Heap overflow vulnerability exists in WPS (CNVD-2017-19997)

WPS is an office software developed by Kingsoft Office Software. A heap overflow vulnerability exists in WPS. The vulnerability stems from the program's failure to validate the buffer length, which can be exploited by an attacker to cause heap corruption or execute arbitrary code by constructing ...

Heap Overflow Vulnerability in WPS

WPS is an office software developed by Kingsoft Office Software. A heap overflow vulnerability exists in WPS text. The vulnerability is due to the program fails to validate the buffer length, an attacker can exploit the vulnerability by constructing a malformed XML file resulting in heap corrupti...

Stack Overflow Vulnerability in WPS

WPS is an office software developed by Kingsoft Office Software. A stack overflow vulnerability exists in WPS text. The vulnerability is due to the program failing to validate the buffer length. An attacker can exploit the vulnerability by constructing a malformed XML file resulting in heap...

The vulnerability of the tdx.sys component, which is used to check the length of the operating system’s buffer, allows a hacker to exploit their privileges.

The vulnerability of the tdx.sys component, which is used to check the length of operating system Windows buffers, is related to deficiencies in access control. Exploiting this vulnerability could allow an intruder, operating locally, to increase their privileges...

WPS has an out-of-bounds access vulnerability

WPS is a free office software. A memory out-of-bounds access exists in the WPS docreader module. The vulnerability stems from a miscalculation of the buffer address length. An attacker can exploit this vulnerability to obtain sensitive information...

SUSE SLES12 Security Update : glibc (SUSE-SU-2017:1614-1) (Stack Clash)

This update for glibc fixes the following issues : - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357 - The incorrectly defined constant OTMPFILE has been...

SUSE-SU-2017:1614-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2017-1000366: Fix a potential privilege escalation vulnerability that allowed unprivileged system users to manipulate the stack of setuid binaries to gain special privileges. bsc1039357 - The incorrectly defined constant OTMPFILE has been...

CVE-2017-0296

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory...

WPS has an out-of-bounds access vulnerability

WPS Office is one of the widely used office software. A memory out-of-bounds access exists in the docreader module of WPS Text. The vulnerability is due to a miscalculation of the buffer length. An attacker can exploit this vulnerability to obtain sensitive information...

Microsoft Windows TDX Elevation of Privilege Vulnerability (KB4021923)

This host is missing an important security update according to Microsoft KB4021923 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Windows TDX elevation of privilege vulnerability: June 13, 2017

Windows TDX elevation of privilege vulnerability: June 13, 2017 Summary An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to the buffer. To exploit the vulnerability, in a local attack scenario, an attacker could run a...

Windows TDX Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when tdx.sys fails to check the length of a buffer prior to copying memory to it. To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level. An attacker w...

Memory out-of-bounds access vulnerability in WPS text kso module

WPS is an office software developed by Kingsoft Office Software. A memory out-of-bounds access vulnerability exists in the WPS text kso module. The vulnerability is caused by the program failing to validate the buffer length and calling wcslen directly, which could be exploited by an attacker to...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system is related to incorrect calculations of buffer lengths during LDAP requests. Exploiting this vulnerability allows a malicious actor to enhance their privileges by running specially created applications remotely...

CVE-2017-0166

An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP...

File Parsing Out-of-Bounds Access Vulnerability in Kingsoft WPS

WPS Office is an office software. A file parsing out-of-bounds access vulnerability exists in Kingsoft WPS. out-of-bounds access to memory exists in the docreader module, which can be exploited by an attacker to cause an information disclosure due to a failure to check the buffer length...

macOS / iOS Kernel 10.12.3 (16D32) - bpf Heap Overflow Exploit

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1125 The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof siz...

Apple macOSiOS Kernel 10.12.3 (16D32) - bpf Heap Overflow

Apple macOSiOS Kernel 10.12.3 16D32 - bpf Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1125 The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof...

MacOS/iOS kernel heap overflow in bpf (CVE-2017-2482)

The bpf ioctl BIOCSBLEN allows userspace to set the bpf buffer length: case BIOCSBLEN: / uint / if d-bdbif != 0 error = EINVAL; else uint size; bcopyaddr, &size, sizeof size; if size bpfmaxbufsize size = bpfmaxbufsize; else if size bdbufsize = size; break; d-bdbif is set to the currently attached...

CVE-2017-0102

Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate...