Next Page >>
Code Audit
DESCRIPTION:
============
Code Audit Labs Code Audit for BlueSkyCat ActiveX Control and discovered
a vulnerability .
Remote exploitation of a buffer overflow in an ActiveX control
distributed
with Bluesky.cn could allow for the execution of arbitrary code.
CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities
Code Audit Labs (http://www.vulnhunt.com) Code Audit for some popular
media player and discovered some vulnerabilities.
one heap overflow was discovered in MPlayer.
one heap overflow and one integer overflow were discovered in media
player classic(mpc) and other produces base on mpc like mympc and
StormPlayer).
CAL ID: CAL-2011-0052
CVE ID: CVE-2011-2446
Discover: instruder of code audit labs of vulnhunt.com
http://www.adobe.com/support/security/bulletins/apsb11-27.html
1 Affected Products
=================
[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow
Discover: instruder of code audit labs of vulnhunt.com
CAL: CAL-2011-0071
CVE: CVE-2012-0758
http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0071_adobe-shockwave-player-parsing-cupt-atom-heap-overflow/
adobe security bulletins
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory
corruption vulnerability
Discover: instruder of code audit labs of vulnhunt.com
CAL: CAL-2011-0055
CVE: CVE-2012-0759
http://blog.vulnhunt.com/index.php/2012/02/15/cal-2011-0055_adobe-shockwave-player-parsing-block_cout-memory-corruption-vulnerability/
2 Vulnerability Details
=====================
Code Audit Labs http://www.vulnhunt.com has discovered a integer
overflow vulnerability in array functions like
Int32Array,Int16Array... .
Opear vendor say "We have reproduced the problem, and determined that it
does not have any security implications, since the crash is a caused by
[CAL-2011-0054]Adobe Shockwave Player Director File Parsing data of rcsl
chunk multiple DOS vulnerabilities
CAL_ID: CAL-2011-0054
CVE ID: CVE-2011-2448
Discover: instruder of code audit labs of vulnhunt.com
http://www.adobe.com/support/security/bulletins/apsb11-27.html
1 Affected Products
=================
Vulnerability Details
=====================
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
Vulnerability Details
=====================
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
allows remote attackers to execute code on vulnerable
installations of Adobe's Shockwave Player. User interaction is required
in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
Vulnerability Details
=====================
Code Audit Labs http://www.vulnhunt.com has discovered a vulnerability
on vulnerable installations of Adobe's Shockwave Player. User
interaction is required in that a user must visit a malicious web site.
The specific flaw exists when the Shockwave player attempts to load a
specially crafted Adobe Director File.
* Bugfixes:
Any spotted bugs have been fixed. Please refer to
the CHANGES files supplied with the individual modules for details.
* Code Audit:
A large amount of outdated or unused code has been idenfied and removed or
replaced.
Compatibility of NASL NVTs and the OpenVAS Feed Service:
The available NVT package (openvas-plugins) and OpenVAS Feed which provides more
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
09/17/2009 Vendor response.
01/12/2010 Coordinated public disclosure.
IX. CREDIT
This vulnerability was reported to iDefense by Code Audit Labs
http://www.vulnhunt.com.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
11/24/2008 - Status update from Vendor
01/12/2009 - Coordinated Public Disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Code Audit Labs
(http://vulnhunt.com).
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
06/20/2007 Initial vendor response
08/21/2007 Coordinated public disclosure
IX. CREDIT
These vulnerabilities were discovered by Code Audit Labs, Jun Mao
(iDefense Labs), and two researchers that wish to remain anonymous.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
http://www.vupen.com/english/services/ba-index.php
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
VUPEN Binary Analysis & Exploits Service provides private exploits and
in-depth technical analysis of the most significant public vulnerabilities
based on disassembly, reverse engineering, protocol analysis, and code
audit.
The service allows governments and major corporations to evaluate risks, and
protect infrastructures and assets against new threats. The service also
allows security vendors (IPS, IDS, AntiVirus) to supplement their internal
research efforts and quickly develop both vulnerability-based and
Next Page>>
|
