68 matches found
[SECURITY] [DSA 2357-1] evince security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2357-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez December 03, 2011 http://www.debian.org/security/faq -...
Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability
This module exploits a vulnerability in Adobe Flash Player that was discovered, and has been exploited actively in the wild. By embedding a specially crafted .swf file, Adobe Flash crashes due to an invalid use of an object type, which allows attackers to overwrite a pointer in memory, and result...
Trend Micro Titanium Maximum Security 2011 0day Local Kernel Exploit
No description provided by source. 1.Description: The tmtdi.sys kernel driver distributed with Trend Micro Titanium Maximum Security 2011 contains a pointer overwrite vulnerability in the handling of IOCTL 0x220404. Exploitation of this issue allows an attacker to execute arbitrary code within th...
Sybase Advantage Data Architect Heap Overflow
Exploit Title: Sybase Advantage Data Architect ".SQL" Format Heap Oveflow RCE Date: 2010-10-16 Author: d0lc3 @rmallof - http://elotrolad0.blogspot.com/ Software Link: http://www.sybase.com/products/databasemanagement/advantagedatabaseserver/data-architect-utility Version: 10.0 Tested on: Windows ...
Trend Micro Titanium Maximum Security 2011 - Local Kernel
Trend Micro Titanium Maximum Security 2011 - Local Kernel / 1.Description: The tmtdi.sys kernel driver distributed with Trend Micro Titanium Maximum Security 2011 contains a pointer overwrite vulnerability in the handling of IOCTL 0x220404. Exploitation of this issue allows an attacker to execute...
Trend Micro Titanium Maximum Security 2011 - Local Kernel
/ 1.Description: The tmtdi.sys kernel driver distributed with Trend Micro Titanium Maximum Security 2011 contains a pointer overwrite vulnerability in the handling of IOCTL 0x220404. Exploitation of this issue allows an attacker to execute arbitrary code within the kernel. An attacker would need...
Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability
Advisory ID Internal CORE-2009-0827 1. Advisory Information Title: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability Advisory Id: CORE-2009-0827 Date published: 2010-02-09 Date of last update: 2010-02-08 Vendors contacted: Microsoft Release mode: Coordinated...
Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability. NOTE: The popsubfolders option is a...
Design/Logic Flaw
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer...
IntelliTamper (2.07/2.08) - Language Catalog Overflow (SEH)
!usr/bin/python IntelliTamper 2.07/2.08 Language Catalog SEH Overflow Exploit. we start off the exploitation with some fuzzing to determine how many bytes before overwriting the pointer to next SEH and pointer to SEH, we will try and overwrite each address with 41414141 "AAAA" Pointer to next SEH...
CVE-2008-4451
The SysInspector AntiStealth driver esiasdrv.sys 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHODNEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer...
Design/Logic Flaw
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."...
CVE-2008-3357
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."...
CVE-2008-3357
Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 aka 9.0.4, and Ingres 2006 release 2 aka 9.1.0 on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability."...
CVE-2008-3357
CVE-2008-3357 : Untrusted search path vulnerability in ingvalidpw of Ingres 2.6, Ingres 2006 Release 1 (9.0.4), and Ingres 2006 Release 2 (9.1.0) on Linux/HP-UX allows local users to gain privileges by loading a crafted shared library. Exploitation is local and tied to the ingvalidpw helper (set-...
MS Windows JPEG Processing Buffer Overrun Exploit (MS04-028)
No description provided by source. !/bin/sh The JPEG vuln is triggered by the 0 or 1 length field with an integer flaw The crafted JPEG header makes Windows crash a couple of different ways 1 First, it crashes when the image is opened. 2 Second, it crashes when hovering the mouse over the image...
EEYE: Microsoft Publisher 2007 Arbitrary Pointer Dereference
Microsoft Publisher 2007 Arbitrary Pointer Dereference Release Date: July 10, 2007 Date Reported: February 16, 2007 Severity: High Remote Code Execution Vendor: Microsoft Vendor Software Affected: Microsoft Office 2007 Small Business Microsoft Office 2007 Professional Microsoft Office 2007 Ultima...
Ingres Unauthenticated Pointer Overwrite 1
======= Summary ======= Name: Ingres remote unauthenticated pointer overwrite 1 Release Date: 25 June 2007 Reference: NGS00391 Discover: Chris Anley [email protected] Vendor: Ingres Vendor Reference: Ingres bug 115927, CVE-2007-3336, CAID 35450 Systems Affected: Ingres 2006 9.0.4 and prior...
Design/Logic Flaw
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...
CVE-2007-3336
Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA formerly Computer Associates products, allow remote attackers to execute arbitrary code by sending certain TCP data at different times to the Ingres Communications Server...