Zero Day Initiative Advisory 10-050 - This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within how the application handles particular events for an nsTreeSelection element. Upon execution of a "select" event the application will access an element without checking to see if it's been previously freed or not. Successful exploitation can lead to code execution under the context of the application.
49b72286949218a358918be8b294fa2cb0ad8e3e2c28d1c68ffb9d02de78c353Zero Day Initiative Advisory 10-049 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that a user must be coerced to viewing a malicious document. The specific flaw exists within the way the application implements the window.navigator.plugins array. Due to the application freeing the contents of the array while a reference to one of the elements is still being used, an attacker can utilize the free reference to call arbitrary code. Successful exploitation can lead to code execution under the context of the application.
a83fb9df039b98da9ada860f334baa46c352753ce5b03b700edc11276df324c1Zero Day Initiative Advisory 10-048 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla's Firefox parses .XUL files. While appending a particular tag to a treechildren container, the application will create more than one reference to a particular element without increasing its reference count. Upon removal of one of the elements, the refcount will be decreased causing the application to free the memory associated with the object. Due to the rogue reference occurring, the next time the application attempts to reference that container, the application will access memory that has been freed which can lead to code execution under the context of the application.
bfe0e137323b2c2c58c837023340608ae71a433679b8397b67fc779f9ae42b0fZero Day Initiative Advisory 10-047 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the libpr0n library which is responsible for handling image caching and animation and is due to the way the application handles animations received from the server via the multipart/x-mixed-replace mimetype. During a case where the bits-per-pixel changes, the application will free a pointer and then can be made to reuse the freed pointer later. This can lead to code execution under the context of the application.
5f1af532af2d000114817c3858dcb4a9482128004dd8fc3a4e2340061c5af667Zero Day Initiative Advisory 10-046 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of web worker threads. Due to mishandling the array data type while processing posted messages, a web worker thread can be made to corrupt heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser.
ec78251e17a53a745d00a9320249ddcb1315bc08f0046766f6b8d5ebd8b641caZero Day Initiative Advisory 10-045 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of MPEG content. Upon reading a field used for compression within a 'genl' atom in the movie container, the application will decompress outside the boundary of an allocated buffer. Successful exploitation can lead to code execution under the context of the application.
1e70af37192d01db3abcf564c2dd3f7a80b046ea61164395b3665995413275e5Zero Day Initiative Advisory 10-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within QuickTimeAuthoring.qtx during the parsing of DELTA_FLI chunks stored within a malformed .fli file. The applications trusts a user-supplied length for decompression which can be modified to copy more data than necessary leading to a buffer overflow. Successful exploitation can lead to code execution under the context of the current user.
3d9a104affc70e6b751a7e18e2fd12bf8b648c45aa4296843e8db2df6f0d1be4Zero Day Initiative Advisory 10-043 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of a malformed SubImage Header Stream from a malicious FlashPix image. The application takes the NumberOfTiles field from this data structure, multiplies it by 16, and then uses it in an allocation. If this result is larger than 32-bits the value will wrap leading to an under-allocated buffer. Later when the application copies data into this buffer, a buffer overflow will occur leading to code execution within the context of the application.
731e24b29c0e71cc93e02db57df76d7290a435bb18f983231d31447df76e0c6aZero Day Initiative Advisory 10-042 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed MediaVideo data from a sample description atom (STSD). The application will read a length from the file, subtract 1 and then use it as a counter for a loop. Certain values may cause memory corruption and can result in code execution under the context of the current user.
5553c0f278ba62500eea1097f6635b912b181218eb2cae1df05775fefff34c6eZero Day Initiative Advisory 10-041 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the rendering of an audio stream utilizing QDesign's audio codec. The application will perform an allocation utilizing a field specified in the sample's description. Later when initializing the buffer, the application will utilize a different length. If the lengths differ, then a buffer overflow will occur. This can lead to code execution under the context of the currently logged in user.
50e4ef729fa9551f6eef9b00d2457ce3ec168f098abcb628b631dd0413820bc9Zero Day Initiative Advisory 10-040 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of samples from a malformed .mov file utilizing the RLE codec. While decoding RLE data, the application will fail to validate the size when decompressing the data into a heap chunk. If the length is larger than the size of the chunk allocated, then a memory corruption will occur leading to code execution under the context of the currently logged in user.
23da693b153e9576bdd7fc025ca1079b095dee49784fd8781d6fd1361ca87964Zero Day Initiative Advisory 10-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of internet enabled disk image files. When a specially crafted Menu Extras plugin is included in the disk image, it is executed without further interaction allowing for arbitrary code execution under the context of the current user.
31b16d4c39bd6ee1cfed143461031b47d7cf2523250f201586013d753ce94dc7Zero Day Initiative Advisory 10-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the QuickTimeAudioSupport.qtx library when parsing malformed QDMC and QDM2 codec atoms. By modifying specific values within the stream an attacker can cause heap corruption which can lead to arbitrary code execution under the context of the currently logged in user.
f6311f98f6a46e6fbb485568a13cb4be48213828604fd8b1089228f81cefbee5Zero Day Initiative Advisory 10-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of compressed mjpeg data from a malformed .mov file. The application will utilize the width and height fields in the file for calculating the size of a heap buffer. When copying into this buffer, the application will use a different field in the file to determine when to stop copying. If the first calculated length is smaller than the one used for decompression, a memory corruption will occur which can result in code execution under the context of the current user.
17dd0c5c6c317d00b6b70cac54e152f1f3e68d2a03dad6a73ebdadda9b29fadbZero Day Initiative Advisory 10-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within quicktime.qts when parsing sample data from a malformed .3g2 file that is utilizing the h.263 codec. While parsing data to render the video stream, the application will miscalculate the length of a buffer. Later when decompressing data to the heap chunk, the application will overflow the under allocated buffer leading to code execution under the context of the currently logged in user.
6c05a962b0445499c7a4ba63700b6e74d2c5e454ba44de1c1f6e76c2f59df8b7Zero Day Initiative Advisory 10-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime attempts to parse a malformed 'genl' atom that may be present in any QuickTime media file. A heap overflow is caused when QuickTime fails to perform proper bounds checking on the amount of data copied to the heap by a set of nested loops which can result in arbitrary code execution.
c2cef9ddc299821993d0b28550f87cd1dc790998d6e5691d3659309905346dedZero Day Initiative Advisory 10-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Tabular Data Control ActiveX module. Specifically, if provided a malicious DataURL parameter a stack corruption may occur in the function CTDCCtl::SecurityCHeckDataURL. This can be leveraged to execute arbitrary code under the context of the current user.
81795a5d66d21f51c9a05af7acc4fa4ba9b87a98f8e8c5dec3ab5d203a2650cfZero Day Initiative Advisory 10-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The issue is located within the CTimeAction object. During handling of the TIME2 behavior, an attacker can trick the application into destroying the markup causing the application to reference memory that has previously been freed. Successful exploitation can lead to code execution under the context of the application.
8cd86a08c1b67e62b773d1af3d8e5579d960ddfe18db18e68d0911bf383d2959Debian Linux Security Advisory 2026-1 - Marc Schoenefeld discovered a stack-based buffer overflow in the XPM reader implementation in netpbm-free, a suite of image manipulation utilities. An attacker could cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value.
14051f709ce6403d1a744675caa6e472b5796bd620bcb7a4a8c075c290f734fc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed