Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the broadcast mode poll interval enforcement functionality of ntpd. To limit abuse, ntpd restricts the rate at which each broadcast association will process incoming packets. ntpd will reject broadcast mode packets that arrive befor...

Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability

Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...

HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0178 HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4332 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage an...

HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0177 HDF5 Group libhdf5 H5ZNBIT Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4331 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization ...

HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0176 HDF5 Group libhdf5 H5TARRAY Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4330 Description HDF5 is a fileformat that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization ...

HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0179 HDF5 Group libhdf5 H5TCOMPOUND Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4333 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and...

GMER Path Length Code Execution Vulnerability

Summary A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...

Memcached Server Append/Prepend Remote Code Execution Vulnerability

Summary An integer overflow in the processbinappendprepend function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv...

Memcached Server Update Remote Code Execution Vulnerability

Summary Multiple integer overflows in processbinupdate function which is responsible for processing multiple commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv3...

Memcached Server SASL Autentication Remote Code Execution Vulnerability

Summary An integer overflow in processbinsaslauth function which is responsible for authentication commands of Memcached binary protocol can be abused to cause heap overflow and lead to remote code execution. Tested Versions Memcached 1.4.31 Product URLs https://memcached.org/ CVSSv3 Score 8.1 -...

Iceni Argus ipfSetColourStroke Code Execution Vulnerability

Summary An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code exection. An attacker can provide a malicious pdf file to trigger this vulnerability...

Iceni Argus ipNameAdd Code Execution Vulnerability

Summary An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability...

LibTIFF Tag Extension Remote Code Execution Vulnerability

Report ID page.status Summary An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered t...

LibTIFF PixarLogDecode Remote Code Execution Vulnerability

Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF’s PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...

LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability

Summary An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF’s TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...

Hopper Disassembler ELF Section Header Size Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...

Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability

Summary A large out of bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. Tested Versions Foxit Software Foxit Reader 8.0.2.805 Produc...

FreeImage Library XMP Image Handling Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...

Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability

Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...

OpenJPEG JPEG2000 mcc record Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful...

Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service

Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...

Kaspersky Anti-Virus Unhandled Windows Messages Denial of Service Vulnerability

Summary An local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, attacker can cause application termination and in the same way bypass KAV self-protection mechanism. Tested...

Kaspersky Internet Security KLDISK Driver Multiple Kernel Memory Disclosure Vulnerabilities

Summary Multiple information leaks exist in various IOCTL handlers of the Kaspersky Internet Security KLDISK driver. Specially crafted IOCTL requests can cause the driver to return out of bounds kernel memory, potentially leaking sensitive information such as privileged tokens or kernel memory...

Kaspersky Internet Security KL1 Driver Signal Handler Denial of Service

Summary A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user...

Kaspersky Internet Security KLIF Driver NtAdjustTokenPrivileges_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of Kaspersky Internet Security KLIF driver. A specially crafted native api call can cause a access violation in KLIF kernel driver resulting in local denial of service. An attacker can run program from user mo...

Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service

Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...

AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0184 AB Rockwell Automation MicroLogix 1400 Code Execution Vulnerability August 11, 2016 CVE Number CVE-2016-5645 Description An exploitable Use of Hard-coded Credentials Undocumented Community String vulnerability exists in the SNMP functionality of...

Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0170 Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability August 9, 2016 CVE Number CVE-2016-3319 Description An exploitable out of bounds write vulnerability exists in the PDF parsing API in the latest versions of Microsoft Windows. A...

LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0172 LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-4335 Description An exploitable buffer overflow exists in the XLS parsing of the Perspective Document Filters conversion functionality. A...

LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability

Talos Vulnerability Report TALOS-2016-0173 LexMark Perceptive Document Filters Bzip2 Convert Out of Bounds Write Vulnerability August 6, 2016 CVE Number CVE-2016-4336 Description An exploitable out of bounds write exists in the Bzip2 parsing of the Perspective Document Filters conversion...

Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0185 Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability August 6, 2016 CVE Number CVE-2016-5646 Description An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive...

Hancom Hangul HCell OfficeArt Record pConnectionSites and pVertices Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0149 Hancom Hangul HCell OfficeArt Record pConnectionSites and pVertices Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4294 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office...

Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0144 Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4298 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0151 Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4296 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul Office...

Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0147 Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4292 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0146 Hancom Hangul Office HShow!NXDeleteLineObj+0x53692 Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4291 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

BlueStacks App Player Privilege Escalation Vulnerability

Talos Vulnerability Report TALOS-2016-0124 BlueStacks App Player Privilege Escalation Vulnerability August 4, 2016 CVE Number CVE-2016-4288 Description A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak...

Hancom Hangul Office HShow!NXDeleteLineObj+0x6960c Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0145 Hancom Hangul Office HShow!NXDeleteLineObj+0x6960c Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4290 Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0148 Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4293 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...

Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0150 Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability August 4, 2016 CVE Number CVE-2016-4295 Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul...

OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability

Talos Vulnerability Report TALOS-2016-0051 OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability July 21, 2016 CVE Number CVE-2016-1513 Description An exploitable out-of-bounds vulnerability exists in OpenOffice when handling MetaActions. A specially crafted Open Office Impress file c...

Oracle OIT IX SDK libvs_pdf FlateDecode Colors Denial of Service Vulnerabiity

Talos Vulnerability Report TALOS-2016-0100 Oracle OIT IX SDK libvspdf FlateDecode Colors Denial of Service Vulnerabiity July 19, 2016 CVE Number CVE-2016-3578 DESCRIPTION A null pointer dereference leading to process crash can occur while parsing a malformed PDF file. TESTED VERSIONS Oracle Outsi...

Oracle OIT IX SDK libvs_pdf Xref Offset Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0102 Oracle OIT IX SDK libvspdf Xref Offset Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3580 Description A vulnerability in PDF parser of the IX SDK exists that results in out of bounds heap memory access following an unchecked memory...

Oracle OIT libim_psi2 psiparse Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0161 Oracle OIT libimpsi2 psiparse Code Execution Vulnerability July 19, 2016 CVE Number CVE-2016-3594 Description A memory corruption vulnerability exists in file parsing code of Oracle Outside In Technology libimpsi2 library. Specifically, a integer overflo...

Oracle OIT IX SDK libvs_pdf arbitrary pointer access

Talos Vulnerability Report TALOS-2016-0101 Oracle OIT IX SDK libvspdf arbitrary pointer access July 19, 2016 CVE Number CVE-2016-3579 Description When parsing a specially crafted PDF document, a value derived from a file is used as a memory pointer leading to a process crash. Tested Versions...

Oracle OIT ImageExport libvs_bmp BMP BI_RLE8 Width Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0160 Oracle OIT ImageExport libvsbmp BMP BIRLE8 Width Code Execution Vulnerability July 19, 2016 Description A vulnerability in libvseshr can lead to remote code execution while parsing a specially crafted Word document containing a reference to Escher drawin...

Oracle OIT ContentAccess libvs_word Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0156 Oracle OIT ContentAccess libvsword Denial of Service Vulnerability July 19, 2016 CVE Number CVE-2016-3590 Description A partially controlled memory write vulnerability exists in Mac Word file format of Oracle Outside In Technology Content Access SDK. An...

Oracle OIT IX SDK libvs_pdf Kids List Information Leak

Talos Vulnerability Report TALOS-2016-0096 Oracle OIT IX SDK libvspdf Kids List Information Leak July 19, 2016 CVE Number CVE-2016-3574 DESCRIPTION When parsing a specially crafted PDF document, the parser is expecting a pointer where string is located leading to a read access violation with a...

Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity

Talos Vulnerability Report TALOS-2016-0103 Oracle OIT IX SDK TIFF ExtraSamples Code Execution Vulnerabiity July 19, 2016 CVE Number CVE-2016-3581 Description While parsing a specially crafted TIFF file, a parser confussion can lead to a heap buffer overflow resulting in out of bounds memory...

Oracle OIT IX SDK libvs_pdf Size Integer Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0097 Oracle OIT IX SDK libvspdf Size Integer Overflow Vulnerability July 19, 2016 CVE Number CVE-2016-3575 DESCRIPTION An integer overflow leading to two distinct issues can be triggered by a specially crafted PDF file. TESTED VERSIONS Oracle Outside In IX sd...