Rosoft Media Player version 4.4.4 buffer overflow exploit.
d788f5d5fbe39ff2df6d7ccdafa5b25a188ab8049559bf52ef00b80852b4e6a3Secunia Security Advisory - gainover has discovered a vulnerability in JW Player, which can be exploited by malicious people to conduct cross-site scripting attacks.
4f7c0a28e0e8a70a6eb582c6f1cfa65478ce1f72bd4999a46188485fb40cc357Secunia Security Advisory - Parvez Anwar has discovered a vulnerability in 3D XML Player, which can be exploited by malicious people to compromise a user's system.
7936044c8f02e77cf0b42c885997b7e2ee7fae4d7049fc62f15ee500a141f638Secunia Security Advisory - Parvez Anwar has discovered two vulnerabilities in 3D Life Player, which can be exploited by malicious people to compromise a user's system.
be523e33b97e722465129c09a98947dc0a80863e0ca80ac77131c0d6b3dea867Apple Quicktime does not properly parse .pct media files, which causes a corruption in module DllMain by opening a malformed file with an invalid value located in PoC repro01.pct at offset 0x20E. Quicktime Player version 7.7.1 (1680.42) on Windows XP SP 3 - PT_BR is confirmed affected. Other versions may also be affected.
177743c04df027711accb6be0442f662c763f68ae3e958ab54e44b32c5cdd929Apple Security Advisory 2012-05-14-2 - This update disables Adobe Flash Player if it is older than 10.1.102.64 by moving its files to a new directory. This update presents the option to install an updated version of Flash Player from the Adobe website.
a18bf4afd49f0790a7800f00c7179cc923a3890a42c7c396c63645d35c123d0dDebian Linux Security Advisory 2471-1 - Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code.
a752e73c0cc9d4582a8cb0c918c857c8195a4a7f08461bb000946a973352da1fAdobe Shockwave Player suffers from multiple memory corruption vulnerabilities when parsing .dir media files. This file has three advisories pertaining to these issues. Versions affected include Shockwave Player version 11.6.3r633, Module IMLLib.framework on MacOS X 10.7.2 (11C74).
68a2f9480c2bfe6e206c7c6cb220e52d87c7a6f1a454f30d7a1596ce26707535Secunia Security Advisory - Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system.
693d4558d923a6960a0452444ac98a6e95203f15318f3619b07b7696bc1ff4bcSecunia Security Advisory - SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
07b9b440af582abbcc7e52c06c6f6632c913a8117497fee26bff413a623bb383Secunia Security Advisory - A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.
8416b6dd845c6b83a4da1822b91efeb94834aecf98e3f9d0b3082a81495a1002Secunia Security Advisory - Two vulnerabilities have been reported in VMware Workstation, VMware Player, and VMware Fusion, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.
a4a73ff58251fce29631338f38ad4e05e74b89f534beebcb2fd6e693de868af8VMware Security Advisory 2012-0009 - VMware Workstation, Player, ESXi and ESX patches address critical security issues.
eb075b48375e4e244ac290d95f092560fec992c243117c80698f4db787b4f60aThis Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided.
7856c6264ba9fc35e320d076f363c777f1720c644ed1819cf46c0dd75d155ea8Remote Anything Player version 5.60.15 suffers from a denial of service vulnerability.
bed7c036a7c82edb36944ea8ec914bc2ee2e4524de039500e9c4d2ab54455325KMPlayer version 3.2.0.19 suffers from a DLL hijacking vulnerability.
e710953170f62944c95092c7d7f49e5821951feac65493d0dc8d7059e53707a9This Metasploit module exploits a vulnerability in Adobe Flash Player for Linux, version 10.0.12.36 and 9.0.151.0 and prior. An input validation vulnerability allows command execution when the browser loads a SWF file which contains shell metacharacters in the arguments to the ActionScript launch method. The victim must have Adobe AIR installed for the exploit to work. This Metasploit module was tested against version 10.0.12.36 (10r12_36).
93d7262043fea9cda6bcae5df8301841074b655ead8497ddc9cbc8fb6a8f410cVUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an invalid object being used when parsing a malformed video via "NetStream.appendBytes", which could allow remote attackers to leak memory and execute arbitrary code despite ASLR and DEP enabled.
9b4488d35212ce158b36f3b2eb967b148fddbf040de1f99a30ab5a53f3202ef4Gentoo Linux Security Advisory 201204-7 - Multiple vulnerabilities in Adobe Flash Player, the worst of which might allow remote attackers to execute arbitrary code. Versions less than 11.2.202.228 are affected.
bcf33f097735edaa2dba3ae55379f08e72c0e989bf92ca775ea579c3a0dded65Secunia Security Advisory - Multiple vulnerabilities have been reported in RealPlayer Enterprise, which can be exploited by malicious people to compromise a user's system.
b4d217f42c3ed17c2cfbf5298888c8be24765eb39dd544f335cf2d649f544b69Technical Cyber Security Alert 2012-101B - Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default.
7b6efa396060be88ab58d1b9ba817b6174c0d8cac6c5b6a361ff1c72175a2467Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.
919e54396b72d0c9306baf9712477f90b15662d107f47fd151cc3e00084425afZero Day Initiative Advisory 12-057 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.
f10032eed460124a4fc1a534f5ee945f69ee0a881a07088857826cb6ecded560Adobe Flash Player versions prior to 10.3.183.16 and 11.x before 11.1.102.63 suffer from an information disclosure vulnerability. This archive has research related to this issue, proof of concept source code, and a swf that demonstrates the issue.
a3e0acb403967ecb2ab50b95e92c7801505af37a7f830f9ad5119219170efa9fSecunia Security Advisory - Three vulnerabilities have been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system.
909f84dc8b10f0fce7fd54ca9bce838b12a680e1d7dea97fb66a31821cfab0e6Cisco Security Advisory - The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user. The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually installed for offline playback after downloading the application from www.webex.com. If the WRF player was automatically installed, it will be automatically upgraded to the latest, non-vulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install a new version of the player after downloading the latest version from www.webex.com. Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.
5a6fd0961849fbf9e0e2f35c8d9ff27609e9c090b4f86b93378ccddd00e0762d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed