what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 100 RSS Feed

Files

XenApp / XenDesktop Heap Corruption
Posted Jul 29, 2011
Authored by Moritz Jodeit, Alexios Fakos | Site nruns.com

A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.

tags | exploit, arbitrary, code execution
SHA-256 | a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e

Related Files

iDEFENSE Security Advisory 2009-05-12.2
Posted May 13, 2009
Authored by iDefense Labs, Marsu | Site idefense.com

iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2009-0223
SHA-256 | d46d15bace48b692d2adac056789e54ccb908fe6ccd325abcaaea4b3359934a4
iDEFENSE Security Advisory 2009-05-12.1
Posted May 13, 2009
Authored by iDefense Labs, Marsu | Site idefense.com

iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.

tags | advisory, remote, arbitrary, vulnerability
advisories | CVE-2009-0227
SHA-256 | e3f96726fc6f8d14c3ad93532bc697410b0b18a7c8eaccbcb8df96d4b0f5eb34
iDEFENSE Security Advisory 2009-03-25.3
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. Values from the GIF file are used to calculate an offset to store data in a dynamic heap buffer. These values are not validated before use, which allows an attacker to store controlled data outside of the bounds of the allocated buffer. This leads to corruption of object pointers, which can be leveraged to execute arbitrary code. iDefense has confirmed the existence of this vulnerability in Java JRE version 1.6_11. Previous versions may also be affected.

tags | advisory, java, remote, arbitrary
SHA-256 | 9d4ab7a3c8a6bb2829e143ebc1d41ab732008cbd002ad7dc56ddee22724c937f
iDEFENSE Security Advisory 2009-03-25.2
Posted Mar 27, 2009
Authored by iDefense Labs, regenrecht | Site idefense.com

iDefense Security Advisory 03.25.09 - Remote exploitation of a heap corruption vulnerability in Sun Microsystems Inc.'s Java Web Start could allow an attacker to execute arbitrary code with privileges of the current user. When JWS starts up, it displays a splash screen. By default, the image displayed on this splash screen is a GIF file provided by Sun, but it is possible for a JNLP file to provide its own splash logo. This allows an attacker to pass an arbitrary GIF file to the splash logo parsing code to trigger the vulnerability. iDefense has confirmed the existence of this vulnerability in Java Web Start version 1.6_11 on Windows and Linux. Previous versions may also be affected.

tags | advisory, java, remote, web, arbitrary
systems | linux, windows
SHA-256 | 787894ddedba68df8734507477667b37055d76f5f44660bb4cc572517e2626dd
Zero Day Initiative Advisory 09-08
Posted Jan 21, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-008 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of JPEG atoms embedded in STSD atoms within the function JPEG_DComponentDispatch(). When the image width data in this atom is modified, a heap corruption occurs which can be further leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2009-0007
SHA-256 | 2fc0525616b743c71b0b45c4aa9c69f6ccbde9267a935cbd98bd820caf3e6f72
Zero Day Initiative Advisory 08-087
Posted Dec 9, 2008
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 08-087 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 7 on the Microsoft Vista operating system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a WebDAV fetch of a document from a path containing a large number of characters. Mishandling of cached content results in a heap corruption which can be leveraged to execute arbitrary code under the context of the current instance of Internet Explorer.

tags | advisory, arbitrary
advisories | CVE-2008-4259
SHA-256 | b7e31f5172a842f8f18ffa92303a19af6f2fd3be8bec591aff3b4c8e6630bf3f
iDEFENSE Security Advisory 2008-11-04.3
Posted Nov 5, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 11.04.08 - Remote exploitation of a heap corruption vulnerability in Adobe Systems Inc.'s Acrobat Professional and Reader could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable code is an AcroJS function available to scripting code inside of a PDF document. This function is used for HTTP authentication. By passing a long string to this function, it is possible to corrupt heap memory in such a way that may lead to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Acrobat Professional and Adobe Reader version 8.1.2. Previous versions may also be affected.

tags | advisory, remote, web, arbitrary
advisories | CVE-2008-4817
SHA-256 | a68c90f63ac9868f9aebc1ff546acd3970b4d2503d3f2a2ce5fdfbfa73f12e69
Zero Day Initiative Advisory 08-062
Posted Sep 10, 2008
Authored by Tipping Point, Subreption LLC | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of mov video files in QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-3627
SHA-256 | 5505a8d86f01ec1cb84018259da835f194e151aac9cb3eaae01af2039ff9552a
Zero Day Initiative Advisory 08-061
Posted Sep 10, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of MP4 video files in QuickTimeH264.qtx. A maliciously crafted MDAT atom can cause a heap corruption resulting in the execution of arbitrary code.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-3627
SHA-256 | 9afbe58a772c9e4591b17f9504ab443c57bbd2efa131ce92c7e3cf29d0c54178
Zero Day Initiative Advisory 08-045
Posted Jul 26, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.

tags | advisory, remote, arbitrary, javascript
systems | apple
advisories | CVE-2008-2317
SHA-256 | b433b68fb71e6f89bcc303229b44bf4ed20aa5c9d0698e4e7b03178f568dc5e7
iDEFENSE Security Advisory 2008-04-08.1
Posted Apr 9, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.08.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user. iDefense has confirmed this vulnerability in version 2.05.50727.42 of hxvz.dll, which is installed with Visual Studio 2005.

tags | advisory, remote, arbitrary, activex
advisories | CVE-2008-1086
SHA-256 | 588d2439063be1e77858d28dd76b3cadb193e7df46f39974193b547dca836bc3
Zero Day Initiative Advisory 08-016
Posted Apr 4, 2008
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the parsing of the QuickTime Channel Compositor atom. When the movie file contains a malformed 'chan' atom, a heap corruption occurs resulting in the execution of arbitrary code. Version 7.4.1 is affected.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-1018
SHA-256 | 9baf29867e60d70514a0820f86774a72ec460c6815f08156f0313155b4967b56
Zero Day Initiative Advisory 08-014
Posted Apr 4, 2008
Authored by Tipping Point, bugfree | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the quickTime.qts while parsing corrupted .pict files. The module contains a vulnerable memory copy loop which searches for a terminator value. When this value is changed or omitted, a heap corruption occurs allowing the execution of arbitrary code. Version 7.4.1 is affected.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-1019
SHA-256 | 151ed5aeb91dc3c238624606c6681270e735a75bd99a572cc28a6df9e5e228f4
realplayer_console.rb.txt
Posted Apr 2, 2008
Authored by Elazar Broad

This Metasploit module exploits a heap corruption vulnerability in the RealPlayer ActiveX control. By sending a specially crafted string to the 'Console' property in the rmoc3260.dll control, an attacker may be able to execute arbitrary code.

tags | exploit, arbitrary, activex
advisories | CVE-2008-1309
SHA-256 | fe18e54c7136e0f4ddd02005a5baa3b152573f829ae72ec39f0b69c9755ba6b6
iDEFENSE Security Advisory 2008-03-11.1
Posted Mar 13, 2008
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 03.11.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Excel spreadsheet application allows attackers to execute arbitrary code in the context of the user who started Excel. The vulnerability exists in the handling of DVAL records in BIFF8 format spreadsheet files. When certain fields are set to invalid values, heap corruption occurs. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 and Excel 2007. Previous versions may also be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2008-0111
SHA-256 | c4d8db378bfdeb338b825ddadf8c149435713e8ce88adf268a9eaac242ee4335
realplayer-activex.txt
Posted Mar 13, 2008
Authored by Elazar Broad

The Real Networks RealPlayer ActiveX controller appears to suffer from a heap corruption vulnerability.

tags | advisory, activex
SHA-256 | 9919e8e59146b8fa84af60f145dcf038f509555dc92a70d72cf6abc85bb3d5b5
iDEFENSE Security Advisory 2008-02-12.2
Posted Feb 13, 2008
Authored by iDefense Labs, Damian Put | Site idefense.com

iDefense Security Advisory 02.12.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Works Converter, as included with Microsoft Office, could potentially allow an attacker to execute arbitrary code as the current user. This vulnerability stems from improper input validation of OLE structures within wkcvqd01.dll when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, heap corruption can occur. This leads to a potentially exploitable condition. iDefense has confirmed that wkcvqd01.dll version 7.03.0616.0, as included with Microsoft Office 2003, is vulnerable to this issue. Older versions are assumed to be vulnerable as well. Additionally, Microsoft Works itself is suspected to be vulnerable.

tags | advisory, remote, arbitrary
advisories | CVE-2007-0216
SHA-256 | 32ffb0aa2cf242fe619293167d1c2c969fe87d8c43749f7ae32ff4984f67495a
iDEFENSE Security Advisory 2008-01-15.5
Posted Jan 16, 2008
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-0032
SHA-256 | 6d73e3ce9736dc59d009c05ff809807ae8052bbc094fde1bd0def439d35351b7
iDEFENSE Security Advisory 2007-12-11.1
Posted Dec 12, 2007
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 12.11.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code in the context of the current user. The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code. As of April 5th, 2007, iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0 with all available security patches are vulnerable. Older versions of Internet Explorer may also be vulnerable.

tags | advisory, remote, web, arbitrary, javascript
advisories | CVE-2007-3902
SHA-256 | c6eea38816e48a936133434a4c88c56569839a288fc99a9ce562f7da2a25286f
Zero Day Initiative Advisory 07-075
Posted Dec 12, 2007
Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code. Affected versions are 6 and 7.

tags | advisory, remote, arbitrary, javascript
advisories | CVE-2007-5344
SHA-256 | 7707761de2c7107636767dcabc56ebaacf46ed8597a770e577ce13ca71b87015
Zero Day Initiative Advisory 07-063
Posted Nov 1, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. RealPlayer version 6.x is affected.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2007-2264
SHA-256 | bfe5e169e16e4573b31c1d946486c9635a80c5cc7312448f5d3b05984f95cf44
realplayer-heap-corruption-adv.txt
Posted Oct 26, 2007
Authored by Piotr Bania | Site piotrbania.com

RealNetworks RealPlayer/RealOne Player/Helix Player all suffer from a heap corruption vulnerability in the handling of specially crafted .mov files. Successful exploitation may lead to code execution.

tags | advisory, code execution
SHA-256 | d0b3de4e4ec1830bd5ba47b604c4bffbdf1436a14cbbabd5bde23e273d74a08c
Gentoo Linux Security Advisory 200710-11
Posted Oct 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.

tags | advisory, overflow, protocol
systems | linux, gentoo
advisories | CVE-2007-3103, CVE-2007-4568, CVE-2007-4990
SHA-256 | 511f463b3188bb6e41c1e0acef1a8578132acf147999f05fdb2f1f68b185056e
TISA2007-08-Public.pdf
Posted Aug 1, 2007
Authored by Maldin d.o.o | Site teamintell.com

Birokrat version 7.4 is susceptible to a heap corruption vulnerability.

tags | advisory
SHA-256 | d2f157beb92b59bea403a146018f49e4e304f86f50eba9785f5c75fcc43f0793
n.runs-SA-2007.016.txt
Posted Jul 23, 2007
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from a heap corruption vulnerability during the parsing of .CAB files.

tags | advisory
SHA-256 | 8dae8f5f74c1a686972ac290694b45ebd96e122d26950d506a99ac0cfc1ccb98
Page 3 of 4
Back1234Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close