Integer overflow

Integer overflow in X MultiMedia System xmms 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption...

CVE-2007-0654

Integer underflow in X MultiMedia System xmms 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow...

Design/Logic Flaw

Integer underflow in X MultiMedia System xmms 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow...

CVE-2007-0654

XMMS 1.2.10 contains an integer underflow in the BMP skin header processing, leading to a stack-based buffer overflow that enables remote code execution. Affected files: the skin bitmap handling code within XMMS; impact includes arbitrary code execution on the affected system. Public advisories a...

xmms -- Integer Overflow And Underflow Vulnerabilities

Secunia reports: Secunia Research has discovered two vulnerabilities in XMMS, which can be exploited by malicious people to compromise a user's system. 1 An integer underflow error exists in the processing of skin bitmap images. This can be exploited to cause a stack-based buffer overflow via...

Tencent QQ SuperVideo Remote Denial of Service Vulnerability

QQ is a very popular IM in China developed by Tencent.There exists a remote denial of service vulnerability in QQ when using the SuperVideo chat.Current study showed that the attacker who successfully exploited the vulnerability would cause the remote client crash. There is an attack packet as...

CVE-2006-6500

Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an...

ImageMagick Sun Bitmap图象文件远程缓冲区溢出漏洞

ImageMagick是一套可以用来读、写和处理超过89种基本格式的图片文件。 ImageMagick处理SUN Bitmap图象文件存在问题，远程攻击者可以利用漏洞进行缓冲区溢出攻击，可能以进程权限执行任意指令。 攻击者可以构建恶意SUN Bitmap图象，诱使用户使用ImageMagick打开来触发，目前没有详细漏洞细节提供。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHa...

CVE-2006-6288

Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier allow remote attackers to execute arbitrary code via 1 a playlist file with long song names, because of an overflow in the CPLAddPrefixedFile function in CPIPlaylist.c; 2 a skin file with long button names, because of an overflow...

Microsoft Windows Media Player畸形位图文件处理堆溢出漏洞（MS06-005）

Microsoft Windows Media Player是一款非常流行的媒体播放器。 Microsoft Windows Media Player在处理畸形的位图文件时存在漏洞，攻击者可能利用此漏洞在用户机器上执行任意指令。 Windows Media Player可以播放位图格式文件（如.bmp文件）并解码bmp文件，但没有正确地处理声明大小为0的bmp文件。在这种情况下，WMP会分配大小为0的堆，但实际上会以实际文件长度拷贝数据到这个堆，因此声明大小为0的bmp文件会导致溢出。攻击者可以通过诱骗用户使用Windows Media Player打开特制的位图文件导致执行任意指令。...

Debian DSA-1168-1 : imagemagick - several vulnerabilities

Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation tools, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-2440 Eero Hakkinen discovered that the...

GLSA-200609-14 : ImageMagick: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200609-14 ImageMagick: Multiple Vulnerabilities Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...

ImageMagick: Multiple Vulnerabilities

Background ImageMagick is a free software suite to manipulate, convert, and create many image formats. Description Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...

Moderate: Red Hat Security Advisory: ImageMagick security update

Updated ImageMagick packages that fix several security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. ImageMagickTM is an image display and manipulation tool for the X Window System that can read and write multiple...

linux/x86 - execve/bin/sh + Bitmap Header 27 bytes

linux/x86 execve/bin/sh + Bitmap Header 27 bytes. Shellcode exploit for linx86 platform / linux/x86 - execve"/bin/sh", "/bin/sh", NULL + Bitmap 24bit Header - 27 bytes root@magicbox: file linux-sh-bm24bhdr.bin linux-sh-bm24bhdr.bin: PC bitmap data - izik / char shellcode = // // Bitmap 24bit Head...

linux/x86 execve(/bin/sh) + Bitmap Header 27 bytes

No description provided by source. / linux/x86 - execve"/bin/sh", "/bin/sh", NULL + Bitmap 24bit Header - 27 bytes root@magicbox: file linux-sh-bm24bhdr.bin linux-sh-bm24bhdr.bin: PC bitmap data - izik [email protected] / char shellcode = // // Bitmap 24bit Header 4 bytes // "\x42" // inc %edx "\x4d...

linux/x86 execve(/bin/sh) + Bitmap Header 27 bytes

Exploit for linux/x86 platform in category shellcode ================================================== linux/x86 execve/bin/sh + Bitmap Header 27 bytes ================================================== / linux/x86 - execve"/bin/sh", "/bin/sh", NULL + Bitmap 24bit Header - 27 bytes...

Windows Media Player 7.1 <= 10 BMP Heap Overflow PoC (MS06-005)

Exploit for unknown platform in category dos / poc =============================================================== Windows Media Player 7.1 include define BITMAPFILESIZE 0xA8D2 define BITMAPFILENAME "crafted.bmp" pragma pack push pragma pack 1 // bitmap file format - http:/...

Heap overflow

Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap .BMP file that specifi...

CVE-2006-0006

CVE-2006-0006 is a heap-based buffer overflow in Windows Media Player’s bitmap processing. A crafted BMP can trigger an overflow when the file declares a size of 0, allowing remote code execution. Affected products/versions include Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on W...