This Metasploit module exploits an unsafe Javascript API implemented in Foxit PDF Reader version 4.2. The createDataObject() Javascript API function allows for writing arbitrary files to the file system. This issue was fixed in version 4.3.1.0218. Note: This exploit uses the All Users directory currently, which required administrator privileges to write to. This means an administrative user has to open the file to be successful. Kind of lame but thats how it goes sometimes in the world of file write bugs.
0a5eec385cb35fcdc29d85f762cafb84Interesting blog entry that discusses how a glibc alloca()-based memory corruption vulnerability allowed for code execution.
e56c4d56e87ef64c4b60687bca94b955Microsoft Internet Explorer suffers from a cross-origin leak vulnerability.
14d1c372a570dedccc3158153e8fac77Microsoft Internet Explorer 8 suffers from a vulnerability that allows an arbitrary web site the ability to force a victim to make tweets.
51e26942b1d61bf8696ece2a57b00b66The mimeTeX and mathTeX CGIs suffer from several buffer overflows as well as command injection which result in remote code execution. Unfortunately mimeTeX and mathTex are provided without version numbers by the maintainer, who releases version-less zip archives. It is therefore impossible to provide affected version numbers.
c7054415cf4b97f427efeec7cef352edApple Safari versions prior to 4 may permit an evil web page to steal files from the local system by mounting an XXE attack against the parsing of the XSL XML.
0c66cbfa46563336f3729fe78925cd1dLittleCMS versions prior to 1.18beta2 suffers from various integer and buffer overflows as well as memory leak errors.
bb38dbc806d63d06a94a21d1530a58fcThere is a trick which may permit the bypassing of policies in technologies which do syscall filtering on the Linux x86_64 kernel. The trick is made possible by the fact that the 32-bit and 64-bit kernel tables are different, combined with the fact that a 64-bit process can make a 32-bit syscall and visa versa. The syscall "number" check can get confused and permit a syscall it did not intend to.
9bb2e29345e0e8c679ca3e5aadf00d06Firefox versions 2.0.0.18 and below and WebKit nightly are affected by a cross-domain arbitrary image theft vulnerability.
a5218b3dbe84d9457e5d725d2e5b90c9The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is present in the rc4 encryption/decryption functions. Versions 1.1.8 and above and 1.1.24 and below are affected.
ea8f4cce63201c78ac95cd6868a0d632A couple more JPEG ICC parsing bugs were fixed in the latest JDK updates. Link to a malicious JPEG included.
6ebec7c73d336738ee4a30a00c038842Ghostscript versions 8.61 and below suffer from a stack-based buffer overflow in the zseticcspace() function in zicc.c.
e8908af1dfabf34c4b2eab9ea0ace408Mandrake Linux Security Update Advisory - Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like cups which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution.
dbbeceb18f4a83c657d4ce2e53f6f3b8gtk+ version 2.4.4 has heap and stack-based overflows that can allow for the compromise of an account used to browse a malicious XPM file.
85691971eba050ddab22aac301a8a167libXpm versions below 6.8.1 suffer from multiple stack and integer overflows.
aab6715e16b3b1a7e49bc762fd4978deqt version 3.3.2 has a heap overflow in its BMP parser.
51d0163515f11d4578a9278f3d4ba12dlibpng version 1.2.5 is susceptible to stack-based buffer overflows and various other code concerns.
127f70ce6d41af038f6c102662444fe0A DoS condition exists in the Linux kernel knfsd server. Remote, unauthenticated users (i.e. those with neither a directory mounted nor permission to mount one) can OOPS the host kernel. The OOPS does not bring down the target host, but it is possible to render the NFS service inoperable until a reboot.
44a8e293d5fe62f2d80a2512396da07c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed