Next Page >>
stack overflow
error handlers of the affected application. Exploitation would be
achieved by overwriting pointers in memory with arbitrary values stored
inside the FLAC file or hard coded addresses in DLL files that directing
code execution toward the attacker's payload.
Vulnerability #3: VORBIS Comment String Size Length Stack Overflow
This is due to predetermined buffer sizes in applications when handling
data in the VORBIS Comment Metadata block. By inserting an overly long
VORBIS Comment data string along with an large VORBIS Comment data
string size value (such as 0x000061A8 followed by 25,050 A's),
applications that do not properly apply boundary checks will result in a
Application: Sunway ForceControl
http://www.sunwayland.com.cn/pro.asp
Versions: <= 6.1 sp3 with AngelServer and WebServer updated
Platforms: Windows
Bugs: various stack overflows
directory traversals
third party ActiveX code execution
various Denials of Service
Exploitation: remote
Date: 22 Sep 2011
Vulnerabilities
http://community.ca.com/blogs/casecurityresponseblog/archive/2008/06/04.aspx
Reported By:
Sebastian Apelt working with ZDI/TippingPoint
Cody Pierce, TippingPoint DVLabs
CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-036/
CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-035/
Application: jetAudio 7.0.5 (.ASX) Remote Stack Overflow
Web Site: http://www.cowonamerica.com/download/
Platform: Windows
Bug:Remote Stack Overflow
Extension: ASX
special condition: none
-------------------------------------------------------
1) Introduction
#####################################################################################
Application: Lexmark Multiple Laser Printer Remote Stack Overflow
Platforms: Lexmark Multiple Laser printer
Exploitation: Remote Exploitable
CVE Number: CVE-2010-0619
Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:
http://intellishield.cisco.com/security/alertmanager/cvss
CSCsj74818 - DNS Response Parsing Stack Overflow
CVSS Base Score - 10.0
Access Vector - Network
Access Complexity - Low
Authentication - None
Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
A remote code execute vulnerability exists in Microsoft Jet
Engine. A remote attacker who successfully exploit this vulnerability
=======
Summary
=======
Name: Solaris 11 USB hub class descriptor kernel stack overflow
Release Date: 2 November 2011
Reference: NGS00042
Discoverer: Andy Davis <andy.davis@ngssecure.com>
Vendor: Oracle
Vendor Reference:
Systems Affected: Solaris 8, 9, 10, and 11 Express
############################################
K-Meleon for windows about:neterror Stack Overflow DoS
Vendor URL:http://kmeleon.sourceforge.net/
Advisore:http://lostmon.blogspot.com/2010/08/k-meleon-for-windows-aboutneterror-dos.html
Vendor notified:Yes exploit available: YES
############################################
K-Meleon is an extremely fast, customizable, lightweight web browser
based on the Gecko layout engine developed by Mozilla which is also
used by Firefox. K-Meleon is free, open source software released under
http://www.cytel.com/Software/StatXact.aspx
http://www.cytel.com/Software/LogXact.aspx
http://www.cytel.com/Software/Crossover.aspx
Versions: <= 9.0.0
Platforms: Windows
Bugs: A] strings stack overflow
B] rows integer overflow
C] CYB USE stack overflow
Exploitation: file
Date: 02 Oct 2011
Author: Luigi Auriemma
Application: Siemens SIMATIC WinCC flexible (Runtime)
http://www.automation.siemens.com/mcms/human-machine-interface/en/visualization-software/wincc-flexible/wincc-flexible-runtime/Pages/Default.aspx
Versions: 2008 SP2 + security patch 1
Platforms: Windows
Bugs: A] HmiLoad strings stack overflow
B] HmiLoad directory traversal
C] HmiLoad various Denials of Service
D] miniweb directory traversal
E] miniweb arbitrary memory read access
Exploitation: remote
Hi,
Also crashes Firefox 3.06 (latest), Stack overflow. (to not be confused
with stack buffer overflow)
Thu Feb 5 18:46:13.828 2009 (GMT+1): (15d8.17ec): Stack overflow - code c00000fd (first chance)
eax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60
eip=604fcc8f esp=00032fa0 ebp=0003304c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
=======
Summary
=======
Name: Unauthenticated Stack Overflow in SNMPc
Release Date: 30 April 2008
Reference: NGS00526
Discover: Wade Alcorn <wade@ngssoftware.com> and John Heasman
<john@ngssoftware.com>
Vendor: Castle Rock Computing
Systems Affected: SNMPc versions 7.1 and earlier
TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability
http://dvlabs.tippingpoint.com/advisory/TPTI-07-20
November 12, 2007
-- CVE ID:
CVE-2007-4674
-- Affected Vendor:
Apple
#!/bin/perl
#
# Windows media player 6.4 MP4 Stack Overflow
#
# 0-day discovered and exploited by SYS 49152
#
# Tested on win XP SP2 ENG
# Shell on port 49152
#
# usage:
ZDI-09-078: Sun Java Runtime AWT setDifflCM Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-078
November 4, 2009
-- Affected Vendors:
Sun Microsystems
-- Affected Products:
Sun Microsystems Java Runtime
Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow
Impact: Remote code execution
Version: <= 1.7.2 beta 3
Description
Grabit is a popular Windows usenet client designed for downloading
binary files. It has support for NZB files, which a user would usually
acquire from an external source. Version 1.7.2 beta 3 is vulnerable to a
Release mode: Coordinated release
*Vulnerability Information*
Class: Stack Overflow
Remotely Exploitable: Yes (client side)
Locally Exploitable: No
Bugtraq ID: 29517
CVE Name: CVE-2008-2542
VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow
Vulnerability (CVE-2010-1246)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Office Excel is a powerful tool you can use to create and
this case from ipcomp->comp_nxt. m is the mbuf structure adjusted to point to
the unpacked payload.
The unpacked packet is dispatched to the appropriate protocol handler
directly from the ipcomp protocol handler. This recursive implementation fails
to check for stack overflow, and is therefore vulnerable to a remote
pre-authentication kernel memory corruption vulnerability.
The NetBSD/KAME network stack is used as basis for various other
operating systems, such as Xnu, FTOS, various embedded devices and
network appliances, and earlier versions of FreeBSD/OpenBSD (the code
ZDI-08-013: Novell eDirectory for Linux Stack Overflow
http://www.zerodayinitiative.com/advisories/ZDI-08-013
March 26, 2008
-- CVE ID:
CVE-2008-0924
-- Affected Vendors:
Novell
On 8 Dec 2007 01:54:52 -0000, <gforce@operamail.com> wrote:
> #!/bin/perl
>
> #
>
> # Media Player Classic 6.4.9 MP4 Stack Overflow
Did this ever get reported to Gulverkli? Your mailing doesn't appear
to acknowledge that fact or not.
SEC Consult Vulnerability Lab Security Advisory < 20110407-0 >
=======================================================================
title: Libmodplug ReadS3M Stack Overflow
product: Libmodplug library
vulnerable version: 0.8.8.1
fixed version: 0.8.8.2
impact: critical
homepage: http://modplug-xmms.sourceforge.net/
found: 2011-03-09
by: M. Lucinskij, P. Tumenas /
In computing, ZFS is a combined file system and logical volume manager designed by Sun Microsystems. The features of ZFS include support for high storage capacities, integration of the concepts of filesystem and volume management, snapshots and copy-on-write clones, continuous integrity checking and automatic repair, RAID-Z and native NFSv4 ACLs.
- --- 1. Sun Solaris 10 filesystem rm(1),find(1),etc, Denial-of-service ---
We can create, deep tree and when we will remove, scan or something else with this tree, affected program will crash with stack overflow sympton
PoC:
# perl -e '$a="X";for(1..8000){ ! -d $a and mkdir $a and chdir $a }'
we need use 1..8000 or bigger value to make stack overflow.
[*] Product : Audiotran
[*] Version : 1.4.1
[*] Vendor : E-Soft
[*] URL : http://www.e-soft.co.uk/Audiotran.htm
[*] Platform : Windows
[*] Type of vulnerability : Stack overflow
[*] Risk rating : Medium
[*] Issue fixed in version : not fixed
[*] Vulnerability discovered by : Sebastien Duquette
[*] Greetings to : corelanc0d3r, rick2600, mr_me & MarkoT from Corelan Team
#!/bin/perl
#
# Media Player Classic 6.4.9 MP4 Stack Overflow
#
# 0-day discovered and exploited by SYS 49152
#
# Tested on win XP SP2 ENG
# Shell on port 49152
#
# usage:
On 12/8/2007 at 1:54 AM gforce@operamail.com wrote:
>#!/bin/perl
>#
># Media Player Classic 6.4.9 MP4 Stack Overflow
>#
># 0-day discovered and exploited by SYS 49152
>#
># Tested on win XP SP2 ENG
># Shell on port 49152
ZDI-07-051: Trend Micro ServerProtect TMregChange() Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-051.html
September 7, 2007
-- CVE ID:
CVE-2007-4731
-- Affected Vendor:
Trend Micro
ZDI-09-052: CA Unicenter Software Delivery dtscore.dll Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-052
August 7, 2009
-- Affected Vendors:
Computer Associates
-- Affected Products:
Computer Associates Unicenter Software Delivery
ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-040
-- CVE ID:
CVE-2008-1444
-- Affected Vendors:
Microsoft
Next Page>>
|