A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.
7a0c64574b2e01dbddc971f3557dfe31f8e6283bdc787167adabb29625283c88This Metasploit module exploits a memory corruption flaw in Microsoft XML Core Services when trying to access an uninitialized Node with the getDefinition API, which may corrupt memory allowing remote code execution. At the moment, this module only targets Microsoft XML Core Services 3.0 via IE6 and IE7 over Windows XP SP3.
b42f6ac491db2e23d28b44a0a21b16d7602d98dada63659c4d62505cfc674e08This Metasploit module exploits a memory corruption flaw in Internet Explorer 8 when handling objects with the same ID property. At the moment this module targets IE8 over Windows XP SP3 through the heap massaging plus heap spray as exploited in the wild.
20f72fec96a5590b5bee38dc7ead6c6f34987bffcedca8f42c8054df4bedc309This Metasploit module exploits a vulnerability found in Lattice Semiconductor PAC-Designer 6.21. As a .pac file, when supplying a long string of data to the 'value' field under the 'SymbolicSchematicData' tag, it is possible to cause a memory corruption on the stack, which results in arbitrary code execution under the context of the user.
4f39a6ba7a1c027c53d6c89df81d4f572dc43a0a4728c3bef5f6473a11849cc1Apple Security Advisory 2012-06-11-1 - iTunes 10.6.3 is now available and addresses multiple issues. Importing a maliciously crafted .m3u playlist may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow existed in the handling of .m3u playlists. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in WebKit.
644c91fc8758a15b827d4bc4a159391a534dc99616a262e6926d0a05f89dab42PEamp suffers from a memory corruption vulnerability when handling a malformed .mp3 file.
966cb7a1ea51a0ff2928b968ca176c568dc18df4086b304150197c83f80d2827Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
b4728ca55ce3cfd40444a11b5acd5298ece8e9bf6c775569b96cc5d90bcd9a33Apple Security Advisory 2012-05-07-1 - A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. Multiple cross site scripting issues existed in WebKit along with a memory corruption issue.
786fe23968a3f5aa19c1879e551587fcf15f839f12791813e11922d9793808ecOpenSSL versions up to and including 1.0.1 are affected by a memory corruption vulnerability. asn1_d2i_read_bio in OpenSSL contains multiple integer errors that can cause memory corruption when parsing encoded ASN.1 data. This error can be exploited on systems that parse untrusted data, such as X.509 certificates or RSA public keys.
b2527f3f787a4be179232af6290c80365f3d3b21d504e92bda12f332f8efc586RealPlayer SP1 versions 1.1.4 Build 12.0.0.756 and below suffer from a memory corruption vulnerability.
ddd9e040f4b7eafed5ff80ef2b389fd0a0d7384cbf7bae93936c186a876e915bVUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a memory corruption error within the Matrix3D class when processing malformed 3D data within SWF files, which could be exploited by attackers to potentially compromise a vulnerable system or disclose memory information by tricking a user into visiting a specially crafted web page. Adobe Flash Player versions 11.1.102.62 and below are affected.
cd2efadbb305725a418111b28128ed5c65004213052f530f752893ddaadc11f6Passport PC To Host suffers from a memory corruption vulnerability when handling a malformed .zws file.
702f046230f5d06b667b90581f9b5e60857bee240b2a182580ea7a260382b2beNovell GroupWise Messenger versions 2.1.0 and below suffer from a memory corruption vulnerability. Proof of concept code included.
7bf5d40c43687f0dd580d97a27bf832ee281150557d29f08aaeefdac37a8bcc1Skype version 5.6.59.x suffers from a memory corruption vulnerability.
f4417e15a0cf84e00fc1f172c6a7c50d4c3fdc1df7fc4e845f60805468c7512aAdobe Shockwave Player versions 11.6.x.x suffer from a memory corruption vulnerability when parsing the field of KEY_ATOM of Director File.
af4574067944693d217e9b7ad5562a6fcb4b45eb39479343f7c42d4faa4f340bHTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
e73e95a4311308b98e3825e22e4fe06f71900b0c45ea2c0e25d03563da3eea17Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.
a7a0e1f5a510767a203883c22ca987a3d6527f55342b4946f60fee31cb02af82Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.
6a8d26996f84e01bae44e66eb7acdcfb123b54cf4dcae161cb23df3bf1115b61FFmpeg Libavcodec suffers from a memory corruption vulnerability.
f37566256d4b0e7fd3d14165701b8670023e06e8c87f2e0856f1c19a5698ce98Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.
b042b6cfefe59bf1569e922d7012f959d2ae5e85844b6ddcc1fa014ac415dd41Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
695649c7d963064d7f163ac945a29aca4d694e1c7ff52a09ee8e2a7a93377531Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a memory corruption vulnerability. Proof of concept included.
7bc888fe4dd23f5c472f81da4b3f94f9ff21c5f791f277ebde1ec6021951f893GateProtect CC version 3.0.1 suffers from a memory corruption vulnerability.
550d7f7d2f41263804e50ce29955269f66a63e9d3f3eb535012b38c8979e5fe4iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
942d74f656f37c0e192a61cad927f560e615855d6d84fc3d9b682b994f4e47bfiDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
a4cc81d5475470608b44363a528ccde05f1dbe3da1d6719cf0e9b5d63761b2d0This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
cca2c04d9608cabd67212e6b6de6f391c4ae540b9386fc4c1e27694218c8edb5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed