Memory corruption vulnerabilities have been discovered in NASA's Common Data Format. Versions 3.2.4 and below are affected.
d3bfdae0226b04f7084476e78657351396b5f9598a25fc61dc3d13c191fa4f96Mandriva Linux Security Advisory 2011-141 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Various other issues were also addressed.
7bf97e08ab69bef6b19a6eb40d748b107651d29053a77ed5c525ad4f8d04ea88Adobe Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.
de231a932c681e757853f9b30b26ba630e5371c0793ff22cac8c46c88a5791d2iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs weekly. Specifically, by using a negative integer for the BYWEEKNO property, it is possible to trigger a write operation beyond the bounds of an allocated heap buffer. This can lead to the corruption of memory, and the execution of arbitrary code.
c3a21b221a5ca43b424d4c87ecdc5132c8fd5e83be4966ed52bb847af74da8e6iDefense Security Advisory 09.26.11 - Remote exploitation of a memory corruption vulnerability in Novell Inc.'s GroupWise could allow an attacker to execute arbitrary code with the privileges of the affected service. This vulnerability is present in the calendar processing code, which resides within the GroupWise Internet Agent (GWIA) process. The vulnerability occurs when parsing a malformed calendar recurrence (RRULE) that recurs yearly. When adding a sequence of dates, it is possible to trigger an invalid array indexing vulnerability, and write beyond the bounds of a heap buffer. This can lead to the execution of arbitrary code. Novell GroupWise 8.0x up to (and including) 8.02HP2 are vulnerable.
e0e79989e42a8350fda243c95b2a87e6ecde82bbd0ea9bc0fb9a7e5eab17ade1EViews versions 7.0.0.1 and below suffer from memory corruption and heap overflow vulnerabilities.
be48badc72b4e1d5c824e861b9cf4392dc32970a580ebf2abc57ca1c1f2bcb31iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. A specific value in the record can trigger a memory corruption vulnerability and may allow arbitrary code execution.
53724cb5cc8727f4c7f8eba8148efebb5736319a5c8c2d06831b11effdc1d854iDefense Security Advisory 09.13.11 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when Excel parses a certain specially crafted record in an Excel file. An invalid value of the length field in the record header can trigger an error condition and result in using memory content which has already been freed and may allow arbitrary code execution.
e09343c3f7890e4c5bf50eec1fb9f834e5524c580f5c602204351b7dc18d009cPragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
15775dc3f5bfa268b960b52de96bb01e64c87d9edf2097efa8ca6c9f34693580Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
a0fbee0dcee72f289887ea9255884ea07f7063636fa36519fec2e0f35fcc35caMicrosoft WINS service versions 5.2.3790.4520 and below suffer from a memory corruption vulnerability.
84385a490b727e9d04e9626854b82614cbe512ecafb6f93a84f0f8991c067a96Google SketchUp version 8.x suffers from a memory corruption vulnerability when processing malformed DAE files.
3411767536cf9d6b2fb7141188de04b80de60ea989af8ff7a0b822590f2074a8BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
15455c76959ce3375afe0d9ca55c3e3406b7eb808cd072c8d28bf369a9e800f5Pmcma aims at automating exploitation of invalid memory writes (being them the consequences of an overflow in a writable section, of a missing format string, integer overflow, variable misuse, or any other type of memory corruption).
7544c62a0e04880da65bbb1977d91d5cb2dcf6333c762b966c6abb657c436896Zero Day Initiative Advisory 11-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. It will then copy the correct amount of data into that buffer, but then does some endian changes on a fixed portion of the buffer without checking its size. The resulting memory corruption could result in remote code execution under the context of the current user.
a8598a8dd78e944633f17973eabb78630fc2d2bc0e142ec4979cc064eb1bd91bLumension Device Control (formerly Sanctuary) version 4.4 SR6 suffers from a remote memory corruption vulnerability.
c57ef1704cb0c41b6705165642f98b7d6449b19cbe982463e50749ab3173be60Context discovered two memory corruption issues related to Firefox code that processes WebGL, that could result in remote code execution via a malicious web page. Heap overflows make use of the WebGL shader compiler and the ANGLE library. Versions 4.0.1 and 5 are affected.
e2a6dbc735d5a7f645b6a0736a8b929cdad5127974443db6a2057209e4c009f7Zero Day Initiative Advisory 11-254 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles the 'trun' atom. QuickTime uses user supplied data in the 'sampleCount' field to calculate a buffer size. An integer wrap can occur that results in the allocation of a memory buffer that is smaller than intended. When QuickTime writes to this buffer it causes a memory corruption that can lead to remote code execution under the context of the current user.
2eae2f1a2ecaad9be0997ec66789b0041464a81dabe75da74fdd5dc2b482aa7ciDefense Security Advisory 08.09.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a maliciously formatted sequence of ActionScript code inside an Adobe Flash file. The problem exists in a certain ActionScript function method of the built-in "flash.display" class. When malformed parameters are supplied to this function, a memory corruption will occur, leading to an exploitable condition.
5692748af42e9e662e7a1d8d5215229cc7299a504565cac5bb0c4e3bafd8e0dfApple Security Advisory 2011-08-03-1 - QuickTime version 7.7 has been made available to address multiple code execution, cross-origin, integer overflow, memory corruption, and other vulnerabilities.
08c8a33c814803db93ff4136d87bacc64dfe68c5d11475ce6a6bccf0835835c9WebKit as used in Apple Safari versions prior to 5.0.6 memory corruption exploit with DEP bypass.
16a041c37b31ede793a60e292d6bfca2a8af34db4883b9ac92c3e4c061829c85Apple Security Advisory 2011-07-20-2 - An iWork 9.1 update addresses multiple security issues. A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in the handling of Microsoft Word documents. Opening a maliciously crafted Microsoft Word document in Pages may lead to an unexpected application termination or arbitrary code execution.
a73deccbc64afb80a87bd72b01aefd8124e910e61fa03497792581196667db65Webkit memory corruption proof of concept exploit that can be leveraged against Safari versions prior to 5.1 and 5.0.6.
7cbbe6a6e224542c1004153d9ed66d546c29d2059231bcdba385d168b24ca219Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When processing DOM queries to SVG tags, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by query some properties of SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
620665bfdb86a30421dd34b615a797945553c63b075518ac3852faa9ab9219e1iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When parsing a series of SVG tags, and then manipulating them via JavaScript, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by manipulating the animVal property of various SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
99c8cb11dcb256c511dc2217aaa40292d8c285040e8f55bc2b42756ce98c3948iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in Apple Inc.'s Safari browser could allow an attacker to execute arbitrary code with the privileges of the current user. Safari is Apple's Web browser and is based on the open source WebKit browser engine. This vulnerability occurs when Safari incorrectly handles an error state when encountering a broken XHTML tag. Specifically, the tag enclosing the tag being processed is freed and is then referenced after it has already been freed. This can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
451fa0ffe2995cf2fabae89ed282d4b2fbe5371f34e100141b87a568287fd5e3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed