023ae91a8044eca541def5bf1939d6dd53c305c5ed8be72523cab22c8350VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the Windows Shell graphics processor when parsing the "width" value within BMP images, which could be exploited by remote attackers to compromise a vulnerable system by tricking a user into opening or previewing a malformed Office file or browsing to a network share, UNC, or WebDAV location containing a specially crafted image.
424e76ac6176134b9620fc780ea75da7e66aee6adb5388e91cf75fdc7beeb515VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a dangling pointer in the "mshtml.dll" library when handling certain object manipulations, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Internet Explorer versions 6, 7, and 8 are affected.
3ec085c704a69847706bc827f9318c129f1ec314e1cffd5e14399f41cbc973f2VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Shockwave. The vulnerability is caused by a memory corruption error in the "DIRAPI.dll" module when processing the "LCTX" chunk within a Director File, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page. Adobe Shockwave Player versions 11.5.9.615 and prior are affected.
a14685bc6080babb1b766400a94d5de2768c47bc73bcd035cb57c90a363fe819VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free vulnerability when handling certain animation behaviors, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a malicious web page.
330ad2faec658aa70f9c70da1561497c7262a8b59546d2216438b7b6ffe83195VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by an array indexing error in "pubconv.dll" when processing a malformed value within a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.
43aac8ed8976ed13ccda0e97861b2b3709629169f2556b198b2d482442b2cbaaVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by an array indexing error when processing a malformed record within a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.
603e49d5fa7011c1d086f935bb72cb2deb90d9588947988c40c05def92caa937VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a heap corruption error in "pubconv.dll" while trusting a size value from a Publisher document, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.
591d6c511bb8a6f88dba0fe4856dfb099b7d1dc89c130d5503e1e15766321d24VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Publisher. The vulnerability is caused by a memory corruption error when handling malformed Publisher documents, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a malicious PUB file. Note: The Publisher file format is not publicly documented.
346bc82297626beb2fbe7a81582c8835f6d44e92821bfd9f647b17eefd9bbb86VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed AAC files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
5892714bf8dcac92f1f837b80a5fe1dab9767058d8622e1e878f467c7bb64630VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling Audio data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
89b2a9aa2b9bfe058f8be7d8ae041339a47d117e92f473ae3ad518fe34dc5780VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling sound data within media files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
e5db35a6d18d92db4e8e70523276d9edbb3abe1ffea4ad2f9882b6424c67ca80VUPEN Vulnerability Research Team discovered a critical vulnerability in RealPlayer. The vulnerability is caused by a heap overflow error when handling malformed RA5 files, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
6f509b1f5017a3048fef78a085858a29e8d684c16251cd60c9024a686c3cdd00VUPEN Vulnerability Research Team discovered three critical vulnerabilities in RealPlayer. These vulnerabilities are caused by heap overflow errors when handling malformed RealMedia data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
3e744f583f0bb3a9b86c94fa386cfddbd0421f8807c4245fdcff1e5cb69a4a8bVUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling selections, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
59a2dbc0e79185188370ba50e0cb520c033c1c8611fd52c2f5070d1669fbd119VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling scrollbars, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.
62a3912023e72f43282e67320e6e2a3dfbbe98a67a2ac48f5ce807614829c2e5VUPEN Vulnerability Research Team discovered a critical vulnerability in various Oracle products. The vulnerability is caused by a buffer overflow error in the EM Console when processing overly long HTTP requests, which could allow remote unauthenticated attackers to crash an affected service or execute arbitrary code via a malicious request.
9e1e95823a442b573f228d2e9e6bd2a907960053f76b541aaf8b568c97a6e0acVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an input validation error when processing certain elements in a Ghost record, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
d6d6390958f92ed07b4d2c5e15709f7fef6986c9aa26a8f34895fff6fa8a4354VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a memory corruption error when processing certain structures in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
f327f64d4ad3765c91e02905d2e170ad44625a785126eb2a47408a86a1f75273VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an array indexing error when processing RealTimeData records in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
b0394ee0714f4a34f6b77d22e6092fa129ef3339828fc4d78a16e527c76d1e80VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a memory corruption error when processing PtgExtraArray structures in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
e19af2ec0d3533567d3a32477534781cf0b32cb325b298813a4c7f68630e574cVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by a memory corruption error when processing a negative future function while parsing an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
60861b81f80faa96ebf71b0e4feafa3d933e780e764da294d28e82b3a3d8b8bfVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Office Excel. The vulnerability is caused by an invalid pointer when processing malformed Merge Cell records in an Excel file, which could be exploited by remote attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document.
3119190982fe54a39aca06a34de7455412077534acde935d581e338f5cc88cb0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed