Microsoft Internet Explorer multiple security vulnerabilities

Memory corruptions, integer overflow, function pointer corruption...

CVE-2012-4354

TCPIPSStory.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to ...

Buffer overflow

TCPIPSStory.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect function-pointer processing that can lead to ...

AOL dnUpdater ActiveX dnu.exe Init() Method Remote Code Execution

The remote host has an install of the AOL dnUpdater ActiveX control dnu.exe prior to version 1.1.25.1. As such, it reportedly does not properly verify the function pointer passed by the 'pData' argument of the control's 'Init' method. A remote attacker could exploit this vulnerability by tricking...

ComSndFTP 1.3.7 Beta - USER Format String (Write4) (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'ComSndFTP v1.3.7 Beta USER Buffe...

ComSndFTP v1.3.7 Beta USER Format String (Write4) Vulnerability

This module exploits the ComSndFTP FTP Server version 1.3.7 beta by sending a specially crafted format string specifier as a username. The crafted username is sent to the server to overwrite the hardcoded function pointer from Ws232.dll!WSACleanup. Once this function pointer is triggered, the cod...

MS12-038: Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)

The version of the .NET Framework installed on the remote host is affected by a code execution vulnerability due to the improper execution of a function pointer. A remote, unauthenticated attacker could execute arbitrary code on the remote host subject to the privileges of the user running the...

Microsoft .NET Framework Function Pointer Remote Code Execution (MS12-038; CVE-2012-1855)

A remote code execution vulnerability has been reported in the Microsoft .NET Framework. The vulnerability is due to the improper execution of a function pointer by .NET Framework. A remote attacker could trigger this vulnerability by enticing an unsuspecting victim to open a specially crafted we...

RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break

VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break Derek Soeder [email protected] Reported: December 5, 2011 Published: May 3, 2012 AFFECTED VENDOR --------------- VMware, Inc. AFFECTED ENVIRONMENTS --------------------- The following VMware product versions ar...

Off-by-one error in OpenType Sanitizer — Mozilla

Mateusz Jurczyk of the Google Security Team discovered an off-by-one error in the OpenType Sanitizer using the Address Sanitizer tool. This can lead to an out-of-bounds read and execution of an uninitialized function pointer during parsing and possible remote code execution...

CVE-2012-0257

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...

Heap overflow

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...

CVE-2012-0257

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Java MixerSequencer Object GM_Song Structure Handling Vulnerability

This module exploits a flaw within the handling of MixerSequencer objects in Java 6u18 and before. Exploitation id done by supplying a specially crafted MIDI file within an RMF File. When the MixerSequencer objects is used to play the file, the GMSong structure is populated with a function pointe...

CVE-2012-0267

CVE-2012-0267 : The StopModule method of the NTR ActiveX control (before version 2.0.4.8) allows remote attackers to execute arbitrary code by passing a crafted lModule parameter that dereferences an arbitrary memory address as a function pointer. This vulnerability results in remote code executi...

TelnetD encrypt_keyid - Function Pointer Overwrite

TelnetD encryptkeyid - Function Pointer Overwrite / telnetd-encryptkeyid.c Mon Dec 26 20:37:05 CET 2011 Copyright 2011 Jaime Penalba Estebanez NighterMan Copyright 2011 Gonzalo J. Carracedo BatchDrake [email protected] - [email protected] [email protected] - [email protected] / / /...