Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.
f3c9bc75807a1970026b1a04826e0374c827b906a3593467dfd94e746404d46e
EMC Documentum Content Server failed to fully address privilege escalation vulnerabilities as noted in CVE-2015-4532.
3e23749741e39d44281a4e37e4effeb870920b6c75bab3df444cee63831f8276
Ricoh FTP Server versions 1.1.0.6 and below suffer from a remote buffer overflow vulnerability.
2e40b7ec94f5efc5004ef8320c004fcdad799161fdd49a36a373c9ef742e67e0
Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.
6e52ae3b34903df13fac42f16c8c4249f5713a3b28e9e618f11bd01a076bfda5
If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in a way that causes its child nodes to be enumerated, the watch will trigger. If the function in the watch deletes all the child nodes, the buffer containing the nodes will be deleted, even though the original function will still access it when it unwinds. This can lead to a childnodes array in ActionScript containing pointers that can be specified by an attacker.
1295da6dedc93d6a1fe5a27a6f5a706c9506fa2c29602370bf75f3ab7f7f7165
Researchers have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files.
6a8eb9549bb642753717c8d5defcb82e1195517e9f35e5373e1e62cfe755b503
Adobe Flash suffers from a heap use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom.
a0281df3d7aa9384aee12714924135d0f2ba0281c842d544e991427f2733bd96
There is a use-after-free in attachMovie due to the initObject. If the initObject contains an object that calls a method that deletes the movie clip that is being attached, a use-after-free occurs.
90bd26fa45bf4967bccd506cc65201e1553ca1b0810ffe60271cde208371b15b
Easy File Management Web Server version 5.6 suffers from a USERID remote buffer overflow vulnerability.
b19ab4477f85492c83b73d22792d96687f0438dc4e7685e57c50546025bdf830
Researchers have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file.
86ad060ed6b0b92f73638bde724be9999e6d4cd36658f6ce0e727753ba8c5617
FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a race condition in FlashBroker BrokerMoveFileEx method. This race can be won by using an oplock to wait for the point where the BrokerMoveFileEx method opens the original file and then making destination to be a junction.
4a8cd33a5f101e483a330b62c04d5e4cf5d733d46fdcb20efda5eb7f32e33f84
FlashBroker is vulnerable to NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker uses CreateFile to open the destination folder for check. If CreateFile fails, the destination will be considered as a valid path. However, FlashBroker uses dwShareMode as 0 in CreateFile, which make CreateFile always fail if handle of the destination folder is held by other.
1833e423f195e8f2809219e0689a0b518a6badd8204abdb35e1d3ceaabc57452
There are use-after-frees related to storing a single pointer (this this pointer) in several MovieClip drawing methods, including beginFill, beginBitmapFill, beginGradientFill, linGradientStyle, lineTo, moveTo, curveTo and lineStyle.
eb82146aef2be66c90cc556f2ab77a11428236e2b722274ee758243d8ec6b0e3
FlashBroker is vulnerable to an NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers "\" as delimiter. If the destination includes "/", FlashBroker will use a wrong destination folder for check.
ecdb7f0d31c0d78cd25fb1e2a301573230e10f182d90e0e3e0fec1b6a16204ba
There is a use after free vulnerability in the ActionScript 2 TextField.filters array property.
ba078b1fb9699fb28314ffceb29d7447e2439e39e19e7e403d97f297eec2762f
Magento CE versions prior to 1.9.0.1 post authentication remote command execution exploit.
b1acf8cae85e109aed30dc1846013198f9b3e4461b45f10d2540acfca0db7ffc
FTP Commander version 8.02 Costum Command SEH overwrite buffer overflow exploit.
19204400584faeee7ff9ada5ce57a23a62f130344c19391c083697f0f0dbc257