MS Word Record Parsing Buffer Overflow (MS09-027)

No description provided by source. MS Word Record Parsing Buffer OverflowMS-09-027 Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 !/usr/bin/python import sys import zlib windows/exec - CMD=calc.exe shellcode =...

Potential memory corruption during font rendering using cairo-dwrite — Mozilla

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupport...

ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability

ZDI-11-239: Apple Safari Webkit FrameOwner Element Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-239 July 27, 2011 -- CVE ID: CVE-2011-0233 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple WebKit --...

Microsoft Word Record Parsing Buffer Overflow

$Id: ms09-027 10477 2011-04-13 11:59:02Z mc $ This file is not part of the Metasploit Framework and may not be subject to redistribution and commercial restrictions. TODO some testing to find the real banned characters and maxlen add those parameters to the .rb file drop in appropriate directory...

Microsoft Word 2003 - Record Parsing Buffer Overflow (MS09-027) (Metasploit)

$Id: ms09-027 10477 2011-04-13 11:59:02Z mc $ This file is not part of the Metasploit Framework and may not be subject to redistribution and commercial restrictions. TODO some testing to find the real banned characters and maxlen add those parameters to the .rb file drop in appropriate directory...

Mozilla Foundation Security Advisory 2010-77

Mozilla Foundation Security Advisory 2010-77 Title: Crash and remote code execution using HTML tags inside a XUL tree Impact: Critical Announced: December 9, 2010 Reporter: wushi Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.13 Firefox 3.5.16 SeaMonkey 2.0.11 Description Security researcher...

Microsoft Word - Record Parsing Buffer Overflow (MS09-027)

Microsoft Word - Record Parsing Buffer Overflow MS09-027 MS Word Record Parsing Buffer OverflowMS-09-027 Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 !/usr/bin/python import sys import zlib windows/exec - CMD=calc.exe shellcod...

Microsoft Word - Record Parsing Buffer Overflow (MS09-027)

MS Word Record Parsing Buffer OverflowMS-09-027 Vulnerble application MS office 2003 Tested on XP SP2 - MS Ofice 2003 v. 11.5604.5606 Bug Found By Wushi of team509 !/usr/bin/python import sys import zlib windows/exec - CMD=calc.exe shellcode = b"\xDB\xDF\xD9\x74\x24\xF4\x58\x2B\xC9\xB1\x33\xBA"...

Use-after-free error in nsCycleCollector::MarkRoots() — Mozilla

Security researcher wushi of team509 reported that the frame construction process for certain types of menus could result in a menu containing a pointer to a previously freed menu item. During the cycle collection process, this freed item could be accessed, resulting in the execution of a section...

ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability

ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-101 June 8, 2010 -- CVE ID: CVE-2010-1749 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPointTM IPS Customer Protection: TippingPoint...

MSN Messenger and Windows Live Messenger webcam stream heap overflow

Overview MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some...