There is an out-of bounds read vulnerability in WindowsCodecsRaw.dll while processing a malformed Canon raw image. This can potentially lead to disclosing the memory of the affected process. All applications that use Windows Image Codecs for image parsing are potentially affected. The vulnerability has been confirmed on Windows 10 v2004 with the most recent patches applied.
1ea2260b2783f8f68dc9be4f978b3561There is an out-of-bounds write vulnerability when decoding a malformed PICT image on macOS. The vulnerability has been confirmed on the latest stable macOS version.
f62261f5660f9ced363ae4dabdfa325fThere is an out-of-bounds write vulnerability in jscript.dll in the JsArrayFunctionHeapSort function. This vulnerability can be exploited through Internet Explorer or potentially through WPAD over local network.
82afb637d0f91a3f4210fbcfc5b8c0eaThere is an out-of-bounds vulnerability in Microsoft VBScript in rtFilter. The vulnerability has been confirmed in Internet Explorer on Windows 7 with the latest patches applied.
bb550cb6c47a76bff9745e2c8f95a914There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.
f5cc50595786ed774a0112b7002d39e0There is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).
5d6d4de766996a82680340bb4a93c196There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
f8f0367a62a7c9dadd43f0e6c52c13e5There is an out-of-bounds read in H264 parsing and a fuzzed file is included in this archive. To load, load LoadMP4.swf with the URL parameter file=compute_poc.flv from a remote server.
c69ee1252584fef446ae32e04be6944dUse After Free in Flash AVSS.setSubscribedTags, setCuePointTags and setSubscribedTagsForBackgroundManifest can be abused to write pointers to String to freed locations.
01ebd6a5cfc83e6220448dc7380d4fe3An integer overflow while calling Function.apply can lead to enter an ActionScript function without correctly validating the supplied arguments. Chrome version 41.0.2272.101 stable with Flash version 17.0.0.134 is affected.
ae3b92b7b81d5321e364dc9f2475a8b3Flash suffers from a broker-based sandbox escape.
fcf0457a764c09749ab9c504f282831aFlash suffers from a broker-based sandbox escape.
bbdfa3d3758f087eeeb4baf393150b1eFlash suffers from a broker-based sandbox escape.
de49c0fd4c2ddc561c79bf78a634ed83The "transient array" specified in the "Type 2 Charstring format" specs but also available in Type1 fonts (originally for the purpose of facilitating Multiple Master fonts) is allocated dynamically only if the CoolType interpreter encounters an instruction which requires the presence of the array, such as "get" or "store". While allocating the array, however, the routine does not automatically clear the contents of the newly created buffer.
c5635db0998da538780ccc1b2df3b331There is an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corruption and remote code execution.
263b173055757ddeee5316dc851ce253The Type1/CFF CharString interpreter code in the Adobe Type Manager Font Driver (ATMFD.DLL) Windows kernel module does not perform nearly any verification that the operand stack is large enough to contain the required instruction operands, which can lead to up to "off-by-three" overreads and overwrites on the interpreter function stack.
fd84729970a1d3710fa3cae955d9bb63The system call NtPowerInformation performs a check that the caller is an administrator before performing some specific power functions. The check is done in the PopUserIsAdmin function. On Windows 7 this check is bypassable because the SeTokenIsAdmin function doesn't take into account the impersonation level of the token and the rest of the code also doesn't take it into account.
24d9b5b76d079c599d33e4de0e0a9c90GSTOOL versions 3.0 through 4.7 contain an insecure encryption feature using the non-public CHIASMUS block cipher.
e7a74491e2bb61e4163e19c7f9bab188GNU SASL is an implementation of the Simple Authentication and Security Layer framework and a few common SASL mechanisms. SASL is used by network servers such as IMAP and SMTP to request authentication from clients, and in clients to authenticate against servers. The library includes support for the SASL framework (with authentication functions and application data privacy and integrity functions) and at least partial support for the CRAM-MD5, EXTERNAL, GSSAPI, ANONYMOUS, PLAIN, SECURID, DIGEST-MD5, LOGIN, NTLM, and KERBEROS_V5 mechanisms.
982fe54a20016aa46a871c084c990c36This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.
b607d4a63d0250d0e1f386df5bb3cafbThese slides are from the Trustwave Global Security Report as presented at the OWASP AppSec USA 2011 conference.
031dbd61e5b28d76d75b184b9a5442a9Gsonline WebNDesign suffers from a remote SQL injection vulnerability.
cbbbb8d6cd0ca974cb88190bdbe4cef2Game Servers Client version 2.00 Build 3017 suffers from a denial of service vulnerability.
1c9002bef34833a3228ab05a4050df1cGame Servers Client version 2.00 Build 3017 uses IRC as the backend but failed to validate changes to a nickname.
fd6a8ff6ff4184618a15fba9e20a6ca3GSPlayer version 1.83a Win32 release buffer overflow exploit that spawns calc.exe.
e6030552f918949e4f5e43754d4a77f2GSM SIM Utility Direct RET local buffer overflow exploit. Affects version 5.15.
055a6049a48a76b62d4168f558b26e50
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed