Microsoft DirectShow Video Streaming ActiveX IMPEG2TuneRequest Overflow

Added: 07/07/2009 CVE: CVE-2008-0015 BID: 35558 OSVDB: 55651 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A stack buffer overfl...

MDaemon WorldClient form2raw.cgi Stack Buffer Overflow

This module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed default, a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When...

VideoLAN VLC Media Player 0.9.9 - smb: URI Stack Buffer Overflow (PoC)

VideoLAN VLC Media Player 0.9.9 - smb: URI Stack Buffer Overflow PoC !/usr/bin/ruby VideoLAN VLC Media Player 0.9.9 smb:// URI Stack-based Buffer Overflow Proof-of-Concept Bugtraq ID: 35500 The vulnerability can also be triggered via the VLC web interface disabled by default:...

Timbuktu Pro < 8.6.7 PlughNTCommand Named Pipe Remote Stack Buffer Overflow

The remote Windows host contains a version of Motorola Inc.'s Timbuktu Pro that is earlier than 8.6.7. Timbuktu Pro allows remote access to a computer's desktop, and versions before 8.6.7 reportedly contain a stack-based buffer overflow that can be triggered when the 'PlughNTCommand' named pipe...

iDefense Security Advisory 06.25.09: Unisys Business Information Server Stack Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 06.25.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 25, 2009 I. BACKGROUND The Unisys Business Information Server is a business information management package providing data access, analysis and reporting for...

TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Buffer Overflow

Microsoft Office Excel Malformed Records Stack Buffer Overflow TSL ID : FSC20090609-01 Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01 1. Affected Software Microsoft Office Excel 2000 Microsoft Office Excel 2002 Reference: http://office.microsoft.com/en-us/excel/default.aspx 2...

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow (SEH)

Atomix Virtual Dj Pro 6.0 - Local Stack Buffer Overflow SEH include include include include include unsigned char rawData = 0x23, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6C, 0x44, 0x4A, 0x20, 0x50, 0x6C, 0x61, 0x79, 0x6C, 0x69, 0x73, 0x74, 0x0D, 0x0A, 0x23, 0x4D, 0x69, 0x78, 0x54, 0x79, 0x70, 0x65,...

AIMP 2.51 build 330 (ID3v1/ID3v2 Tag) Remote Stack BOF PoC (SEH)

Exploit for unknown platform in category dos / poc ================================================================ AIMP 2.51 build 330 ID3v1/ID3v2 Tag Remote Stack BOF PoC SEH ================================================================ | | / | AIMP 2.51 build 330 ID3v1/ID3v2 Tag | /---, |...

AIMP 2.51 build 330 - ID3v1/ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)

| | / | AIMP 2.51 build 330 ID3v1/ID3v2 Tag | /---, | Remote Stack Buffer Overflow PoC SEH | ----- ==| | | | : ==| |......................................................| -----'---- | || | ' |==== | /,-,"--"------ //,-, ,-,\\ |/ //,-, ,-, ,-,\ 0 |===|| 0 0 ||- o ' 0 0 0 ||...

AIMP 2.51 build 330 - ID3v1ID3v2 Tag Remote Stack Buffer Overflow (PoC) (SEH)

AIMP 2.51 build 330 - ID3v1ID3v2 Tag Remote Stack Buffer Overflow PoC SEH | | / | AIMP 2.51 build 330 ID3v1/ID3v2 Tag | /---, | Remote Stack Buffer Overflow PoC SEH | ----- ==| | | | : ==| |......................................................| -----'---- | || | ' |==== | /,-,"--"------ //,-,...

NTP 'ntpd' Autokey栈缓冲区溢出漏洞

Bugraq ID: 35017 CVE ID：CVE-2009-1252 CNCVE ID：CNCVE-20091252 NTP Network Time Protocol是一款客户端用于与时间服务器同步日期和时间的协议。 NTPd在以OpenSSL支持的情况下编译时存在栈缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 ntpd/ntpcrypto.c中cryptorecv函数使用sprintf存在缓冲区溢出，此漏洞需要配置使用autokey才会触发ntpd配置使用公钥加密进行NTP报文验证。远程未授权攻击者可以以ntpd守护程序权限执行任意代码。 Ubuntu...

Microsoft PowerPoint Converter TPrint Record Handling Error (MS09-017; CVE-2009-0227)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A stack buffer overrun vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially crafte...

Microsoft PowerPoint Data Out of Bounds Stack Buffer Overflow (MS09-017; CVE-2009-1128; CVE-2009-1131)

Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A stack buffer overflow vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading data that is too large from...

ntp -- stack-based buffer overflow

US-CERT reports: ntpd contains a stack buffer overflow which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system or create a denial of service...

FreeBSD : libxml2 stack buffer overflow in URI parsing (847ade05-6717-11d8-b321-000a95bc6fae)

Yuuichi Teranishi reported a crash in libxml2's URI handling when a long URL is supplied. The implementation in nanohttp.c and nanoftp.c uses a 4K stack buffer, and longer URLs will overwrite the stack. This could result in denial-of-service or arbitrary code execution in applications using libxm...

Ubuntu 8.04 LTS : firefox-3.0, xulrunner-1.9 regression (USN-645-3)

USN-645-1 fixed vulnerabilities in Firefox and xulrunner. The upstream patches introduced a regression in the saved password handling. While password data was not lost, if a user had saved any passwords with non-ASCII characters, Firefox could not access the password database. This update fixes t...

Elecard AVC HD Player .XPL Stack Buffer Overflow (SEH) PoC

No description provided by source. /ELECARD AVC HD PLAYER STACK BUFFER OVERFLOW SEH OVERWRITE Name: elecard.c CREDITS: the one and only fl0 fl0w 004533AE . F3:A5 REP MOVS DWORD PTR ES:EDI,DWORD PTR DS SEH chain of main thread Address SE handler 0012CB54 FFFFFFFF Open in debugger and you'll see SE...

IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow

This module exploits a stack buffer overflow in IBM Lotus Domino Web Server prior to version 7.0.3FP1 and 8.0.1. This flaw is triggered by any HTTP request with an Accept-Language header greater than 114 bytes. This module requires Metasploit: https://metasploit.com/download Current source:...

iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDefense Security Advisory 04.14.09 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 14, 2009 I. BACKGROUND WordPad is a word processing application included with Microsoft Windows. The Word97 converter is used to convert Word97 format...

Elecard AVC HD Player - .XPL Stack Buffer Overflow (SEH) (PoC)

Elecard AVC HD Player - .XPL Stack Buffer Overflow SEH PoC /ELECARD AVC HD PLAYER STACK BUFFER OVERFLOW SEH OVERWRITE Name: elecard.c CREDITS: the one and only fl0 fl0w 004533AE . F3:A5 REP MOVS DWORD PTR ES:EDI,DWORD PTR DS SEH chain of main thread Address SE handler 0012CB54 FFFFFFFF Open in...