Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
9f637d773e05147f5fddebca47d4f32eaa065525a4713e86117852b4fc62630cSecunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
5ed5b03e9a9bfac07541b8affc29df12ce6a114af5ce70de811e350abee24c4cSecunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
79ff156cf917fb691f4b17bdbfad5cb0a6cc061edf41a7bcd72b346f6913a832Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
c8af127dc81e18677064ef66428dd5b8386a0ce6358af637f1bbae03414a1ae4Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in AcroForm.api when parsing GIF image data. This can be exploited to bypass a size check to cause a heap-based buffer overflow when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
132e0aa8ecbd7c96905b34789b2bbad53e50f5a3acad72b9b20a5a3a66b81d08Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an uninitialized memory error in AcroForm.api when processing JPEG image data. This can be exploited to dereference out-of-bounds memory when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
1fa888e94466db10ecc4cd45faac1367ad8a73ac5c7003062c97e83fa77763bcSecunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected.
5db2e877b929448ce53fbaefcd4fe1dc429beb3e14f7b1dcec039f413a870480Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing embedded fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
c0df90ba22d702d5895e0e567d8b513727f5c0fb8f18fea09ecb1d9b6df3de7bSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an error when processing asset entries and can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
fd7ee053649f29172199e1a95030011594179adc1655c800f9830c93e76ae257Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
b5ce1892a860a21e337e443c62011c129dda014f2c804f59309422383732a762Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an array indexing error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
aaccf5333966fa257d1abf65746a2b24762c1eea4ffaf39c72989322d81409fdSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a signedness error when processing Shockwave files. This can be exploited to corrupt memory when a specially crafted Shockwave file (e.g. ".dir") is opened. Successful exploitation may allow execution of arbitrary code. Version 11.5.6.606 is affected.
0de19e3ef14663cc00a96c258b363f1f0f8271752f2f8f61678d437370f2d5b8Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing FFFFFF45h Shockwave 3D blocks. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.6.606 is affected.
15a8dfe7974507aed2ca880478d7e11000be879f68bd99e4424659fe3687ca8aSecunia Security Advisory - iDefense Labs has reported a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system.
015c8b62ef09d4a17fc7df45bd3f1fabe814db7ef69a18667da02d1a35fd6c38iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
9a38749723b857cb3e896aba20e2a23b58f974d6729609fcebae71db896a4859Secunia Research has discovered a security issue in Bournal, which can be exploited by malicious, local users to disclose sensitive information. The script uses e.g. the insecure "-K" command line parameter to pass the key to the ccrypt utilities, which can be exploited to obtain the key from the list of running processes. Note: This may not affect recent Linux versions, but is confirmed for FreeBSD 8.0. Other systems may also be affected. Version 1.4 is affected.
28a7ae6c7e9250897654b9dd6ec9de66b67ea1f3c9d8407ce433899cb325f213Secunia Research has discovered four vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by four integer overflow errors when processing a certain block type. These can be exploited to cause heap-based buffer overflows via specially crafted Shockwave files. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
2b675879c41d33b1cef80c5262c5a1ef851e8b47dff731fcab135b0972822b31Secunia Research has discovered two vulnerabilities in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by two integer overflow errors when processing Shockwave 3D models. These can be exploited to corrupt heap memory via specially crafted Shockwave files. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
17d57c1485e5cf9ef58b9f14925858958264e555b5c7bbdb27ea51453dfade52Secunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when processing Shockwave 3D models. This can be exploited to cause a heap-based buffer overflow via a specially crafted Shockwave file. Successful exploitation allows execution of arbitrary code. Version 11.5.2.602 is affected.
505af33a6b87fd4467a4f73d2dc13b84c179cbf7f2e43dbcb79b688f70793e2fSecunia Research has discovered a vulnerability in Adobe Shockwave Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow error when processing a certain Shockwave 3D block. This can be exploited to corrupt memory via a specially crafted Shockwave file. Successful exploitation may allow execution of arbitrary code. Version 11.5.2.602 is affected.
ee5b1897f238ae118309546dbdae38bb523fb26b557924829cf8636189565ea0Secunia Research has discovered some vulnerabilities in AproxEngine, which can be exploited by malicious users to manipulate certain data, conduct spoofing, SQL injection, and script insertion attacks and by malicious people to conduct SQL injection and script insertion attacks. Versions 5.3.04 and 6.0 are affected.
c462342d4803cce0edf6f9bb2831e2fb8c104cee7660685e0e6e898f93843b85Secunia Security Advisory - A vulnerability has been reported in Autonomy KeyView SDK, which can be exploited by malicious people to compromise a user's system.
3c4be24a91bbd77fca7538d1a95455189462a358590e83666c41ca7cf13fb119iDefense Security Advisory 08.11.09 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView SDK allows attackers to execute arbitrary code with the privileges of the targeted application. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of strings in the table. This value is used in a calculation that controls the number of bytes to allocate for a dynamic heap buffer. The value is not properly sanitized, which leads to an integer overflow in the calculation. This results in a heap based buffer overflow vulnerability.
91a37e71adf284b1c3c01485dd1c4380ba48759365687481f5d2f29106412bf4Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of Huffman encoded JBIG2 text region segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. Adobe Reader version 9.1.0 is affected.
8628a799db013887f6f7638ae105c3171c982627797e972918ff84f183df7579Secunia Research has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the processing of MS ADPCM encoded audio data. This can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. Successful exploitation may allow execution of arbitrary code. Apple QuickTime version 7.6 is vulnerable.
a2a4b3b1f79137e0bdaa1f56ec9cb556a63484d2f019f3520bd9593a4fd3fe1bSecunia Research has discovered two vulnerabilities in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors when processing certain atoms and can be exploited to cause stack-based buffer overflows via a specially crafted PowerPoint file. Successful exploitation allows execution of arbitrary code. Microsoft PowerPoint 2000 SP3 is affected.
565f67468c3c6a9e5fa87b11ec3c1f0615fbcd97493d26b020d6d08c6e7b34ab
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed