<< Previous Next >>
overflows
>
> Application: Winamp
> http://www.winamp.com
> Versions: <= 5.61
> Platforms: Windows
> Bugs: A] in_midi Controller messages heap overflow
> B] in_midi Note On messages heap overflow
> C] in_midi MTrk heap overflow
> Date: 27 Jun 2011
> Author: Luigi Auriemma
> e-mail: aluigi@autistici.org
http://www.cytel.com/Software/StatXact.aspx
http://www.cytel.com/Software/LogXact.aspx
http://www.cytel.com/Software/Crossover.aspx
Versions: <= 9.0.0
Platforms: Windows
Bugs: A] strings stack overflow
B] rows integer overflow
C] CYB USE stack overflow
Exploitation: file
Date: 02 Oct 2011
Author: Luigi Auriemma
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Corel Paint Shop Pro Photo X2 FPX Heap Overflow
1. *Advisory Information*
Title: Corel Paint Shop Pro Photo X2 FPX Heap Overflow
Problem Description:
Multiple vulnerabilities has been found and corrected in xpdf:
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
A buffer underflow in Ghostscript's CCITTFax decoding filter allows
remote attackers to cause denial of service and possibly to execute
arbitrary by using a crafted PDF file (CVE-2007-6725).
Buffer overflow in Ghostscript's BaseFont writer module allows
remote attackers to cause a denial of service and possibly to execute
arbitrary code via a crafted Postscript file (CVE-2008-6679).
Multiple interger overflows in Ghostsript's International Color
Consortium Format Library (icclib) allows attackers to cause denial
Problem Description:
Multiple vulnerabilities has been found and corrected in xpdf:
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x
before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers
to execute arbitrary code via a crafted PDF document that triggers a
heap-based buffer overflow. NOTE: some of these details are obtained
from third party information. NOTE: this issue reportedly exists
because of an incomplete fix for CVE-2009-1188 (CVE-2009-3603).
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VNC Multiple Integer Overflows
1. *Advisory Information*
Title: VNC Multiple Integer Overflows
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10,
and 8.04 LTS. (CVE-2008-5233)
It was discovered that the QT demuxer in xine-lib did not correctly handle
an invalid metadata atom size, resulting in a heap-based buffer overflow. If a
user or automated system were tricked into opening a specially crafted MOV file,
an attacker could execute arbitrary code as the user invoking the program.
(CVE-2008-5234, CVE-2008-5242)
It was discovered that the Real, RealAudio, and Matroska demuxers in xine-lib
1. *Advisory Information*
Title: Amaya web editor XML and HTML parser vulnerabilities
Advisory ID: CORE-2008-1211
Advisory URL: http://www.coresecurity.com/content/amaya-buffer-overflows
Date published: 2009-01-28
Date of last update: 2009-01-26
Vendors contacted: INRIA
Release mode: Coordinated release
First of all, to make a polymorphic code we have to be sure we have all the
requirements to achieve the concept that a polymorphic code must be
unpredictable, and it means random. I choose the MS02-039[1], because I have
all the requirements for this proof of concept:
1. Microsoft Windows Buffer Overflow[2];
2. Buffer to overflow is not too big;
3. More than just one Return Address[3];
4. Incredible high number of writable addresses only in
SQLSORT.DLL[4].
Problem Description:
Multiple vulnerabilities have been found in Qemu.
Multiple heap-based buffer overflows in the cirrus_invalidate_region
function in the Cirrus VGA extension in QEMU 0.8.2, as used in Xen and
possibly other products, might allow local users to execute arbitrary
code via unspecified vectors related to attempting to mark non-existent
regions as dirty, aka the bitblt heap overflow. (CVE-2007-1320)
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
NASA BigView Stack Buffer Overflow
*Advisory Information*
Title: NASA BigView Stack Buffer Overflow
> Autonomy Keyview Folio Flat File Parsing Buffer Overflows
> Autonomy Keyview Applix Graphics Parsing Vulnerabilities
> Autonomy Keyview EML Reader Buffer Overflows
> activePDF DocConverter Folio Flat File Parsing Buffer Overflows
> activePDF DocConverter Applix Graphics Parsing Vulnerabilities
> Lotus Notes Applix Graphics Parsing Vulnerabilities
> Lotus Notes Folio Flat File Parsing Buffer Overflows
> Lotus Notes EML Reader Buffer Overflows
> Lotus Notes kvdocve.dll Path Processing Buffer Overflow
> Lotus Notes htmsr.dll Buffer Overflows
>
>
> On Tue, Apr 15, 2008 at 10:20 AM, Luigi Auriemma <aluigi@autistici.org>
> wrote:
>
> > > Autonomy Keyview Folio Flat File Parsing Buffer Overflows
> > > Autonomy Keyview Applix Graphics Parsing Vulnerabilities
> > > Autonomy Keyview EML Reader Buffer Overflows
> > > activePDF DocConverter Folio Flat File Parsing Buffer Overflows
> > > activePDF DocConverter Applix Graphics Parsing Vulnerabilities
> > > Lotus Notes Applix Graphics Parsing Vulnerabilities
Release mode: Coordinated release
*Vulnerability Information*
Class: Heap overflow, integer overflow
Remotely Exploitable: No
Locally Exploitable: No
Bugtraq ID: 28006, 28005
CVE Name: CVE-2008-0986, CVE-2008-0985, CVE-2006-5793, CVE-2007-2445,
CVE-2007-5267, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
PCRE is vulnerable to multiple buffer overflow and memory corruption
vulnerabilities, possibly leading to the execution of arbitrary code.
Background
==========
Synopsis
========
PHP contains several vulnerabilities including buffer and integer
overflows which could lead to the remote execution of arbitrary code.
Background
==========
PHP is a widely-used general-purpose scripting language that is
Asterisk Project Security Advisory - AST-2007-022
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Buffer overflows in voicemail when using IMAP |
| | storage |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Remotely and locally exploitable buffer overflows |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Remote stack overflow [CWE-120], Null pointer dereference
[CWE-476], Improper input validation [CWE-20]
Impact: Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2011-1865, CVE-2011-1514, CVE-2011-1515
Application: Sunway ForceControl
http://www.sunwayland.com.cn/pro.asp
Versions: <= 6.1 sp3 with AngelServer and WebServer updated
Platforms: Windows
Bugs: various stack overflows
directory traversals
third party ActiveX code execution
various Denials of Service
Exploitation: remote
Date: 22 Sep 2011
Title:
======
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability
Date:
=====
2012-03-08
------------------------------------------------------------------------
.NET Framework EncoderParameter integer overflow vulnerability
------------------------------------------------------------------------
Yorick Koster, September 2011
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An integer overflow vulnerability has been discovered in the
EncoderParameter class of the .NET Framework. Exploiting this
'=.|w|.='
_='`"``=.
presents..
ChemviewX ActiveX Control Multiple Stack Overflows
Versions affected: v1.9.5
+-----------+
|Description|
+-----------+
1. *Advisory Information*
Title: Novell iManager Multiple Vulnerabilities
Advisory Id: CORE-2010-0316
Advisory URL:
[http://www.coresecurity.com/content/novell-imanager-buffer-overflow-off-by-one-vulnerabilities]
Date published: 2010-06-23
Date of last update: 2010-06-23
Vendors contacted: Novell
Release mode: User release
Problem Description:
Multiple vulnerabilities has been discovered and fixed in tetex:
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to
cause a denial of service (memory corruption and crash) via a long
.bib bibliography file (CVE-2009-1284).
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc
in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier, CUPS 1.3.9 and earlier, and other products allow
remote attackers to cause a denial of service (crash) via a
crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2)
JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap
(CVE-2009-0146, CVE-2009-0147).
------------------------------------------------------------------------
yTNEF/Evolution TNEF Attachment decoder plugin directory traversal &
buffer overflow vulnerabilities
------------------------------------------------------------------------
Yorick Koster, June 2009
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
A memory leak flaw allows remote attackers to cause a denial of service
(memory consumption and application crash) via a crafted image file
(CVE-2009-0581).
Multiple integer overflows allow remote attackers to execute arbitrary
code via a crafted image file that triggers a heap-based buffer
overflow (CVE-2009-0723).
Multiple stack-based buffer overflows allow remote attackers to
execute arbitrary code via a crafted image file associated with a large
Synopsis
========
PHP contains several vulnerabilities including buffer and integer
overflows which could lead to the remote execution of arbitrary code.
Background
==========
PHP is a widely-used general-purpose scripting language that is
<<Previous Next>>
|
