Memory corruption vulnerabilities have been discovered in NASA's Common Data Format. Versions 3.2.4 and below are affected.
d3bfdae0226b04f7084476e78657351396b5f9598a25fc61dc3d13c191fa4f96Mandriva Linux Security Advisory 2011-189 - Heap-based buffer overflow in the jpc_cox_getcompparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted numrlvls value in a JPEG2000 file. The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a malformed JPEG2000 file. The updated packages have been patched to correct these issues.
46af9b534c46d06cfd6da996d0cfe4b3b0a15d7995cbf4be5b4cffcac8d5d385Zero Day Initiative Advisory 11-348 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within nnmRotConfig.exe CGI program. When processing crafted nameParams parameters, there exists an insufficient boundary check that can lead to a insufficient heap buffer, enabling a heap overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.
8b34d80ef01f16adfe54e85e1bc39fc4193f07b869044663840aeecfaefde141Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.
e70a0b6b137b62f85620a58469fdf28c264299614af24c86f139d85673534a41Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.
e70a0b6b137b62f85620a58469fdf28c264299614af24c86f139d85673534a41HTCVideoPlayer is the default media player of HTC Windows Mobile devices. This media player is prone to a memory corruption vulnerability while parsing stbl atom of 3g2 video format.
e73e95a4311308b98e3825e22e4fe06f71900b0c45ea2c0e25d03563da3eea17HP Device Access Manager for Protect Tools Information Store versions prior to 6.1.0.1 suffer from a heap memory corruption vulnerability.
8c5130001eada0160e3dd77d56ccf4b9801e81f2792039461e1bebc3eb0b5821Zero Day Initiative Advisory 11-337 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.
43ea133c3751d512a5256dd601734f9ceeb84ca0b66f64408082a10e1f8a7affZero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.
19263aa6e1a5b59b2ad9eb7e45da961a8ebdf4fe7400684eb0e1c596149cc1f1Zero Day Initiative Advisory 11-334 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes the audio specific data within a RealMedia audio file. When decoding sample data, the application will explicitly trust a length read from the sample data when populating a buffer that is allocated based on the codec information. Due to this, a memory corruption can be made to occur which can result in code execution within the context of the application.
a7a0e1f5a510767a203883c22ca987a3d6527f55342b4946f60fee31cb02af82Zero Day Initiative Advisory 11-333 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the ATRC codec parses sample data out of the media file. When reading bit sizes from the sample, the application will seek a structure that is used for consuming bits from the sample stream outside the bounds of the correct data. When decoding the sample, the application will use the transformed data to initialize another structure. Due to the sizes being unbound, this can be used to corrupt memory outside the original allocation. This type of memory corruption can be leveraged to gain code execution under the context of the application.
e577e50ea5b9346d525ea656c752164cf4ed9edf71adb8964e1a8881dc18bf98Zero Day Initiative Advisory 11-331 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Realplayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way RealPlayer handles MPEG files. Realplayer parses the mpg file by doing a do while loop where it uses the width of the movie for the loop condition. However, it will subtracts 1 from the width for every iteration of the loop and then compare it to 0. If the width of the movie was zero at the beginning the loop will run 0xFFFFFFFF times. This results in a memory corruption that can lead to remote code execution under the context of the current user.
6a8d26996f84e01bae44e66eb7acdcfb123b54cf4dcae161cb23df3bf1115b61FFmpeg Libavcodec suffers from a memory corruption vulnerability.
f37566256d4b0e7fd3d14165701b8670023e06e8c87f2e0856f1c19a5698ce98Apple Security Advisory 2011-11-10-1 - The new iOS 5.0.1 software update addresses multiple vulnerabilities. An issue existed in CFNetwork's handling of maliciously crafted URLs. When accessing a maliciously crafted HTTP or HTTPS URL, CFNetwork could navigate to an incorrect server. Multiple memory corruption issues existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. Various other issues were also addressed.
c5ad70f72b84c35966e527860253ce728ad2709579ac1a8c20b59fc7ddb03f11Zero Day Initiative Advisory 11-328 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the ProFTPd server. Authentication is required to exploit this vulnerability in order to have access to the ftp command set. The specific flaw exists within how the server manages the response pool that is used to send responses from the server to the client. When handling an exceptional condition the application will fail to restore the original response pointer which will allow there to be more than one reference to the response pointer. The next time it is used, a memory corruption can be made to occur which can allow for code execution under the context of the application.
b042b6cfefe59bf1569e922d7012f959d2ae5e85844b6ddcc1fa014ac415dd41Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file PAMM memory corruption vulnerability.
8fa0331e11caebc74f418fca888a60b9a5de00d45ee773bf9557006f4fd13e66Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
695649c7d963064d7f163ac945a29aca4d694e1c7ff52a09ee8e2a7a93377531Microsoft Excel in Office 2003 version 11.8335.8333 SP3 suffers from a memory corruption vulnerability. Proof of concept included.
7bc888fe4dd23f5c472f81da4b3f94f9ff21c5f791f277ebde1ec6021951f893GateProtect CC version 3.0.1 suffers from a memory corruption vulnerability.
550d7f7d2f41263804e50ce29955269f66a63e9d3f3eb535012b38c8979e5fe4Debian Linux Security Advisory 2328-1 - It was discovered that missing input sanitising in Freetype's glyph handling could lead to memory corruption, resulting in denial of service or the execution of arbitrary code.
b1413231f598db1d72f7c2b56edb09c25552b5cbc1fc955dfd5627c937efee10iDefense Security Advisory 10.12.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s OfficeImport framework could allow an attacker to execute arbitrary code with the privileges of the current user. iOS versions prior to 5 are vulnerable.
942d74f656f37c0e192a61cad927f560e615855d6d84fc3d9b682b994f4e47bfiDefense Security Advisory 10.11.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a Javascript event handler such as "onload" is set to a Javascript object's attributes or childNodes collection. A event object is created and this object's memory is later freed; however, a reference to the object remains. When the reference is later used to access the event object, this now-invalid memory is treated as a valid object. The corrupt object's vtable is used to make an indirect function call. This may result in the execution of arbitrary code. Microsoft Internet Explorer 6 is vulnerable.
a4cc81d5475470608b44363a528ccde05f1dbe3da1d6719cf0e9b5d63761b2d0nSense Vulnerability Research Security Advisory - The coreservice.exe process in Procyon core server versions 1.06 and below contains a remotely exploitable memory corruption flaw which allows for remote code execution. The affected component is coreservice.exe, which listens on port 23, running as SYSTEM. Sending a long string will trigger the overflow.
922acef938ae8deb176229f5e0792d09103f2de6f8e5b7312b17de91b92ff373This Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
cca2c04d9608cabd67212e6b6de6f391c4ae540b9386fc4c1e27694218c8edb5Google Chrome versions prior to 14.0.835.163 suffer from a PDF file handling memory corruption vulnerability. Full advisory and proof of concept pdf and code included.
b3db699edc360a409cb1d6e4bdda4381612b67400739cb96b43d3f489944da1aMandriva Linux Security Advisory 2011-142 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values. Various other issues were also addressed.
b47d99ffd8922cf6f61ae3f6b7b355868e899ebc23904b5d0170dd0cbd6cb987
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed