A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e
iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.
6d73e3ce9736dc59d009c05ff809807ae8052bbc094fde1bd0def439d35351b7
iDefense Security Advisory 12.11.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code in the context of the current user. The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code. As of April 5th, 2007, iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0 with all available security patches are vulnerable. Older versions of Internet Explorer may also be vulnerable.
c6eea38816e48a936133434a4c88c56569839a288fc99a9ce562f7da2a25286f
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code. Affected versions are 6 and 7.
7707761de2c7107636767dcabc56ebaacf46ed8597a770e577ce13ca71b87015
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. RealPlayer version 6.x is affected.
bfe5e169e16e4573b31c1d946486c9635a80c5cc7312448f5d3b05984f95cf44
RealNetworks RealPlayer/RealOne Player/Helix Player all suffer from a heap corruption vulnerability in the handling of specially crafted .mov files. Successful exploitation may lead to code execution.
d0b3de4e4ec1830bd5ba47b604c4bffbdf1436a14cbbabd5bde23e273d74a08c
Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.
511f463b3188bb6e41c1e0acef1a8578132acf147999f05fdb2f1f68b185056e
Birokrat version 7.4 is susceptible to a heap corruption vulnerability.
d2f157beb92b59bea403a146018f49e4e304f86f50eba9785f5c75fcc43f0793
ESET NOD32 Antivirus suffers from a heap corruption vulnerability during the parsing of .CAB files.
8dae8f5f74c1a686972ac290694b45ebd96e122d26950d506a99ac0cfc1ccb98
iDefense Security Advisory 05.08.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the target user. This vulnerability specifically exists in the handling of property strings of certain control words in an RTF document. In certain circumstances, these property strings can be written into a memory region which has already been deallocated and heap corruption can occur. iDefense has confirmed that winword.exe file version 11.0.8106.0, as included with a fully patched Microsoft Word 2003 SP2, is vulnerable. Previous versions of Microsoft Word are also likely to be affected.
46ec72415e834b6a52d6a15c148a41952e7fb608dc242fbd831554d99fec6755
iDefense Security Advisory 03.05.07 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user. The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed. iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.
fec5cfa3ca512e52554badeb637b6197568fa66695d6a4894d6a34b8670d4953
iDefense Security Advisory - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to trigger a heap corruption vulnerability. The vulnerability can be triggered by sending an overly long HTTP CONNECT request to WinProxy's HTTP proxy service. iDefense has confirmed this vulnerability in WinProxy 6.1a and 6.0 r1c. All previous versions are suspected vulnerable.
d2044d04ae53aaf7545b251d93ad6569c3f042b4971c7610071ef2cf8d54ed23
Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions less than 7.0.9 are affected.
5b407216e87ea84e50448fe21e241bece83b951de5dd418880925a300925fb69
A remotely exploitable vulnerability has been found in the file parsing engine for BitDefender allowing for remote code execution.
a23052956835d2a738c754384152d85f6cfda66579f00459c5f92b64f88730c5
The Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.
2df1d6ba1168f33411d64216fc6207477b58415db787795da79aad12e7ebc9ea
Proof of concept CHM file that demonstrates a heap corruption vulnerability in the Microsoft Infotech Storage System Library (itss.dll).
d8ef3858baa50f11d566db9a14b2ab96af1ac5fa8e86c5b98565ed099bd7b0e6
Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code.
d98d69c089fa482c6caceed0b5b928ed2ea318ec604b1baad057ea65ad2427d0
iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.
e1ca9d383bee063fdb4aa3c89d82101029b9d5a32d60748687bf4330f54a6be8
A heap corruption vulnerability exists in the javaprxy.dll in Internet Explorer 6. Sample denial of service exploit included.
0398c68222d475a8fc047b7a6c11c488a80ed1c6524e70ea9630b3dc2b2b50c9
Gentoo Linux Security Advisory GLSA 200504-11 - James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a specially crafted URL. Tavis Ormandy of the Gentoo Linux Security Audit Team identified a heap corruption issue in the filtering of URLs. Versions less than 2.0.2-r3 are affected.
5230e1bc925375fa4788e07f7ce82ed74e9dfa93f2e7f7d56512315e0fe36532
N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.
1d716fe2d428a1b091b2323219d12fa9adc4fb7bb83e3074c1b4ab462af6d467
eZphotoshare has multiple overflow vulnerabilities that allow remote code execution from a heap corruption in ntdll.dll and the ability to overwrite important saved values via vulnerable code in mfc42.dll.
b12e004365a61fc7f59fbe522739cc9cd0248db2cc93c71f0a27f7a07e9476f2
CORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.
b12dc6f2f6381eed176f652eb6a4d20d2fc0a32b27fc20153c6c3197a8e8df48
N-Stealth v3.5 is a vulnerability assessment tool for Windows which scans webservers for bugs that allow attackers to gain access. Uses a database of 19,000 vulnerabilities and exploits.
f3d9cfd5d8699e4a7fd25ae3862d5e286853c68aeb7b8551bf5331421a42ef0a
SuSE Security Announcement: imlib (SuSE-SA:2002:015) - Imlib used to depend on a netpbm library which is well known to have security problems. This and a heap corruption bug have been corrected.
2b8c62dbe9dfb2ff8c5fe9b81bf9c14050d90ff08553f73c01d4d5e6d20e6e29
NTISSAM COMPUSEC/1-87: Advisory Memorandum on Office Automation Security Guidelines
10e4d64cdc8babc15f060a5c090e854ad8d47ea0e4e76225f5222648e420be82