CVE-2012-1163

Summary : CVE-2012-1163 is a vulnerability in libzip’s central directory handling. An integer overflow in the function _zip_readcdir (zip_open.c) allows a remote attacker to trigger memory safety violations, leading to possible arbitrary code execution and an information leak. The issue is associ...

CVE-2012-1163

Integer overflow in the zipreadcdir function in zipopen.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an...

Adobe Reader and Acrobat TTF MINDEX Code Execution (APSB12-08; CVE-2012-0774)

A remote code execution vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

Mandriva Linux Security Advisory : libzip (MDVSA-2012:034)

Multiple vulnerabilities has been found and corrected in libzip : libzip version = 0.10 uses an incorrect loop construct, which can result in a heap overflow on corrupted zip files CVE-2012-1162. libzip version = 0.10 has a numeric overflow condition, which, for example, results in improper...

MS12-003: Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2646524)

The Windows Client/Server Run-time Subsystem CSRSS on the remote host has a privilege escalation vulnerability that can be triggered when processing a sequence of specially crafted Unicode characters and trying to access the contents of a memory buffer that has not been properly initialized. If t...

Juniper Junos Next-Gen MVPN Senario Malformed Message Handling Remote DoS (PSN-2011-10-391)

According to its self-reported version number, the remote Juniper router has a denial of service vulnerability. In a Next Generation MVPN scenario, a kernel memory buffer could get corrupted when the router receives a bootstrap or auto-RP message larger than 204 bytes, causing the kernel to crash...

Adobe Reader TTF Glyf Code Execution (APSB11-24; CVE-2011-2441)

A remote code execution vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to incorrect memory buffer allocation while parsing a corrupted PDF file. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file...

RealNetworks Realplayer QCP Parsing Heap Overflow

$Id: realplayerqcp.rb 13745 2011-09-17 06:48:33Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Memory corruption during text run construction (Windows) — Mozilla

Alex Miller reported that when very long strings were constructed and inserted into an HTML document, the browser would incorrectly construct the layout objects used to display the text. Under such conditions an incorrect length would be calculated for a text run resulting in too small of a memor...

(0Day) IBM Lotus Domino LDAP Bind Request Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nLDAP.exe component which listens by default on TCP port 389. When handling the an LDAP Bi...

[CORE-2010-0819] LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory Information Title: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In...

LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical

Exploit for linux platform in category dos / poc ===================================================================== LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical ===================================================================== LibSMI smiGetNode Buffer Overflow When...

LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form

LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory...

LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form

Core Security - CoreLabs LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory Information Title: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form Advisory Id: CORE-2010-0819 Advisory URL:...

LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ LibSMI smiGetNode Buffer Overflow When Long OID Is Given In Numerical Form 1. Advisory Information Title: LibSMI smiGetNode Buffer Overflow When Long OID Is Given In...

Frameset integer overflow vulnerability — Mozilla

Security researcher Chris Rohlf of Matasano Security reported that the implementation of the HTML frameset element contained an integer overflow vulnerability. The code responsible for parsing the frameset columns used an 8-byte counter for the column numbers, so when a very large number of colum...

Remote code execution using malformed PNG image — Mozilla

OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are...

nsCSSValue::Array index integer overflow — Mozilla

Security researcher J23 reported via TippingPoint's Zero Day Initiative that an array class used to store CSS values contained an integer overflow vulnerability. The 16 bit integer value used in allocating the size of the array could overflow, resulting in too small a memory buffer being created...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0358-2)

Mozilla Firefox was updated to version 3.5.10, fixing various bugs and security issues. MFSA 2010-33 / CVE-2008-5913: Security researcher Amit Klein reported that it was possible to reverse engineer the value used to seed Math.random. Since the pseudo-random number generator was only seeded once...

Unreal Engine 2.5 - 'UpdateConnectingMessage()' Remote Stack Buffer Overflow (PoC)

source: https://www.securityfocus.com/bid/41424/info Unreal Engine is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check messages before copying them to an insufficiently sized memory buffer. Successful exploits can allow remote attackers to...