This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee
Open Journal Systems version 2.3.6 suffers from file manipulation, cross site scripting, and shell upload vulnerabilities.
81bdaf7da25d1a403fe8d33e0db440a1dba968642a8af4e43f80678a574c7ac6
Whitepaper called Using UPX as a Security Packer. It goes into detail on how to use this tool and how to bring obfuscation into it.
fb92011966919c8736a7d2cdb3031ca76789896634cbf940310ad240e43e48b2
Ubuntu Security Notice 1400-3 - USN-1400-1 fixed vulnerabilities in Firefox. This update provides the corresponding fixes for Thunderbird. Soroush Dalili discovered that Firefox did not adequately protect against dropping JavaScript links onto a frame. A remote attacker could, through cross-site scripting (XSS), exploit this to modify the contents or steal confidential data. Atte Kettunen discovered a use-after-free vulnerability in Firefox's handling of SVG animations. An attacker could potentially exploit this to execute arbitrary code with the privileges of the user invoking Firefox. Atte Kettunen discovered an out of bounds read vulnerability in Firefox's handling of SVG Filters. An attacker could potentially exploit this to make data from the user's memory accessible to the page content. Various other issues have also been addressed.
553d78be7f7ed2853eaa6177ea136db38c2d1a480fb986ca79ad0876030a8c06
Debian Linux Security Advisory 2437-1 - Several vulnerabilities have been discovered in Icedove, an unbranded version of the Thunderbird mail/news client.
8dcbd2a37f80834fa0912dd479a18e7cb232422b36d92902756a7af2700a51ff