Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.
f3c9bc75807a1970026b1a04826e0374c827b906a3593467dfd94e746404d46eEMC Documentum Content Server failed to fully address privilege escalation vulnerabilities as noted in CVE-2015-4532.
3e23749741e39d44281a4e37e4effeb870920b6c75bab3df444cee63831f8276Ricoh FTP Server versions 1.1.0.6 and below suffer from a remote buffer overflow vulnerability.
2e40b7ec94f5efc5004ef8320c004fcdad799161fdd49a36a373c9ef742e67e0Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.
6e52ae3b34903df13fac42f16c8c4249f5713a3b28e9e618f11bd01a076bfda5If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in a way that causes its child nodes to be enumerated, the watch will trigger. If the function in the watch deletes all the child nodes, the buffer containing the nodes will be deleted, even though the original function will still access it when it unwinds. This can lead to a childnodes array in ActionScript containing pointers that can be specified by an attacker.
1295da6dedc93d6a1fe5a27a6f5a706c9506fa2c29602370bf75f3ab7f7f7165Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.
6a8eb9549bb642753717c8d5defcb82e1195517e9f35e5373e1e62cfe755b503Adobe Flash suffers from a heap use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.
a0281df3d7aa9384aee12714924135d0f2ba0281c842d544e991427f2733bd96There is a use-after-free in attachMovie due to the initObject. If the initObject contains an object that calls a method that deletes the movie clip that is being attached, a use-after-free occurs.
90bd26fa45bf4967bccd506cc65201e1553ca1b0810ffe60271cde208371b15bEasy File Management Web Server version 5.6 suffers from a USERID remote buffer overflow vulnerability.
b19ab4477f85492c83b73d22792d96687f0438dc4e7685e57c50546025bdf830Researchers have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.
86ad060ed6b0b92f73638bde724be9999e6d4cd36658f6ce0e727753ba8c5617FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a race condition in FlashBroker BrokerMoveFileEx method. This race can be won by using an oplock to wait for the point where the BrokerMoveFileEx method opens the original file and then making destination to be a junction.
4a8cd33a5f101e483a330b62c04d5e4cf5d733d46fdcb20efda5eb7f32e33f84FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker uses CreateFile to open the destination folder for check. If CreateFile fails, the destination will be considered as a valid path. However, FlashBroker uses dwShareMode as 0 in CreateFile, which make CreateFile always fail if handle of the destination folder is held by other.
1833e423f195e8f2809219e0689a0b518a6badd8204abdb35e1d3ceaabc57452There are use-after-frees related to storing a single pointer (this this pointer) in several MovieClip drawing methods, including beginFill, beginBitmapFill, beginGradientFill, linGradientStyle, lineTo, moveTo, curveTo and lineStyle.
eb82146aef2be66c90cc556f2ab77a11428236e2b722274ee758243d8ec6b0e3FlashBroker is vulnerable to an NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers "\" as delimiter. If the destination includes "/", FlashBroker will use a wrong destination folder for check.
ecdb7f0d31c0d78cd25fb1e2a301573230e10f182d90e0e3e0fec1b6a16204baThere is a use after free vulnerability in the ActionScript 2 TextField.filters array property.
ba078b1fb9699fb28314ffceb29d7447e2439e39e19e7e403d97f297eec2762fMagento CE versions prior to 1.9.0.1 post authentication remote command execution exploit.
b1acf8cae85e109aed30dc1846013198f9b3e4461b45f10d2540acfca0db7ffcFTP Commander version 8.02 Costum Command SEH overwrite buffer overflow exploit.
19204400584faeee7ff9ada5ce57a23a62f130344c19391c083697f0f0dbc257
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed