<< Previous Next >>
stack overflow
VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow
Vulnerability (CVE-2010-0822)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
ZDI-08-013: Novell eDirectory for Linux Stack Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-013
March 26, 2008
-- CVE ID:
CVE-2008-0924
-- Affected Vendors:
Novell
Application: 3S CoDeSys
http://www.3s-software.com/index.shtml?en_CoDeSysV3_en
Versions: <= 3.4 SP4 Patch 2
Platforms: Windows
Bugs: A] GatewayService integer overflow
B] CmpWebServer stack overflow
C] CmpWebServer Content-Length NULL pointer
D] CmpWebServer invalid HTTP request NULL pointer
E] CmpWebServer folders creation
Exploitation: remote
Date: 29 Nov 2011
We use flayer to trace the malformed tiff image and the flayer gives the following suggestions:
==1812== Warning: client syscall shmdt tried to modify addresses 0xFFFFFFFF-0xFFFFFFFF
==1812== Warning: set address range perms: large range 325120064 (defined)
==1812== Stack overflow in thread 1: can't grow stack to 0xBE394FAC
==1812==
==1812== Process terminating with default action of signal 11 (SIGSEGV)
==1812== Access not within mapped region at address 0xBE394FAC
==1812== at 0x484D407: (within /usr/lib/libX11.so.6.3.0)
==1812== Stack overflow in thread 1: can't grow stack to 0xBE394FA8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Poppler is vulnerable to an integer overflow and a stack overflow.
Background
==========
Poppler is a cross-platform PDF rendering library originally based on
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
gif2png contains a stack overflow vulnerability when parsing command
line arguments.
Background
==========
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-078
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
On 12/8/2007 at 1:54 AM gforce@operamail.com wrote:
>#!/bin/perl
>#
># Media Player Classic 6.4.9 MP4 Stack Overflow
>#
># 0-day discovered and exploited by SYS 49152
>#
># Tested on win XP SP2 ENG
># Shell on port 49152
Solaris USB configuration descriptor kernel stack overflow (CVE-2011-2295)
25 July 2011
Andy Davis of NGS Secure has discovered a High risk vulnerability in Oracle Solaris. A local attacker can send a malformed USB configuration descriptor via a malicious USB device and trigger a kernel stack overflow, which could potentially result in arbitrary code execution.
Versions affected include:
Solaris 8, 9, 10, and 11 Express
This issue is addressed in the Oracle Critical Patch Update Advisory - July 2011, which is available at the following URL:
ZDI-08-028: IBM Lotus Sametime Community Services Multiplexer Stack
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-028
May 21, 2008
-- Affected Vendors:
IBM
-- Affected Products:
IBM Lotus Sametime
[*] Product : Audiotran
[*] Version : 1.4.1
[*] Vendor : E-Soft
[*] URL : http://www.e-soft.co.uk/Audiotran.htm
[*] Platform : Windows
[*] Type of vulnerability : Stack overflow
[*] Risk rating : Medium
[*] Issue fixed in version : not fixed
[*] Vulnerability discovered by : Sebastien Duquette
[*] Greetings to : corelanc0d3r, rick2600, mr_me & MarkoT from Corelan Team
SEC Consult Vulnerability Lab Security Advisory < 20110407-0 >
=======================================================================
title: Libmodplug ReadS3M Stack Overflow
product: Libmodplug library
vulnerable version: 0.8.8.1
fixed version: 0.8.8.2
impact: critical
homepage: http://modplug-xmms.sourceforge.net/
found: 2011-03-09
by: M. Lucinskij, P. Tumenas /
----------------------------------------------------------------------
IRM Security Advisory 024
Cisco IOS LPD Remote Stack Overflow
Vulnerability Type / Importance: Remote Code Execution / High
Problem Discovered: 30 July 2007
Vendor Contacted: 30 July 2007
Advisory Published: 10 October 2007
#!/bin/perl
#
# Nullsoft Winamp MP4 tags Stack Overflow
#
# 0-day discovered and exploited by SYS 49152
#
# Tested on win XP SP2 ENG
# Tuned for Nullsoft Winamp 5.32 d.i.
# Shell on port 49152
#
Application: Microsoft HTML Help
http://www.microsoft.com
Versions: <= 6.1
Platforms: Windows (any version included the latest Windows 7)
Bug: stack overflow
Date: 12 Apr 2011 (found 20 Feb 2011)
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-052
August 7, 2009
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates Unicenter Software Delivery
Product: eDirectory for Windows
Version: 8.8 SP5
Vulnerability: Stack Overflow
Description:
Vulnerability is in "/dhost/httpstk"
This vulnerability allows remote attackers to execute arbitrary code
Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow
Impact: Remote code execution
Version: <= 1.7.2 beta 3
Description
Grabit is a popular Windows usenet client designed for downloading
binary files. It has support for NZB files, which a user would usually
acquire from an external source. Version 1.7.2 beta 3 is vulnerable to a
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack
Overflow Vulnerability (CVE-2011-0034)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Windows is a series of software operating systems and graphical
ZDI-08-029: Trillian AIM.DLL Long HTML Font Parameter Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-029
May 21, 2008
-- Affected Vendors:
Cerulean Studios
-- Affected Products:
Cerulean Studios Trillian
ZDI-08-046: RealNetworks RealPlayer Library File Deletion Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-046
July 25, 2008
-- CVE ID:
ZDI-CAN-231
-- Affected Vendors:
RealNetworks
VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack
Overflow Vulnerability
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
TheGreenBow VPN Client Local Stack Overflow Vulnerability - Security
Advisory - SOS-10-001
Release Date. 21-Jan-2010
Vendor Notification Date. 11-Dec-2009
Product. TheGreenBow VPN Client
Platform. Microsoft Windows
Affected versions. 4.65.003, 4.51.001 verified and
ZDI-07-068: Apple QuickTime Uncompressedfile Opcode Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-068.html
November 5, 2007
-- CVE ID:
CVE-2007-4672
-- Affected Vendor:
Apple
ZDI-07-050: Trend Micro ServerProtect RPCFN_SetComputerName() Stack
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-050.html
September 7, 2007
-- CVE ID:
CVE-2007-4218
-- Affected Vendor:
Trend Micro
Baidu Hi IM software parsing plaintext stack overflow
-- CVE ID:
Not assigned
-- Affected Vendors:
Baidu
-- Affected Products:
Baidu Hi IM software
ZDI-09-091: Hewlett-Packard Application Recovery Manager MSG_PROTOCOL Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-091
December 8, 2009
-- CVE ID:
CVE-2009-3844
-- Affected Vendors:
Hewlett-Packard
ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack
Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-012
March 13, 2008
-- CVE ID:
CVE-2008-0727
-- Affected Vendors:
IBM
From http://securitytracker.com/alerts/2008/Dec/1021296.html:
Version(s): prior to 0.94.2
Description: A vulnerability was reported in Clam AntiVirus. A remote user can cause denial of service conditions on the target system.
A remote user can create a specially crafted JPEG file that, when processed by the target system, will trigger a stack overflow and cause the Clam AntiVirus process to crash.
Ilja van Sprundel reported this vulnerability.
Impact: A remote user can create a JPEG file that, when processed by the target application, will cause the target application to crash.
Solution: The vendor has issued a fixed version (0.94.2).
ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-177
September 14, 2010
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
IBM
<<Previous Next>>
|
