CVE-2013-3894

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted CMAP table in a TrueType font T...

Microsoft Windows TTF CMAP Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

Microsoft Windows TrueType Font CMAP Table CVE-2013-3894 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will result in the execution of arbitrary code in the kernel-mode. Failed attempts will cause a denial-of-service condition. Technologies Affected Avaya Aura Conferencing Standard Avaya CallPilot...

DEBIAN-CVE-2013-2495

The iffreadheader function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format IFF data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service integer overflow, out-of-bounds...

OpenJPEG CMAP Record Parsing Vulnerability

This host is installed with OpenJPEG and is prone to record parsing vulnerability. OpenVAS Vulnerability Test $Id: secpodopenjpegcmaprecordparsingvuln.nasl 5912 2017-04-10 09:01:51Z teissa $ OpenJPEG CMAP Record Parsing Vulnerability Authors: Madhuri D Copyright: Copyright c 2012 SecPod,...

CVE-2012-1499

The JPEG 2000 codec jp2.c in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."...

Heap overflow

The JPEG 2000 codec jp2.c in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."...

CVE-2012-1499

The JPEG 2000 codec jp2.c in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write."...

CVE-2010-3959

The OpenType Font OTF driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."...

Design/Logic Flaw

The OpenType Font OTF driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."...

CVE-2010-3959

CVE-2010-3959 affects the Microsoft OpenType Font (OTF) driver. A crafted CMAP table in an OpenType font can cause local privilege escalation on Windows XP SP2/SP3, Windows Server 2003 SP2, Windows Vista SP1/SP2, Windows Server 2008 Gold/SP2/R2, and Windows 7. Root cause: incorrect handling/parsi...

CVE-2010-3959

The OpenType Font OTF driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."...

Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)

This host is missing an important security update according to Microsoft Bulletin MS10-091. OpenVAS Vulnerability Test $Id: secpodms10-091.nasl 5361 2017-02-20 11:57:13Z cfi $ Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability 2296199 Authors: Veerendra GG...

Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)

This host is missing an important security update according to Microsoft Bulletin MS10-091. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS10-091: Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)

The remote Windows host contains a version of the OpenType Font OTF Format Driver that is affected by two vulnerabilities : - The driver does not properly index an array when parsing OpenType fonts, which could allow a remote attacker to run arbitrary code in kernel mode. CVE-2010-3956 - The driv...

Microsoft OpenType Font Format Driver CMAP Table Code Execution (MS10-091; CVE-2010-3959)

OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format. A remote code execution vulnerability has been reported in the way Microsoft Windows OpenType Font OTF format driver improperly parses specially crafted OpenType fonts. A remote...

Hex Workshop buffer overflows

Buffer overflow on .cmap and .hex files parsing...

Hex Workshop 6.0 - .cmap Invalid Memory Reference (PoC)

Hex Workshop 6.0 - .cmap Invalid Memory Reference PoC !/usr/bin/perl -w Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference Crash POC Discovred by : DATASNIPER for more information vist my blog:http://datasniper.arab4services.net/ the Exploit it's very hard to implemented,if we can ma...

Hex Workshop 6 .cmap Crash Exploit

!/usr/bin/perl -w Hex Workshop v6 "ColorMap files .cmap" Invalid Memory Reference crash POC Discovred by : DATASNIPER for more information vist my blog:http://datasniper.arab4services.net/ the Exploit it's very hard to implemented,if we can make the "reference" point to valid memory location...

BreakPoint Software Hex Workshop Denial of Service vulnerability

Hex Workshop is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...