Dangling Pointer
Topic: double-free, uninitialized data vulnerabilities in krb5kdc
CVE-2008-0062
VU#895609
Use of a null or dangling pointer in the MIT Kerberos KDC can result
in a crash or double-free, and may leak portions of process memory to
an attacker.
CVSSv2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C/E:P/RL:O/RC:C
Apache mod_isapi Dangling Pointer Vulnerability - Security Advisory -
SOS-10-002
Release Date. 5-Mar-2010
Last Update. -
Vendor Notification Date. 9-Feb-2010
Product. Apache HTTP Server
Platform. Microsoft Windows
Affected versions. 2.2.14 verified and
possibly others.
ZDI-11-103: Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-103
March 2, 2011
-- CVE ID:
CVE-2011-0055
-- CVSS:
discovered memory corruption bugs, which may lead to the execution
of arbitrary code.
CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
"regenrecht" discovered several dangling pointer vulnerabilities,
which may lead to the execution of arbitrary code.
CVE-2011-0067
Paul Stone discovered that Java applets could steal information
ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-171
September 13, 2010
-- CVE ID:
CVE-2010-3167
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
discovered memory corruption bugs, which may lead to the execution
of arbitrary code.
CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
"regenrecht" discovered several dangling pointer vulnerabilities,
which may lead to the execution of arbitrary code.
CVE-2011-0067
Paul Stone discovered that Java applets could steal information
ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-173
September 13, 2010
-- CVE ID:
CVE-2010-2760
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
ZDI-11-157: Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-157
May 9, 2011
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
ZDI-10-049: Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-049
April 2, 2010
-- CVE ID:
CVE-2010-0177
-- Affected Vendors:
Mozilla Firefox
vectors (CVE-2009-3075).
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not
properly manage pointers for the columns (aka TreeColumns) of a XUL
tree element, which allows remote attackers to execute arbitrary
code via a crafted HTML document, related to a dangling pointer
vulnerability. (CVE-2009-3077)
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey
before 2.0, does not properly handle a right-to-left override (aka
RLO or U+202E) Unicode character in a download filename, which allows
ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-031
March 16, 2010
-- Affected Vendors:
Apple
-- Affected Products:
Apple WebKit
ZDI-09-065: Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-065
September 10, 2009
-- CVE ID:
CVE-2009-3077
-- Affected Vendors:
Mozilla Firefox
VUPEN Security Research - Microsoft Office Excel Formula Record Dangling
Pointer Vulnerability (CVE-2010-3235)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Microsoft Office Excel is a powerful tool you can use to create and
ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-041
June 10, 2009
-- CVE ID:
CVE-2009-1532
-- Affected Vendors:
Microsoft
ZDI-09-088: Microsoft Internet Explorer IFrame Attributes Circular Reference Dangling Pointer Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-088
December 8, 2009
-- CVE ID:
CVE-2009-3674
-- Affected Vendors:
Microsoft
ZDI-10-048: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-048
April 2, 2010
-- CVE ID:
CVE-2010-0176
-- Affected Vendors:
Mozilla Firefox
with enough effort at least some of these could be exploited to run
arbitrary code (CVE-2011-2982).
Security researcher regenrecht reported via TippingPoint's Zero Day
Initiative that a SVG text manipulation routine contained a dangling
pointer vulnerability (CVE-2011-0084).
Mozilla security researcher moz_bug_r_a_4 reported a vulnerability in
event management code that would permit JavaScript to be run in the
wrong context, including that of a different website or potentially
in a chrome-privileged context (CVE-2011-2981).
VUPEN Security Research - Microsoft Internet Explorer "mshtml.dll" Dangling
Pointer Vulnerability (CVE-2011-0036)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
discovered memory corruption bugs, which may lead to the execution
of arbitrary code.
CVE-2011-0065 CVE-2011-0066 CVE-2011-0073
"regenrecht" discovered several dangling pointer vulnerabilities,
which may lead to the execution of arbitrary code.
CVE-2011-0067
Paul Stone discovered that Java applets could steal information
ZDI-10-070: Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-070
April 13, 2010
-- CVE ID:
CVE-2010-0268
-- Affected Vendors:
Microsoft
malicious page.
The specific flaw exists within the OnChannelRedirect method. When an
OBJECT element has no mChannel assigned, it is possible to call the
|OnChannelRedirect| method, setting a nearly arbitrary object as the
channel in use. |mChannel| will become a dangling pointer, allowing an
attacker to execute arbitrary code under the context of the user running
the browser.
-- Vendor Response:
Mozilla has issued an update to correct this vulnerability. More
ZDI-10-131: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-131
July 20, 2010
-- CVE ID:
CVE-2010-2753
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
PKCS11 module (CVE-2009-3076).
Mozilla Firefox before 3.0.14 does not properly manage pointers for the
columns (aka TreeColumns) of a XUL tree element, which allows remote
attackers to execute arbitrary code via a crafted HTML document,
related to a dangling pointer vulnerability. (CVE-2009-3077).
Visual truncation vulnerability in Mozilla Firefox before 3.0.14
allows remote attackers to trigger a vertical scroll and spoof URLs
via unspecified Unicode characters with a tall line-height property
(CVE-2009-3078).
Security researcher Paul Stone reported that a Java applet could be
used to mimic interaction with form autocomplete controls and steal
entries from the form history (CVE-2011-0067).
Security researcher regenrecht reported several dangling pointer
vulnerabilities via TippingPoint's Zero Day Initiative (CVE-2011-0065,
CVE-2011-0066, CVE-2011-0073).
Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
Two issues have been reported in pdnsd:
* The p_exec_query() function in src/dns_query.c does not properly
handle many entries in the answer section of a DNS reply, related to
a "dangling pointer bug" (CVE-2008-4194).
* The default value for query_port_start was set to 0, disabling UDP
source port randomization for outgoing queries (CVE-2008-1447).
Impact
|
