Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
1b834a8034e8e9eb2a5c612ce032d3ceThis paper demonstrates how to ARP poison a connection between Windows 7 and Windows 2008 R2 Server using Cain.
ef9266998c0a638d9a127633eb6b3263Comodo Internet Security versions until 5.9 suffered from a blue screen of death denial of service condition on Microsoft Windows 7 x64 if a 32b PE with a kernel ImageBase is executed.
2661aaf906b34a13596c4af7c97648d7Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed.
1fb57fab41ee6a44aa310f4553584d3dThis Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
a673fc29a3cf976653bc571ec7e98a0fMandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in mozilla firefox and thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. Security researcher Soroush Dalili reported a way to bypass this protection. Security researcher Atte Kettunen from OUSPG found two issues with Firefox's handling of SVG using the Address Sanitizer tool. Various other issues were also addressed.
23014a225a6dad404a28410b6c4a04bcThis Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
ebd008dd8851adbc04a4fd4966eddd59This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
3aae8f1a871387793558f0a991da878cWhitepaper called Bypassing Windows 7 Kernel ASLR. In this paper, the author explains every step to code an exploit with a useful kernel ASLR bypass. Successful exploitation is performed on Windows 7 SP0 / SP1.
defeccd4921f777f49317eddd9b03190This Metasploit module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7.
dc97219886104e2e0f19efe547d104d7This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
8d32c2e58191795b07f93bda0d49f7d6Mozilla Firefox version 3.6.16 mChannel Object use-after-free exploit for Windows 7.
515bde32dc4b5941183512d203cc1802Microsoft Windows 7 Ultimate SP1 32 bit and 64 bit suffers from a RPC denial of service vulnerability due to mishandling of malformed DHCPv6 packets.
da632209ce74b10060375b4448c3ebacThe 64 Bit Cisco VPN Client for Windows 7 is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges.
6f571c29575fc6937d4b8ca7e57c2d22KMPlayer version 3.0.0.1440 buffer overflow exploit that creates a malicious .mp3 file. It is written for Windows 7 and has ASLR bypass.
fde989a2d36d383d64e9f7382968b117This Metasploit module exploits a stack buffer overflow in Magix Musik Maker 16. When opening a specially crafted arrangement file (.mmm) in the application, an unsafe strcpy() will allow you to overwrite a SEH handler. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7. Egghunter is used, and might require up to several seconds to receive a shell.
570e91a977ec5caabe84bd083c0b5756This Metasploit module exploits a stack buffer overflow in MJM QuickPlayer 1.00 beta 60a and QuickPlayer 2010 (Multi-target exploit). When opening a malicious s3m file in one of these 2 applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.
26923cb503840c5307da191b999e0d76This Metasploit module exploits a stack buffer overflow in MJM Core Player 2011 When opening a malicious s3m file in this applications, a stack buffer overflow can be triggered, resulting in arbitrary code execution. This exploit bypasses DEP & ASLR, and works on XP, Vista & Windows 7.
20bedf4e31c1f9ca93bc6df99db159c9This Metasploit module exploits a stack buffer overflow in Wireshark versions 1.4.4 and below. When opening a malicious .pcap file in Wireshark, a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR and works on XP, Vista & Windows 7.
a5deb27f59ac34243335eeaf00573514The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.
92cd55b8fe079cfffb6a7e5cdceb2fb1This Metasploit module exploits a stack buffer overflow in Video Spirit versions 1.70 and below. When opening a malicious project file (.visprj), a stack buffer overflow occurs, resulting in arbitrary code execution. This exploit bypasses DEP and ASLR, and works on XP, Vista & Windows 7.
87f690a7f1a3b500a38864a74c60abdbInfoSec Institute security researcher Alec Waters has just released a new article on SLAAC Attacks. The basic premise is to use the default network configuration found on all Windows 7 (as well as Server 2008, Vista) installations to intercept and hijack all network traffic without any user knowledge or interaction.
0303b846dd3a828f945b69fb29c223edWhitepaper called Windows 7/2008 Event Log Forensic and Reversing Analysis.
3674019074b68ec149e014050a342204Whitepaper called Kernel Pool Exploitation on Windows 7.
070adc9e8040a0120fcbdfedd94ce5f6Windows 7 IIS 7.5 FTPSVC UNAUTH'd remote denial of service proof of concept exploit.
cc33d32a7d48e8ef6a09b108ae1969c0
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed