exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 76 - 100 of 100 RSS Feed

Files

XenApp / XenDesktop Heap Corruption
Posted Jul 29, 2011
Authored by Moritz Jodeit, Alexios Fakos | Site nruns.com

A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.

tags | exploit, arbitrary, code execution
SHA-256 | a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e

Related Files

iDEFENSE Security Advisory 2008-01-15.5
Posted Jan 16, 2008
Authored by iDefense Labs, Jun Mao | Site idefense.com

iDefense Security Advisory 01.15.08 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow attackers to execute arbitrary code in the context of the targeted user. The vulnerability specifically exists in the handling of Macintosh Resources embedded in QuickTime movies. When processing these records, a length value stored in the resource header is not properly validated. When a length value larger than the actual buffer size is supplied, potentially exploitable memory corruption occurs. iDefense Labs confirmed this vulnerability exists in QuickTime Player version 7.3.1. Previous versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary
systems | apple
advisories | CVE-2008-0032
SHA-256 | 6d73e3ce9736dc59d009c05ff809807ae8052bbc094fde1bd0def439d35351b7
iDEFENSE Security Advisory 2007-12-11.1
Posted Dec 12, 2007
Authored by iDefense Labs, Peter Vreugdenhil | Site idefense.com

iDefense Security Advisory 12.11.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code in the context of the current user. The vulnerability lies in the JavaScript setExpression method, which is implemented in mshtml.dll. When malformed parameters are supplied, memory can be corrupted in a way that results in Internet Explorer accessing a previously deleted object. By creating a specially crafted web page, it is possible for an attacker to control the contents of the memory pointed to by the released object. This allows an attacker to execute arbitrary code. As of April 5th, 2007, iDefense testing shows that Internet Explorer 6.0 and Internet Explorer 7.0 with all available security patches are vulnerable. Older versions of Internet Explorer may also be vulnerable.

tags | advisory, remote, web, arbitrary, javascript
advisories | CVE-2007-3902
SHA-256 | c6eea38816e48a936133434a4c88c56569839a288fc99a9ce562f7da2a25286f
Zero Day Initiative Advisory 07-075
Posted Dec 12, 2007
Authored by Peter Vreugdenhil, Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of document objects that have been created, modified, deleted then accessed by JavaScript. By storing references to document nodes, then removing them by a separate reference, the document model in memory becomes unstable. Accessing the tags property while the document is in this unstable condition results in a heap corruption, allowing the execution of arbitrary code. Affected versions are 6 and 7.

tags | advisory, remote, arbitrary, javascript
advisories | CVE-2007-5344
SHA-256 | 7707761de2c7107636767dcabc56ebaacf46ed8597a770e577ce13ca71b87015
Zero Day Initiative Advisory 07-063
Posted Nov 1, 2007
Authored by Tipping Point | Site zerodayinitiative.com

A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious .ra/.ram file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined size field in the RA header. Specifying a large unsigned value data can trigger a heap corruption and further result in arbitrary code execution under the context of the logged in user. RealPlayer version 6.x is affected.

tags | advisory, remote, web, arbitrary, code execution
advisories | CVE-2007-2264
SHA-256 | bfe5e169e16e4573b31c1d946486c9635a80c5cc7312448f5d3b05984f95cf44
realplayer-heap-corruption-adv.txt
Posted Oct 26, 2007
Authored by Piotr Bania | Site piotrbania.com

RealNetworks RealPlayer/RealOne Player/Helix Player all suffer from a heap corruption vulnerability in the handling of specially crafted .mov files. Successful exploitation may lead to code execution.

tags | advisory, code execution
SHA-256 | d0b3de4e4ec1830bd5ba47b604c4bffbdf1436a14cbbabd5bde23e273d74a08c
Gentoo Linux Security Advisory 200710-11
Posted Oct 13, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-11 - iDefense reported that the xfs init script does not correctly handle a race condition when setting permissions of a temporary file. Sean Larsson discovered an integer overflow vulnerability in the build_range() function possibly leading to a heap-based buffer overflow when handling QueryXBitmaps and QueryXExtents protocol requests. Sean Larsson also discovered an error in the swap_char2b() function possibly leading to a heap corruption when handling the same protocol requests. Versions less than 1.0.5 are affected.

tags | advisory, overflow, protocol
systems | linux, gentoo
advisories | CVE-2007-3103, CVE-2007-4568, CVE-2007-4990
SHA-256 | 511f463b3188bb6e41c1e0acef1a8578132acf147999f05fdb2f1f68b185056e
TISA2007-08-Public.pdf
Posted Aug 1, 2007
Authored by Maldin d.o.o | Site teamintell.com

Birokrat version 7.4 is susceptible to a heap corruption vulnerability.

tags | advisory
SHA-256 | d2f157beb92b59bea403a146018f49e4e304f86f50eba9785f5c75fcc43f0793
n.runs-SA-2007.016.txt
Posted Jul 23, 2007
Authored by Sergio Alvarez | Site nruns.com

ESET NOD32 Antivirus suffers from a heap corruption vulnerability during the parsing of .CAB files.

tags | advisory
SHA-256 | 8dae8f5f74c1a686972ac290694b45ebd96e122d26950d506a99ac0cfc1ccb98
iDEFENSE Security Advisory 2007-05-08.3
Posted May 10, 2007
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 05.08.07 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the target user. This vulnerability specifically exists in the handling of property strings of certain control words in an RTF document. In certain circumstances, these property strings can be written into a memory region which has already been deallocated and heap corruption can occur. iDefense has confirmed that winword.exe file version 11.0.8106.0, as included with a fully patched Microsoft Word 2003 SP2, is vulnerable. Previous versions of Microsoft Word are also likely to be affected.

tags | advisory, remote, arbitrary
advisories | CVE-2007-1202
SHA-256 | 46ec72415e834b6a52d6a15c148a41952e7fb608dc242fbd831554d99fec6755
iDEFENSE Security Advisory 2007-03-05.1
Posted Mar 8, 2007
Authored by iDefense Labs, Ruben Santamarta | Site idefense.com

iDefense Security Advisory 03.05.07 - Remote exploitation of a heap corruption vulnerability in Apple Computer Inc.'s QuickTime media player could allow an attacker to execute arbitrary commands in the context of the current user. The vulnerability specifically exists in QuickTime players handling of Video media atoms. When the 'Color table ID' field in the Video Sample Description is 0, QuickTime expects a color table to be present immediately after the description. A byte swap process is then performed on the memory following the description, regardless if a table is present or not. Heap corruption will occur in the case when the memory following the description is not part of the heap chunk being processed. iDefense Labs confirmed this vulnerability exists in version 7.1.3 of QuickTime on Windows. Previous versions are suspected to be vulnerable.

tags | advisory, remote, arbitrary
systems | windows, apple
advisories | CVE-2007-0718
SHA-256 | fec5cfa3ca512e52554badeb637b6197568fa66695d6a4894d6a34b8670d4953
iDEFENSE Security Advisory 2007-02-02.t
Posted Feb 6, 2007
Authored by iDefense Labs, Manuel Santamarina Suarez | Site idefense.com

iDefense Security Advisory - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to trigger a heap corruption vulnerability. The vulnerability can be triggered by sending an overly long HTTP CONNECT request to WinProxy's HTTP proxy service. iDefense has confirmed this vulnerability in WinProxy 6.1a and 6.0 r1c. All previous versions are suspected vulnerable.

tags | advisory, remote, web
SHA-256 | d2044d04ae53aaf7545b251d93ad6569c3f042b4971c7610071ef2cf8d54ed23
Gentoo Linux Security Advisory 200701-16
Posted Jan 24, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions less than 7.0.9 are affected.

tags | advisory, remote, code execution
systems | linux, gentoo
SHA-256 | 5b407216e87ea84e50448fe21e241bece83b951de5dd418880925a300925fb69
n.runs-SA-2006.003.txt
Posted Dec 21, 2006
Authored by Sergio Alvarez | Site nruns.com

A remotely exploitable vulnerability has been found in the file parsing engine for BitDefender allowing for remote code execution.

tags | advisory, remote, code execution
SHA-256 | a23052956835d2a738c754384152d85f6cfda66579f00459c5f92b64f88730c5
n.runs-SA-2006.002.txt
Posted Nov 14, 2006
Authored by Sergio Alvarez | Site nruns.com

The Grisoft Inc. AVG Antivirus system has had multiple vulnerabilities discovered in the file parsing engine that allow for arbitrary code execution. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.

tags | advisory, arbitrary, vulnerability, code execution
SHA-256 | 2df1d6ba1168f33411d64216fc6207477b58415db787795da79aad12e7ebc9ea
ONE.zip
Posted May 21, 2006
Site reversemode.com

Proof of concept CHM file that demonstrates a heap corruption vulnerability in the Microsoft Infotech Storage System Library (itss.dll).

tags | exploit, proof of concept
SHA-256 | d8ef3858baa50f11d566db9a14b2ab96af1ac5fa8e86c5b98565ed099bd7b0e6
msinfotech.txt
Posted May 21, 2006
Site reversemode.com

Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code.

tags | advisory, arbitrary
SHA-256 | d98d69c089fa482c6caceed0b5b928ed2ea318ec604b1baad057ea65ad2427d0
iDEFENSE Security Advisory 2006-01-05.3
Posted Jan 8, 2006
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 01.05.06 - Remote exploitation of a design error in Blue Coat Systems Inc.'s WinProxy allows attackers to cause a denial of service (DoS) condition. The vulnerability can be triggered by sending a large string of 0xFF characters to the telnet proxy port of the server. Sending such a string will cause a heap corruption in the Winproxy process causing it to crash.

tags | advisory, remote, denial of service
advisories | CVE-2005-3654
SHA-256 | e1ca9d383bee063fdb4aa3c89d82101029b9d5a32d60748687bf4330f54a6be8
ieCrash-javaprxy.txt
Posted Jul 1, 2005
Authored by Martin Eiszner, sk0L | Site sec-consult.com

A heap corruption vulnerability exists in the javaprxy.dll in Internet Explorer 6. Sample denial of service exploit included.

tags | exploit, denial of service
SHA-256 | 0398c68222d475a8fc047b7a6c11c488a80ed1c6524e70ea9630b3dc2b2b50c9
Gentoo Linux Security Advisory 200504-11
Posted Apr 19, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200504-11 - James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a specially crafted URL. Tavis Ormandy of the Gentoo Linux Security Audit Team identified a heap corruption issue in the filtering of URLs. Versions less than 2.0.2-r3 are affected.

tags | advisory
systems | linux, gentoo
SHA-256 | 5230e1bc925375fa4788e07f7ce82ed74e9dfa93f2e7f7d56512315e0fe36532
n-du.tgz
Posted Sep 30, 2004
Authored by Serguei

N-du is a Unix backdoor which does not have any open ports. It waits for a special UDP or TCP packet, then opens a tcp port backdoor.

tags | tool, udp, tcp, rootkit
systems | unix
SHA-256 | 1d716fe2d428a1b091b2323219d12fa9adc4fb7bb83e3074c1b4ab462af6d467
ezphotoshare.txt
Posted Dec 4, 2003
Authored by Peter Winter-Smith | Site elitehaven.net

eZphotoshare has multiple overflow vulnerabilities that allow remote code execution from a heap corruption in ntdll.dll and the ability to overwrite important saved values via vulnerable code in mfc42.dll.

tags | exploit, remote, overflow, vulnerability, code execution
SHA-256 | b12e004365a61fc7f59fbe522739cc9cd0248db2cc93c71f0a27f7a07e9476f2
core.realplayer.txt
Posted Mar 29, 2003
Site coresecurity.com

CORE Security Technologies Advisory - RealPlayer versions 8, v2, v1, OS X, and others have a heap corruption vulnerability in the way RealPlayer deflates PNG images allowing remote attackers to gain access and execution rights of the user running the player.

tags | advisory, remote
systems | apple, osx
SHA-256 | b12dc6f2f6381eed176f652eb6a4d20d2fc0a32b27fc20153c6c3197a8e8df48
N-Stealth-3.5-b62.zip
Posted Oct 22, 2002
Authored by Felipe Moniz | Site nstalker.com

N-Stealth v3.5 is a vulnerability assessment tool for Windows which scans webservers for bugs that allow attackers to gain access. Uses a database of 19,000 vulnerabilities and exploits.

Changes: New holes added. Improved Top 20 Scan (based on SANS/FBI Top 20 v2.6). Improved N-Stealth Report. New interface adjustments. Code optimization.
tags | vulnerability
systems | windows
SHA-256 | f3d9cfd5d8699e4a7fd25ae3862d5e286853c68aeb7b8551bf5331421a42ef0a
suse.imlib.txt
Posted May 8, 2002
Site suse.de

SuSE Security Announcement: imlib (SuSE-SA:2002:015) - Imlib used to depend on a netpbm library which is well known to have security problems. This and a heap corruption bug have been corrected.

systems | linux, suse
SHA-256 | 2b8c62dbe9dfb2ff8c5fe9b81bf9c14050d90ff08553f73c01d4d5e6d20e6e29
N-C-1-87.txt
Posted Aug 17, 1999

NTISSAM COMPUSEC/1-87: Advisory Memorandum on Office Automation Security Guidelines

tags | paper
SHA-256 | 10e4d64cdc8babc15f060a5c090e854ad8d47ea0e4e76225f5222648e420be82
Page 4 of 4
Back1234Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close