Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability

This vulnerability allows attackers to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists within the QuickTime Java extensions QTJava.dll,...

[Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation

CHECK POINT ZONE LABS PRODUCTS MULTIPLE LOCAL PRIVILEGE ESCALATION VULNERABILITIES Rubйn Santamarta [email protected] 04.20.2007 Affected products: + ZoneAlarm Srescan.sys v 5.0.155 and earlier Srescan.sys is exposed through the following Dos Device:“.SreScan”. Restricted accounts ,including...

CVE-2007-1189

Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by 1 modifying the iseve function to gain privileges and 2 making the devpermcheck function...

CVE-2007-1189

CVE-2007-1189 : Concrete details show an integer overflow in the Plan 9 kernel’s envwrite function (Alcatel-Lucent Bell Labs Plan 9) that can be triggered by a large n argument. This vulnerability allows local users to overwrite kernel memory, with demonstrated effects including privilege escalat...

[Full-disclosure] iDefense Security Advisory 02.13.07: Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability

Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability iDefense Security Advisory 02.13.07 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 13, 2007 I. BACKGROUND The WinInet module provides access to common Internet protocols, including FTP and HTTP, allowing ...

kav60-escalate.txt

// kav 6.0 0day local priv escalation exploit // by m4d // http://unl0ck.net include include include // r0-shellcode creates C:\Hello.txt with "Hello from ring-0! :" unsigned char Shellcode405 = 0x55, 0x8B, 0xEC, 0x83, 0xC4, 0xBC, 0x60, 0x83, 0x4D, 0xE8, 0xFF, 0x0F, 0x01, 0x4D, 0xFA, 0x8B, 0x4D,...

CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

DEBIAN-CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6499

The jsdtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins tha...

CVE-2006-6499

The CVE-2006-6499 entry concerns Mozilla Firefox 2.x before 2.0.0.1, Firefox 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7. The vulnerability is a memory overwrite that occurs when floating-point precision is reduced, rather than exiting safely. This can allow remot...

PT-2006-7103 · Mozilla +1 · Firefox +3

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 2.x before 2.0.0.1 Mozilla Firefox versions 1.5.x before 1.5.0.9 Thunderbird versions before 1.5.0.9 SeaMonkey versions before 1.0.7 Description: The js dtoa function overwrites memory instead of exiting when the...

Microsoft Word Document Code Execution Proof of Concept

No description provided by source. ===== The file I have attached is a very basic two stage bug. stage 1 the first mod forces the code down a wrong path. the second mod by itsself is harmless, however when used with the first it will be the first and part of the second overwrite. I have use...

CVE-2003-1310

The CVE concerns Norton AntiVirus 2002 on Windows, specifically the DeviceIoControl path in the Norton Device Driver (NAVAP.sys). The vulnerability allows local privilege escalation by overwriting memory locations through certain IOCTL codes, enabling a non-privileged user to gain higher privileg...

CVE-2006-5379

CVE-2006-5379 affects NVIDIA Binary Graphics Driver (the binary blob driver) for Linux, specifically v8774 and v8762, with the accelerated rendering path for font glyphs. The vulnerability arises from improper handling of very large font glyph width values, enabling an attacker to corrupt memory ...

CVE-2006-5379

The accelerated rendering functionality of NVIDIA Binary Graphics Driver binary blob driver For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite...

CVE-2006-5379

The accelerated rendering functionality of NVIDIA Binary Graphics Driver binary blob driver For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite...

CVE-2006-5379

The accelerated rendering functionality of NVIDIA Binary Graphics Driver binary blob driver For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite...

NVIDIA binary graphics driver: Privilege escalation vulnerability

The accelerated rendering functionality of NVIDIA Binary Graphics Driver binary blob driver For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite...