Detect It Easy Handles PE File Memory Corruption Vulnerability

Detect it Easy is a multifunctional PE-DIY tool mainly used for shell detection. Supports direct drag and drop of files, which can be added to the right-click menu. Detect it Easy has a memory corruption vulnerability in the processing of pe files, constructing malformed pe files can cause the...

Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

FreeBSD : FreeBSD -- Multiple vulnerabilities in file(1) and libmagic(3) (70140f20-6007-11e6-a6c3-14dae9d210b8)

A specifically crafted Composite Document File CDF file can trigger an out-of-bounds read or an invalid pointer dereference. CVE-2012-1571 A flaw in regular expression in the awk script detector makes use of multiple wildcards with unlimited repetitions. CVE-2013-7345 A malicious input file could...

Two Memory Corruption Vulnerabilities Exist in Antenna Defense

Anthem Defense is Anthem's antivirus program. Antenna Defense 7 Antivirus has two different memory corruption vulnerabilities when dealing with specific PE files, which allow attackers to exploit the vulnerabilities to construct malformed PE files that cause Antenna Defense 7 to crash due to memo...

Symantec Norton Security IDSvix86 PE Remote System Denial of Service Vulnerability

SUMMARY A denial of service vulnerability exists in the Portable Executable file scanning functionality of Symantec Norton Security. A specially crafted PE file can cause an access violation in IDSvix86 kernel driver resulting in denial of service. An attacker can trigger this vulnerability for...

Symantec Anti-virus Engine Denial of Service Vulnerability

Symantec Anti-virus Engine AVE is a network service from Symantec, Inc. that provides virus scanning and virus remediation for application data traveling over a network. A security vulnerability exists in Symantec AVE version 20151.1.0.32. The vulnerability can be exploited by an attacker to caus...

Antenna Defense Memory Corruption Vulnerability

Anthem Defense is Anthem's antivirus program. Antenna Defense 7 Antivirus has a memory corruption vulnerability when dealing with PE files, which allows attackers to exploit the vulnerability to construct malformed PE files that can cause Antenna Defense 7 to crash due to memory corruption while...

Memory Corruption Vulnerability in Dr. An Antivirus

Dr. An antivirus is a security product. Dr. An Antivirus has a memory corruption vulnerability when dealing with PE files, which allows attackers to exploit the vulnerability to construct malformed PE files, allowing Dr. An to terminate the scan due to memory corruption during scanning or cause a...

ROPInjector - Convert any Shellcode in ROP and patch it into a given Portable Executable (PE)

A tool written in C Win32 to convert any shellcode in ROP and patch it into a given portable executable PE. It supports only 32-bit target PEs and the x86 instruction set. Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More...

Avast Memory Corruption Vulnerability

Avast is a suite of antivirus software from the Czech company Avast Avast. A security vulnerability exists in Avast that can be exploited by remote attackers to cause a denial of service memory corruption or execute arbitrary code with the help of a specially crafted PE file...

binutils: out-of-bounds write when parsing specially crafted PE executable

A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of...

PEframe - Tool to perform static analysis on Portable Executable malware

PEframe is a open source tool to perform static analysis on Portable Executable malware. Usage $ peframe malware.exe $ peframe --option malware.exe Options --json Output in json --import Imported function and dll --export Exported function and dll --dir-import Import directory --dir-export Export...

DEBIAN-CVE-2014-8502

Heap-based buffer overflow in the peprintedata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a truncated export table in a PE file...

DEBIAN-CVE-2014-8501

The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable...

UBUNTU-CVE-2014-8502

Heap-based buffer overflow in the peprintedata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service crash and possibly have other unspecified impact via a truncated export table in a PE file...

UBUNTU-CVE-2014-8501

The bfdXXiswapaouthdrin function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service out-of-bounds write and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable...

UBUNTU-CVE-2014-9050

Heap-based buffer overflow in the cliscanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service crash via a crafted y0da Crypter PE file...

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

Altap Salamander 2.5 PE Viewer Buffer Overflow

No description provided by source. $Id: altapsalamanderpdb.rb 11353 2010-12-16 20:11:01Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

PHP Libmagic Portable Executable Out-Of-Bounds Memory Access (CVE-2014-2270)

An out-of-bounds memory access vulnerability exists in PHP Libmagic. The vulnerability is due to the way the file utility determines the type of Portable Executable PE format files. A remote attacker can exploit this flaw by uploading a malicious PE file to a vulnerable server...