Microsoft Office Visio UML Parsing Use After Free (MS11-060; CVE-2011-1972)

Microsoft Visio is a diagram creation software for Microsoft Windows. A remote code execution vulnerability has been reported in Microsoft Office Visio. The vulnerability is due to the improper way in which the application validates objects in memory when parsing specially crafted Visio files. An...

Adobe Audition Session File TRKM Stack Buffer Overflow (APSB11-10; CVE-2011-0615)

Adobe Audition formerly Cool Edit Pro is a digital audio workstation from Adobe Systems featuring both a multi-track, non-destructive mix/edit environment and a destructive-approach waveform editing view. A stack buffer overflow exists in Adobe Audition. The vulnerability is due to an error when...

Adobe Flash Player ActionScript Rest Array Memory Corruption (APSB11-18; CVE-2011-2110)

The vulnerability is due to an error when processing ActionScript Rest array in flash files. A remote attacker can exploit this vulnerability by enticing a user to download and view a Flash file that contains a malicious ActionScript code. Successful exploitation of this vulnerability could cause...

Adobe Reader PDF 3D Image JavaScript RemoveItem Code Execution (APSB11-16; CVE-2011-2099)

A memory corruption vulnerability has been reported in Adobe Reader that could potentially allow an attacker to crash the application and take control of the system...

Rosoft MediaPlayer v4.4.4 - Buffer Overflow Vulnerability

Document Title: =============== Rosoft MediaPlayer v4.4.4 - Buffer Overflow Vulnerability Release Date: ============= 2011-06-21 Vulnerability Laboratory ID VL-ID: ==================================== 94 Product & Service Introduction: =============================== Ever since we released our ve...

Workaround for Microsoft Office Excel BIFF5 Records Vulnerabilities (MS11-045; CVE-2011-1273)

A remote code execution vulnerability exists in the way that Microsoft Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; o...

Microsoft Windows DFS PathConsumed Code Injection (MS11-042; CVE-2011-1868)

This is a remote code execution vulnerability. The vulnerability is caused by the Microsoft Distributed File System DFS implementation improperly validating all fields within specially crafted DFS responses. An attacker who successfully exploited this vulnerability could take complete control of ...

Microsoft Windows Distributed File System Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. The issue affects the Windows Distributed File System DFS. An attacker can exploit this issue by sending a specially crafted DFS response to the affected application. Successfully exploiting this issue allows an...

Microsoft Office Excel SerAuxTrend Record Remote Code Execution (MS11-045; CVE-2011-1274)

This is a remote code execution vulnerability. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Successful exploitation of this vulnerabilit...

Adobe Flash Player DefineFontAlignZones Tag Code Execution (APSB11-12; CVE-2011-0626)

The Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient bounds checking by the Adobe Flash Player. A remote attacker can exploit th...

Adobe Flash Player ActionScript DoABC Tag Integer Overflow (APSB11-12; CVE-2011-0618)

The Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A memory corruption vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an integer overflow in the Adobe Flash Player when parsing specially crafted SWF files. A...

Adobe Flash Player ActionScript callMethod Code Execution (APSA11-02; CVE-2011-0611)

The Adobe Flash Player is a multimedia and application player that renders Shockwave Flash SWF files. A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient verification of segment data by the Adobe Flash Player. A remote attacker c...

Microsoft Office共享组件DLL加载任意代码执行漏洞(MS11-023)

BUGTRAQ ID: 47246 CVE ID: CVE-2011-0107 Microsoft Office是一套由微软公司开发的办公软件，它为Microsoft Windows和Apple Macintosh操作系统而开发。 Microsoft Office在实现上存在共享组件DLL加载任意代码执行，远程攻击者可利用此漏洞以当前用户权限执行任意代码。 Microsoft...

Microsoft Windows Kernel win32k.sys RequestAck Code Execution (MS11-034; CVE-2011-1229)

The Windows kernel is the core of the operating system. It provides system-level services such as device management and memory management, allocates processor time to processes, and manages error handling. An elevation of privilege vulnerability has been reported in the Windows kernel. The...

Microsoft Windows Kernel-Mode Drivers Win32k Memory Corruption (MS11-012; CVE-2011-0090)

The Windows kernel-mode driver win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager and the Graphics Device Interface GDI. It also serves as a wrapper for DirectX support. An elevation of privilege vulnerability has been...

Microsoft Windows Win32k Insufficient User Input Validation (MS11-012; CVE-2011-0087)

The Windows kernel-mode driver win32k.sys is a kernel-mode device driver and is the kernel part of the Windows subsystem. It contains the window manager and the Graphics Device Interface GDI. It also serves as a wrapper for DirectX support. An elevation of privilege vulnerability has been...

Apple Safari WebKit Menu Onchange Memory Corruption (CVE-2010-1814)

Safari is a web browsing application developed by Apple. Safari browsing functionality is built around the set of components called WebKit. WebKit is a development toolkit which allows third party developers to build applications that use Internet technologies such as HTML, HTTP, and others. A...

Panda local to mention the right vulnerability-vulnerability warning-the black bar safety net

This article will bring to you is a Panda local to mention the right vulnerability. I think this vulnerability might be for we provide the right help, it'll tell you in detail about, after all, the more an idea is not anything bad. Compile EXP First, look on the vulnerability description. Panda t...

USN-1061-1: iTALC vulnerability

Stéphane Graber discovered that the iTALC private keys shipped with the Edubuntu Live DVD were not correctly regenerated once Edubuntu was installed. If an iTALC client was installed with the vulnerable keys, a remote attacker could gain control of the system. Only systems using keys from the...

Security updates available for Adobe Reader and Acrobat

Security updates available for Adobe Reader and Acrobat Release date: February 8, 2011 Vulnerability identifier: APSB11-03 CVE Numbers: CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0564, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0568, CVE-2011-0570, CVE-2011-0585,...