74 matches found
Information disclosure
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors...
CVE-2016-3216
CVE-2016-3216 involves GDI32.dll in the Windows Graphics Component, where memory handling flaws allow remote attackers to bypass ASLR and disclose memory contents. Affected products include Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, Windows 8.1, Windows Server 2012, Windows RT ...
CVE-2016-3216
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors...
Microsoft Graphics Component Multiple Vulnerabilities (3164036)
This host is missing an important security update according to Microsoft Bulletin MS16-074. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows - gdi32.dll Multiple EMF COMMENT_MULTIFORMATS Record Handling (MS16-055)
Microsoft Windows - gdi32.dll Multiple EMF COMMENTMULTIFORMATS Record Handling MS16-055 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=729 There are two programming errors in the implementation of the COMMENTMULTIFORMATS record in EMF files, as found in the user-mode gdi32.dll...
Microsoft Windows - gdi32.dll Heap Based Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAP
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, which are only processed if the Device Context is associated with ...
Microsoft Windows - gdi32.dll Multiple Issues in the EMF CREATECOLORSPACEW Record Handling (MS16-055
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=722 There are multiple programming errors in the implementation of the CREATECOLORSPACEW record in EMF files, as found in the user-mode gdi32.dll system library. The worst of them...
Microsoft Windows - gdi32.dll Multiple Issues in the EMF COMMENT_MULTIFORMATS Record Handling (MS16-
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=729 There are two programming errors in the implementation of the COMMENTMULTIFORMATS record in EMF files, as found in the user-mode gdi32.dll system library. The worst of them may...
Microsoft Windows - gdi32.dll Multiple EMF CREATECOLORSPACEW Record Handling (MS16-055)
Microsoft Windows - gdi32.dll Multiple EMF CREATECOLORSPACEW Record Handling MS16-055 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=722 There are multiple programming errors in the implementation of the CREATECOLORSPACEW record in EMF files, as found in the user-mode gdi32.dll...
Microsoft Windows - gdi32.dll Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Microsoft Windows - gdi32.dll Heap Buffer Overflow in ExtEscape Triggerable via EMREXTESCAPE EMF Record MS16-055 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, whic...
Microsoft Windows - 'gdi32.dll' Heap Buffer Overflow in ExtEscape() Triggerable via EMR_EXTESCAPE EMF Record (MS16-055)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=731 Two of the escape codes supported by the public ExtEscape API are POSTSCRIPTIDENTIFY and POSTSCRIPTINJECTION, which are only processed if the Device Context is associated with a printer. In the code responsible for handling the...
Microsoft Windows - 'gdi32.dll' Multiple 'EMF COMMENT_MULTIFORMATS' Record Handling (MS16-055)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=729 There are two programming errors in the implementation of the COMMENTMULTIFORMATS record in EMF files, as found in the user-mode gdi32.dll system library. The worst of them may lead to reading beyond allocated heap-based buffer...
Microsoft Windows - 'gdi32.dll' Multiple 'EMF CREATECOLORSPACEW' Record Handling (MS16-055)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=722 There are multiple programming errors in the implementation of the CREATECOLORSPACEW record in EMF files, as found in the user-mode gdi32.dll system library. The worst of them may lead to reading beyond allocated heap-based...
Security feature bypass
The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windo...
CVE-2016-0008
CVE-2016-0008 covers a Windows GDI32.dll ASLR bypass vulnerability. Affected software includes Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1, Windows 8/8.1, Windows Server 2012 Gold/R2, and Windows RT Gold/8.1, where remote attackers could bypass ASLR via unspecified vectors. The v...
Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure (MS15-097)
Microsoft Office 2007 - OGL.dll ValidateBitmapInfo Bounds Check Failure MS15-097 Source: https://code.google.com/p/google-security-research/issues/detail?id=469 The following crash was observed in Microsoft Office 2007 Excel with Microsoft Office File Validation Add-In disabled and Application...
Microsoft Office 2007 OGL.dll DpOutputSpanStretch::OutputSpan Out of Bounds Write Exploit
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=420&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and...
MS15-072: Vulnerability in Windows Graphics Component Could Allow Elevation of Privilege (3069392)
The remote Windows host is affected by a privilege escalation vulnerability due to improper processing of bitmap conversions in the Windows graphics component. An authenticated attacker can exploit this, via a specially crafted application, to gain administrative privileges. C Tenable Network...
BulletProof FTP Client 2010 - Buffer Overflow (DEP Bypass) Exploit
Exploit for windows platform in category local exploits ----------------------------------------------------------------------------- Exploit Title: BulletProof FTP Client 2010 - Buffer Overflow SEH Date: Feb 15 2015 Exploit Author: Gabor Seljan Software Link: http://www.bpftp.com/ Version:...
CoolPlayer Portable 2.19.2 - Buffer Overflow (MSF)
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...