Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.
1b834a8034e8e9eb2a5c612ce032d3ceThis Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
a673fc29a3cf976653bc571ec7e98a0fThis Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
3aae8f1a871387793558f0a991da878cThis Metasploit module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7.
dc97219886104e2e0f19efe547d104d7This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
8d32c2e58191795b07f93bda0d49f7d6Microsoft Windows Vista/Server 2008 nsiproxy.sys local kernel denial of service exploit.
68def17344cd2acbddce0e4ca5f238c7The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application.
92cd55b8fe079cfffb6a7e5cdceb2fb1Microsoft Windows Vista / 7 privilege escalation exploit that has UAC bypass.
c47d612c00713e5ff16a5e3db8da5ad9Microsoft Windows Vista/7 suffers from a DLL hijacking vulnerability in lpksetup.exe.
7e4c34d2de94b275886a6a3f08e0c3f5Microsoft Windows Vista / Server 2008 suffer from a NtUserCheckAccessForIntegrityLevel use-after-free vulnerability.
fdba133e4a620dc779f96bacc2564474This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista.
7bb93b9e40ea4005796927bb1b961a45This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
3020f10279af4ec16b64a2fdc43b26b2This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw.
bd62fbcf8cbf9573b7dfd23935b5cdb8Lame Windows Vista / Windows 7 / Win2k8 R1 SP2 and beta R2 SMB 2.0 NEGOTIATE PROTOCOL REQUEST remote blue screen of death denial of service exploit.
578dbc974d2642ff92239f8888a5d53bWindows Vista/7 suffers from a denial of service vulnerability when passed a malformed SMB header for the NEGOTIATE PROTOCOL REQUEST. Proof of concept code included.
1a409754c9d0e146cf0525a53f91488aSecunia Security Advisory - A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to compromise a vulnerable system.
1e913517b0ae894c18f97153be9f7d2aiDefense Security Advisory 07.14.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Embedded OpenType Font Engine (T2EMBED.DLL) could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a malicious OpenType Font, an integer truncation issue can occur on a specific length value. This can result in a large overwrite of the heap using attacker controlled data. The attacker may gain arbitrary execution control by overwriting specific data structures on the heap, such as an object virtual function table. iDefense has confirmed the existence of this vulnerability in the Embedded OpenType Font Engine for Windows Vista SP1 (T2EMBED.DLL version 6.0.6001.18000) and Windows XP SP3 (T2EMBED.DLL version 5.1.2600.5512). Previous versions may also be affected.
779aa063fcc7380f50da5a7045798bbcSecunia Security Advisory - Some vulnerabilities have been reported in Windows 2008, Windows Vista, and Microsoft Windows Services for UNIX, which can potentially be exploited by malicious people to compromise a vulnerable system.
060e830c64b24426422918a75dbe1339Amaya 11 remote stack overflow exploit for Windows Vista that makes use of the bdo tag.
e0bf5b0002eeacfed68cd83785ca068dWhitepaper discussing DLL injection on Windows Vista (32bit). Includes an executable for injecting a DLL in a process of your choice and the original source code is in the pdf.
2c4bfd5356eb9e87d14ba4703cb6f270Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
eb14eb1e630b0456e829ee86f8811ef0The Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. Proof of concept test code included.
8d9062372b98a602f3a22fe236506963Secunia Security Advisory - Defsanguje has discovered a vulnerability in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
52c6602ffa771ac99367035758ce42efMicrosoft Windows Vista access violation from limited account denial of service blue screen of death exploit.
68e64c685219c6145071f4a9faebb354Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to cause a DoS (Denial of Service).
51a4560bf0058effa9dd9af806f5d4f3
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed