Code Execution Vulnerability in China Knowledge Network CAJViewer Reader

China Knowledge CAJViewer Reader is a specialized full-text format reader for China Journal Network. A code execution vulnerability exists in CAJViewer. The vulnerability is due to insufficient program processing logic, an attacker can construct a specific string to control the address of the...

Mozilla Firefox 3.6.16 mChannel Use-After-Free漏洞

漏洞分析 此漏洞是由于Mozilla Firefox的xul.dll在处理mChannel标签时，在OnChannelRedirect中对mChannel对象进行创建，但在随后调用Release释放，在释放对象过后没有对该指针进行标记，从而导致在随后的调用用中引用mChannel标签时，由于指针已经被释放，导致call地址不可读，从而引发漏洞，下面对此漏洞进行详细分析。 首先打开PoC，火狐浏览器崩溃，附加调试器，到达漏洞现场。 858.85c: Access violation - code c0000005 first chance First chance exceptions a...

Microsoft DIA SDK msdia.dll Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Debug Interface Access SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...