180 matches found
CVE-2017-2794
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT fi...
CVE-2017-2794
An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT fi...
CVE-2017-2794
Summary of CVE-2017-2794 (connected details present): The vulnerability exists in the DHFSummary function of AntennaHouse DMC HTMLFilter (used by MarkLogic 8.0-6). A specially crafted PPT can trigger a stack-based buffer overflow via an overflowSize value read from Summary Information, then copie...
AntennaHouse DMC HTMLFilter PPT DHFSummary Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a stack corruption resulting in arbitrary code execution. An attacker can send/provide maliciou...
AntennaHouse DMC HTMLFilter PPT ParseEnvironment Code Execution Vulnerability
Summary An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. A specially crafted PPT file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious PPT fil...
Microsoft Office Memory Corruption (MS16-133: CVE-2016-7230)
A remote code execution vulnerability exists in Microsoft PowerPoint. The vulnerability is due to a use-after-free error in Microsoft PowerPoint while handling a specially crafted PPT file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted PPT...
Apache OpenOffice -- multiple vulnerabilities
The Apache Openofffice project reports: CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user's filesystem. Information could be retrieved by the attacke...
WPS Office < 2016 - '.ppt' Heap Memory Corruption
Exploit for windows platform in category dos / poc Application: WPS Office Platforms: Windows Versions: Version before 2016 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== WPS Office an...
WPS Office 2016 - .ppt Heap Memory Corruption
WPS Office 2016 - .ppt Heap Memory Corruption Application: WPS Office Platforms: Windows Versions: Version before 2016 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== WPS Office an acrony...
WPS Office < 2016 - '.ppt' drawingContainer Memory Corruption
Application: WPS Office Platforms: Windows Versions: Version 2016 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== WPS Office an acronym for Writer, Presentation and Spreadsheets,2...
WPS Office < 2016 - '.ppt' Heap Memory Corruption
Application: WPS Office Platforms: Windows Versions: Version before 2016 Author: Francis Provencher of COSIG Twitter: @COSIG 1 Introduction 2 Report Timeline 3 Technical details 4 POC =============== 1 Introduction =============== WPS Office an acronym for Writer, Presentation and Spreadsheets,2...
PHP process_nested_data 函数释放后重用漏洞
A while ago the function "processnesteddata" was changed to better handle object properties. Before it was possible to create numeric object properties which would cause trouble down the road. So the following code was added: if !objprops ... else / object properties should include no integers /...
Updated apache-poi packages fix CVE-2014-9527
Updated apache-poi packages fixes security vulnerability: A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely...
MGASA-2015-0087 Updated apache-poi packages fix CVE-2014-9527
Updated apache-poi packages fixes security vulnerability: A denial of service flaw was found in the way the HSLFSlideShow class implementation in Apache POI handled certain PPT files. A remote attacker could submit a specially crafted PPT file that would cause Apache POI to hang indefinitely...
CVE-2014-9527
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service infinite loop and deadlock via a crafted PPT file...
CVE-2014-9527
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service infinite loop and deadlock via a crafted PPT file...
Design/Logic Flaw
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service infinite loop and deadlock via a crafted PPT file...
CVE-2014-9527
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service infinite loop and deadlock via a crafted PPT file...
CVE-2014-9527
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service infinite loop and deadlock via a crafted PPT file...
Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
No description provided by source. source: http://www.securityfocus.com/bid/18993/info Microsoft PowerPoint is prone to multiple remote vulnerabilities. Three proof-of-concept exploit files designed to trigger vulnerabilities in PowerPoint have been released. It is currently unknown if these thre...