what you don't know can hurt you
Showing 51 - 75 of 100 RSS Feed


Microsoft Windows Kernel ATMFD.DLL NamedEscape 0x250D Pool Corruption
Posted Jan 10, 2018
Authored by Google Security Research, mjurczyk

The Microsoft Windows OpenType ATMFD.DLL kernel-mode font driver has an undocumented "escape" interface, handled by the standard DrvEscape and DrvFontManagement functions implemented by the module. The interface is very similar to Buffered IOCTL in nature, and handles 13 different operation codes in the numerical range of 0x2502 to 0x2514. It is accessible to user-mode applications through an exported (but not documented) gdi32!NamedEscape function, which internally invokes the NtGdiExtEscape syscall.

tags | advisory, kernel
systems | windows
advisories | CVE-2018-0788
MD5 | 96b46447ba7a6c968d0db2900d57b8a3

Related Files

Posted Apr 21, 2008
Authored by Luke Jennings | Site mwrinfosecurity.com

This whitepaper discusses the security exposures that can occur due to the manner in which access tokens are implemented in the Microsoft Windows Operating System. A brief overview of the intended function, design and implementation of Windows access tokens is given, followed by a discussion of the relevant security consequences of their design. More specific technical details are then given on how the features of Windows access tokens can be used to perform powerful post-exploitation functions during penetration testing, along with a basic methodology for including an assessment of the vulnerabilities exposed through tokens in a standard penetration test.

tags | paper, vulnerability
systems | windows
MD5 | 3db61250e4b375fb5b3216cd0316f311
Posted Apr 14, 2008
Authored by Lamhtz

This code generates an emf file that demonstrates the Microsoft Windows GDI API stack overflow vulnerability as detailed in MS08-021. Spawns calc.exe.

tags | exploit, overflow
systems | windows
MD5 | 7f3cc2f780f3efa06c3119aec6e31dad
Posted Oct 22, 2007
Authored by Stefan Kanthak

The Microsoft Windows binary of curl contains a vulnerable version of zlib.

tags | advisory
systems | windows
advisories | CVE-2005-2096
MD5 | 9c0b704918182c4b5c0f0bc0c6aca43c
Posted Oct 22, 2007
Authored by Stefan Kanthak

The Microsoft Windows binary GSV48W32.EXE of gsview contains a vulnerable version of zlib.

tags | advisory
systems | windows
advisories | CVE-2005-2096
MD5 | ac56846a8bc850b4738d5e28d0ed1e2a
Zero Day Initiative Advisory 07-055
Posted Oct 11, 2007
Authored by Tipping Point, Tenable Network Security | Site zerodayinitiative.com

A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.

tags | advisory, remote
systems | windows
advisories | CVE-2007-2228
MD5 | 8bc0b6bda857bf489e188ca6910a1499
iDEFENSE Security Advisory 2007-07-19.2
Posted Jul 20, 2007
Authored by iDefense Labs, Greg MacManus | Site idefense.com

iDefense Security Advisory 07.19.07 - Remote exploitation of an input handling vulnerability within multiple browsers on the Microsoft Windows platform allows code execution as the local user. This vulnerability is due to interaction between programs. The most commonly used Microsoft Windows URL protocol handling code doesn't provide a way for the URI handling application to distinguish the end of one argument from the start of another. The problem is caused by the fact that browsers do not pct-encode certain characters in some URIs, which does not comply with the behavior that RFC3986 (also known as IETF STD 66) requires. As a result, a specially constructed link could be interpreted as multiple arguments by a URI protocol handler.

tags | advisory, remote, local, code execution, protocol
systems | windows
advisories | CVE-2007-3670
MD5 | 401f50546fb7a6ac0740d19ed3abeec5
Posted Apr 17, 2007
Authored by Winny Thomas

Remote exploit for the Microsoft Windows DNS RPC service vulnerability. Tested on Windows 2000 SP4. Binds a shell to TCP port 4444.

tags | exploit, remote, shell, tcp
systems | windows, 2k
MD5 | 59a3274fb97bad7d806445dbcd5c4d08
Technical Cyber Security Alert 2007-103A
Posted Apr 17, 2007
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA07-103A - A buffer overflow in the the Remote Procedure Call (RPC) management interface used by the Microsoft Windows Domain Name Service (DNS) service is actively being exploited. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges.

tags | advisory, remote, overflow, arbitrary
systems | windows
MD5 | 42abbaf3166584681a12e1c81f44a253
Posted Apr 5, 2007
Authored by devcode

Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability. (Hardware DEP).

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1765
MD5 | 3ef5d0babe738f2a27c7e91cf240639e
Posted Apr 2, 2007
Authored by devcode

Exploit for the Microsoft Windows .ANI LoadAniIcon stack overflow vulnerability.

tags | exploit, overflow
systems | windows
advisories | CVE-2007-1765
MD5 | 7bb08f8016e7355ebe1fe858be809c5b
Posted Apr 2, 2007
Site research.eeye.com

Quick and dirty blanket fix for the Microsoft Windows ANI zero-day vulnerabilities. Prevents loading cursors from outside the Windows directory.

tags | vulnerability
systems | windows
MD5 | a4a751a3a61919b3029cdc4c35c271c3
Posted Oct 17, 2006
Authored by McAfee Avert Labs Security Advisory | Site mcafee.com

MS06-060 Microsoft Word Memmove Code Execution: An integer bug (stack overflow) exists in the Microsoft Word file format. The file format allows a attacker to create a malicious Microsoft Word document that when opened, will execute arbitrary code.

tags | advisory, overflow, arbitrary, code execution
MD5 | ab3a2355d865a607b1d69417a96bf189
Posted Jul 12, 2006
Authored by H D Moore, Pedram Amini | Site tippingpoint.com

The Microsoft SRV.SYS driver suffers from a memory corruption flaw when processing Mailslot messages. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability and code execution occurs within the context of the kernel.

tags | advisory, remote, arbitrary, kernel, code execution
systems | windows
advisories | CVE-2006-1314
MD5 | b47c1cbf91e63eaad1a5176c21856aef
Posted Jun 15, 2006
Authored by Peter Winter-Smith | Site nextgenss.com

Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in the Microsoft Windows Remote Access Connection Manager (RASMAN) service which (under certain versions of the OS) can allow a remote, anonymous attacker to gain complete control over a vulnerable system.

tags | advisory, remote
systems | windows
MD5 | 0166eb830dc1f396dcf4fb1f31431818
Debian Linux Security Advisory 954-1
Posted Jan 25, 2006
Authored by Debian | Site debian.org

Debian Security Advisory DSA 954-1 - H D Moore that discovered that Wine, a free implementation of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.

tags | advisory
systems | linux, windows, debian
MD5 | 6d918e8ccdf13c242e7e9a3ee9ebfd72
Posted Dec 31, 2005
Site nist.org

Lotus Notes uses the same vulnerable shimgvw.dll graphics rendering engine file implicated in the Microsoft WMF file handling vulnerability.

tags | advisory
MD5 | 3ba22068788d9ab491e5ca16b4f771b3
iDEFENSE Security Advisory 2005-11-15.2
Posted Nov 20, 2005
Authored by iDefense Labs | Site idefense.com

iDEFENSE Security Advisory 11.15.05 - The Microsoft Windows API includes the CreateProcess() function as a means to create a new process and it's primary thread. CreateProcessAsUser() is similar but allows for the process to be run in the security context of a particular user.

tags | advisory
systems | windows
advisories | CVE-2005-2936, CVE-2005-2937, CVE-2005-2938, CVE-2005-2939, CVE-2005-2940
MD5 | be6121b7cbadedb44d38ac22b2447b0d
Posted Sep 7, 2005
Authored by Bruce Ward | Site doorman.sourceforge.net

The Doorman is a port-knocking listener daemon which helps users secure private servers. It allows a server to run invisibly, with all TCP ports closed. This version is the Microsoft Windows binary executable release.

Changes: Fixed the silent doorman problem.
tags | tcp
systems | windows
MD5 | c299f069aded9f65d74c37de0c93e031
Posted Apr 18, 2005
Authored by class101 | Site hat-squad.com

Remote heap buffer overflow exploit for the Microsoft Windows Internet Name Service. Tested against Win2k SP4 Advanced Server English. This exploit can bind a shell to port 101 or will reverse a cmd shell back to a listener.

tags | exploit, remote, overflow, shell
systems | windows, 2k
MD5 | b08e8dd6c1b44ec43827c25a4d9c7598
Secunia Security Advisory 14927
Posted Apr 18, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Some vulnerabilities have been reported in the Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.

tags | advisory, denial of service, local, vulnerability
systems | windows
MD5 | f0d7455da28bddbfe20125ee3307ab50
Technical Cyber Security Alert 2005-12B
Posted Jan 16, 2005
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA05-012B - The Microsoft Windows HTML Help Activex control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML document loaded in Internet Explorer or any other program that uses MSHTML.

tags | advisory, remote, arbitrary, activex
systems | windows
advisories | CVE-2004-1043
MD5 | 0acfaddeaf77ea7eac78d6eb579b5424
Posted Jan 12, 2005
Authored by Cesar Cerrudo | Site appsecinc.com

AppSecInc Advisory - The Microsoft Windows LPC (Local Procedure Call) mechanism is susceptible to a heap overflow that allows for privilege escalation.

tags | advisory, overflow, local
systems | windows
MD5 | 8230ac79b610f3e607be8fdf31740552
Posted Jan 2, 2005

Simple html code that exploits the Microsoft Windows Kernel ANI file parsing denial of service vulnerability.

tags | exploit, denial of service, kernel
systems | windows
MD5 | 75dcb2797164dd15d32e2e311ff56097
Secunia Security Advisory 13492
Posted Dec 30, 2004
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A security issue has been reported in Windows XP SP2, which erroneously causes the firewall to allow connections from the Internet. The problem is caused by the way certain dialers configure the routing table and how local subnets are interpreted when the 'My network (subnet) only' option is used in the Microsoft Windows Firewall. This issue only affects Windows XP with Service Pack 2 in combination with a dial-up network connection.

tags | advisory, local
systems | windows, xp
MD5 | f5a3acbe598e4e33576f61305734742b
Posted Sep 15, 2004
Authored by Peter Winter-Smith | Site microsoft.com

Microsoft Security Advisory MS04-027 - A remote code execution vulnerability exists in the Microsoft WordPerfect 5.x Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

tags | advisory, remote, code execution
advisories | CVE-2004-0573
MD5 | 94f577f5c4461e2fd07ed3dec3763a05
Page 3 of 4

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2019 Packet Storm. All rights reserved.

Security Services
Hosting By