TechSmith Snagit version 10 build 788 DLL hijacking exploit that leverages dwmapi.dll.
07419f11918cae3129ef939ea6211d4f1b503801c1dbd1b2908cda10f52cc964Microsoft Group Convertor DLL hijacking exploit that leverages imm.dll.
b3073d944be9dd9a308cfc510cc96753487c9aa684cdbeb98bc7195d441a99d9TeamMate Audit Management Software Suite DLL hijacking exploit.
513327618ac8756646178f1c4048f7a241d4988a8bf12c0c6331fa4a0a321f87Microsoft Office Groove 2007 DLL hijacking exploit.
f0258ce9b5a28500bd848a587b3984889e0bce3643e1adcd3dc8e5ddf1fa8ff9Microsoft Address Book DLL hijacking exploit.
4f13c8d637df82e2669e80503452e208a22553dcc70cc3695cdef1089e39e778Microsoft Visio 2003 DLL hijacking exploit.
3e00f49e2eb44c58485e53faebeef2a18d390f7268fa849ffcd59787dddf2ad4Checkpoint has released advisories detailing memory corruption vulnerabilities in Adobe Shockwave Player.
4829efd722cb176afb7773873dd385fa21fc3c8bb1ec6cd4af10f5f67b7a7e38This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a faulty allocation routine within the TextXtra.x32 module. This allocator allocates a buffer on the heap based on arithmetic involving a number of elements and a size of an individual element. As the fields come from the file, if either of them are large enough, the value used for the number of bytes to allocate can be made to overflow. As the return value is rarely checked any caller of this function can usually be made to overflow the returned buffer with user-supplied data. An attacker can leverage this to execute remote code under the context of the user running the browser.
4a81213c5116b85cea84b6f555ccca604792fb22767b6dc4fdeb0994c35e2ed6This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DIRAPIX.dll which is responsible for parsing the Director movies, a RIFF-based file format. The code sign-extends a value from the input file and uses it as an offset to seek into a heap buffer before performing a write operation. By crafting particular values for this field, an attacker can force the process to seek beyond the allocated bounds of the buffer. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.
a5b00042c264d908492a78e03e2b000c4d556668645f8023c4c9840bbe65d7afBloodshed Dev-C++ version 4.9.9.2 binary hijacking exploit.
16300887f58277ffca751559c90146dde9497f2ed7ef22b60f007d59118c05edNagios XI suffers from a remote SQL injection vulnerability in users.php.
d8d2f7e65ebe2221b126cfd1ff208afff750e76c28afe69103b749f4529db049Adobe Acrobat Reader memory corruption proof of concept exploit.
8fc261f2d8d0d08c86fa0cb8ceb18cd67318957f9ef172a189d1f24a8d8ef2ecThis vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DIRAPIX.dll which is responsible for parsing the Director movies, a RIFF-based file format. The code directly uses a value from the file while seeking into a heap buffer. The process then attempts to write a NULL byte to the seeked address. By specifying a large enough value for this field, an attacker can force the process to seek beyond the allocated bounds of the buffer. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.
434a38f35c1ac47096e5844b388206de10edb7761328457c75b27d8e27b0ba9dSafari version 5.0.1 DLL hijacking exploit.
1f5dcb28d22d7170aef020b9adbecf856b53d0b34e631483a6e6f1fc13dcaab2Opera versions 10.61 and below DLL hijacking exploit.
45121eea2141996c6a917e5c3b7a7f9c24d2f02315ff67aec8c258dd48ce57c9This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within IML32X.dll and DIRAPIX.dll which are responsible for parsing the Director movies, a RIFF-based file format. The code trusts a value from the file as a count and performs an endian-flipping loop on data in heap memory. If the value is large enough the process can be made to seek outside the bounds of the allocation and thus corrupt memory in a controlled fashion. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the web browser.
faf8a920a8245da335a891be6f9204c81adce0ab5f1ccbafaff30a2ab25425e5Zero Day Initiative Advisory 10-161 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing Director files. When the application parses the pami RIFF chunk, it trusts an offset value and seeks into the file data. If provided with signed values in the data at the given offset, the process can be made to incorrectly calculate a pointer and operate on the data at it's location. This can be abused by an attacker to execute arbitrary code under the context of the user running the browser.
0ff5eea7227df3db0dd19d0135245e3eb0f5df882a04e74dcc6e592691042b63Microsoft Internet Connection Signup Wizard DLL hijacking exploit.
48ee2fa44f4b8de751510aba4e53106abfc05a765d4579c77f071cdeeb0adfbeInterVideo WinDVD 5 DLL hijacking exploit.
cac6b9223489fff004dc5b9aee239c6fb45e84c04fa91e3899e29927ffd2f900Zero Day Initiative Advisory 10-160 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support for 3D objects. While parsing the 0xFFFFFF45 RIFF record type, the process performs arithmetic on a size value and uses the result for a heap-based allocation. By specifying a large enough value an attacker can force the integer to wrap and thus the process will under-allocate the buffer. This memory is later copied into using a different size value which results in object corruption that can be leveraged to execute arbitrary code under the context of the user running the browser.
6ad883a685106b3bb15fd333725fd957445ac15739ae3e8356989e36253182d9VLC Media Player DLL hijacking exploit.
c95feac7f2f2bc26ac00abebebf12b6ccb5a23e4c5093ccc89398390f0c77155Acunetix Web Vulnerability Scanner version 6.5.20100616 DLL hijacking exploit.
574cb607e414615566d29ba4c06752d8bef73d1f950a405b49161ffdb1b9f779uTorrent versions 2.0.3 and below DLL hijacking exploit.
724101f279a68d428b17097695903cb010afd9a36dd2078ae8983ef15a496033This Metasploit module embeds a Metasploit payload into an existing PDF file in a non-standard method. The resulting PDF can be sent to a target as part of a social engineering attack.
8bcacab5da9e75189a9aa64e4febeb62b8b46efb7f7f815fdc5788b4c5cf89eaDebian Linux Security Advisory 2096-1 - Jeremy James discovered that in zope-ldapuserfolder, a Zope extension used to authenticate against an LDAP server, the authentication code does not verify the password provided for the emergency user. Malicious users that manage to get the emergency user login can use this flaw to gain administrative access to the Zope instance, by providing an arbitrary password.
a78f393d182db7f8affd9dead5ad66efec31e5bb7de574df24217170e7a1ed02
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed