CVE-2015-6923

CVE-2015-6923 affects VBox Communications Satellite Express Protocol 2.3.17.3. The ndvbs module permits a local attacker to write arbitrary physical memory via IOCTL 0x00000ffd, enabling privilege escalation by overwriting HalDispatchTable function pointers (arbitrary code execution). Public advi...

CVE-2015-6923

The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call...

Fortinet FortiClient Unauthorized Operation Vulnerability

Fortinet FortiClient is a Fortinet endpoint security solution that provides end users with anti-virus, encryption and other services. An unauthorized operation vulnerability exists in Fortinet FortiClient versions prior to 5.2.4, which allows a local user write to write to arbitrary memory...

Microsoft Office 2007 - mso.dll Arbitrary Free (MS15-081)

Microsoft Office 2007 - mso.dll Arbitrary Free MS15-081 Source: https://code.google.com/p/google-security-research/issues/detail?id=417&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testin...

Microsoft Windows - 'ATMFD.DLL' Write to Uninitialized Address Due to Malformed CFF Table

Source: https://code.google.com/p/google-security-research/issues/detail?id=385&can=1 We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. Th...

Microsoft Office 2007 - 'mso.dll' Arbitrary Free (MS15-081)

Source: https://code.google.com/p/google-security-research/issues/detail?id=417&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug did not reproduce in Office...

Adobe Flash Player Out of Bounds Memory Corruption (APSB15-11: CVE-2015-3105)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to an out-of-bounds memory write while handling specially crafted SWF files. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

Mtkfb

Memory write vulnerabilities allow a local user to gain privileges...

MGASA-2015-0163 Updated chrony packages fix security vulnerabilities

Updated chrony package fixes security vulnerabilities: Using particular address/subnet pairs when configuring access control would cause an invalid memory write. This could allow attackers to cause a denial of service crash or execute arbitrary code CVE-2015-1821. When allocating memory to save...

Mandriva Linux Security Advisory : gnutls (MDVSA-2015:072)

Updated gnutls packages fix security vulnerabilities : Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default something that deviates from the...

CVE-2015-0664

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0.00051 and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195...

ettercap: multiple issues

CVE-2014-6395 arbitrary code execution Heap-based buffer overflow in the dissectorpostgresql function in dissectors/ecpostgresql.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual...

CVE-2015-1515

CVE-2015-1515 affects SoftSphere DefenseWall Personal Firewall 3.24. The dwall.sys driver allows local users to escalate privileges by writing to arbitrary memory locations through crafted IOCTLs (0x00222000, 0x00222004, 0x00222008, 0x0022200c, 0x00222010). Multiple sources corroborate a local pr...

Multiple Trend Micro Products tmeext.sys Driver Elevation of Privilege Vulnerabilities

Trend Micro Antivirus Plus, Internet Security and Maximum Security are all antivirus programs from Trend Micro. A security vulnerability exists in the tmeext.sys driver prior to version 2.0.0.1015. A local attacker can exploit this vulnerability by writing to an arbitrary memory location via a...

CVE-2015-1305

McAfee Data Loss Prevention Endpoint DLPe before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 1 0x00224014 or 2 0x0022c018 IOCTL call...

CVE-2014-9632

The CVE-2014-9632 entry affects AVG Internet Security/Protection: the TDI driver avgtdix.sys allows local privilege escalation by writing to arbitrary memory via a crafted 0x830020f8 IOCTL. Affected: AVG Internet Security 2013.x before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315, Protection ...

CVE-2014-9641

The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call...

Design/Logic Flaw

IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service write to kernel memory via a crafted app that calls an unspecified user-client method...

SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)

binutils has been updated to fix eight security issues : - Lack of range checking leading to controlled write in bfdelfsetupsections. CVE-2014-8485 - Invalid read flaw in libbfd. CVE-2014-8484 - Write to uninitialized memory in the PE parser. CVE-2014-8501 - Crash in the PE parser. CVE-2014-8502 ...

LibreOffice < 4.2.8 / 4.3.5 RTF File Handling Code Execution (Mac OS X)

The version of LibreOffice installed on the remote Mac OS X host is prior to 4.2.8 or 4.3.x prior to 4.3.5. It is, therefore, affected by an invalid memory write vulnerability. An attacker, using a specially crafted Rich Text Format RTF file, can exploit this to cause a denial of service or...