Intel HD Graphics Windows Kernel Driver (igdkmd64) Code Execution Vulnerability

SUMMARY A vulnerability exists in the communication functionality of Intel Graphics Kernel Mode Driver. A specially crafted message can cause a vulnerability resulting in executing arbitrary code. An attacker can send specific message to trigger this vulnerability and escalate his privileges on t...

Symantec Norton Security IDSvix86 PE Remote System Denial of Service Vulnerability

SUMMARY A denial of service vulnerability exists in the Portable Executable file scanning functionality of Symantec Norton Security. A specially crafted PE file can cause an access violation in IDSvix86 kernel driver resulting in denial of service. An attacker can trigger this vulnerability for...

The Document Foundation LibreOffice RTF Stylesheet Code Execution Vulnerability

SUMMARY An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable application...

Pidgin MXIT read stage 0x3 Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0118 Pidgin MXIT read stage 0x3 Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2376 DESCRIPTION A buffer overflows vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

Pidgin MXIT Custom Resource Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0138 Pidgin MXIT Custom Resource Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2370 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

Pidgin MXIT Avatar Length Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0135 Pidgin MXIT Avatar Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2367 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially resu...

Pidgin MXIT Table Command Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0134 Pidgin MXIT Table Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2366 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0143 Pidgin MXIT Suggested Contacts Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2375 DESCRIPTION An exploitable out-of-bounds ready exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent fr...

Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability

Talos Vulnerability Report TALOS-2016-0128 Pidgin MXIT Splash Image Arbitrary File Overwrite Vulnerability June 21, 2016 CVE Number CVE-2016-4323 DESCRIPTION A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could...

Pidgin MXIT Markup Command Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0133 Pidgin MXIT Markup Command Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2365 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0119 Pidgin MXIT HTTP Content-Length Buffer Overflow Vulnerability June 21, 2016 CVE Number CVE-2016-2377 DESCRIPTION A buffer vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent by the server could potentiall...

Pidgin MXIT get_utf8_string Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0120 Pidgin MXIT getutf8string Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2378 DESCRIPTION A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially...

Pidgin MXIT g_snprintf Multiple Buffer Overflow Vulnerabilities

Talos Vulnerability Report TALOS-2016-0136 Pidgin MXIT gsnprintf Multiple Buffer Overflow Vulnerabilities June 21, 2016 CVE Number CVE-2016-2368 DESCRIPTION Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the...

Pidgin MXIT CP_SOCK_REC_TERM Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0137 Pidgin MXIT CPSOCKRECTERM Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2369 DESCRIPTION An NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server...

Pidgin MXIT Contact Mood Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0141 Pidgin MXIT Contact Mood Denial of Service Vulnerability June 21, 2016 CVE Number CVE-2016-2373 DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could...

Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability

Talos Vulnerability Report TALOS-2016-0140 Pidgin MXIT File Transfer Length Memory Disclosure Vulnerability June 21, 2016 CVE Number CVE-2016-2372 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potential...

Pidgin MXIT mxit_convert_markup_tx Information Leak Vulnerability

Talos Vulnerability Report TALOS-2016-0123 Pidgin MXIT mxitconvertmarkuptx Information Leak Vulnerability June 21, 2016 CVE Number CVE-2016-2380 DESCRIPTION An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially...

Pidgin MXIT Extended Profiles Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0139 Pidgin MXIT Extended Profiles Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2371 DESCRIPTION An out-of-bounds write vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server coul...

Pidgin MXIT MultiMX Message Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0142 Pidgin MXIT MultiMX Message Code Execution Vulnerability June 21, 2016 CVE Number CVE-2016-2374 DESCRIPTION An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent...

Libarchive mtree parse_device Code Execution Vulnerability

SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...

Libarchive 7zip read_SubStreamsInfo Code Execution Vulnerability

SUMMARY An exploitable \heap overflow vulnerability exists in the 7zip readSubStreamsInfo functionality of libarchive. A specially crafted 7zip file can cause a integer overflow resulting in memory corruption that can lead to code execution. An attacker can send a malformed file to trigger this...

Libarchive Rar RestartModel Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS...

Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities

Talos Vulnerability Report TALOS-2016-0029 Ruby WIN32OLE oleinvoke and olequeryinterface Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2336 DESCRIPTION Type Confusion exists in two methods of Ruby’s WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different typ...

Ruby Psych::Emitter start_document Heap Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0032 Ruby Psych::Emitter startdocument Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument...

Ruby pack_pack Use After Free Vulnerability

Talos Vulnerability Report TALOS-2016-0033 Ruby packpack Use After Free Vulnerability June 14, 2016 CVE Number CVE-2016-2338 DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be “pack”, based o...

Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities

Talos Vulnerability Report TALOS-2016-0031 Ruby TclTkIp ipcanceleval Type Confusion Vulnerabilities June 14, 2016 CVE Number CVE-2016-2337 DESCRIPTION Type Confusion exists in canceleval Ruby’s TclTkIp class method. Attacker passing different type of object than String as “retval” argument can...

Adobe Flash Player Infinite Recursion Arbitrary Read Access Violation

SUMMARY A potentially exploitable read access violation vulnerability exists in the a way Adobe Flash Player handles infinitely recursive calls. A specially crafted ActionScript code can cause a read access violation which can potentially be further abused. To trriger this vulnerability user...

Ruby Fiddle::Function.new Heap Overflow Vulnerability

Talos Vulnerability Report TALOS-2016-0034 Ruby Fiddle::Function.new Heap Overflow Vulnerability June 14, 2016 CVE Number CVE-2016-2339 DESCRIPTION An exploitable heap overflow vulnerability exists in the Fiddle::Function.new “initialize” function functionality of Ruby. In Fiddle::Function.new...

IBM Domino KeyView PDF Filter Encrypted Stream Code Execution Vulnerability

Summary A stack overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to process crash and possible arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While...

Google Chrome PDFium jpeg2000 SIZ Code Execution Vulnerability

SUMMARY An exploitable heap buffer overflow vulnerability exists in the Pdfium PDF reader included in the Google Chrome web browser. A specially crafted PDF document with embedded jpeg2000 image can cause a heap buffer overflow potentially resulting in an arbitrary code execution. An attacker can...

IBM Domino KeyView PDF Filter Stream Length Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0090 IBM Domino KeyView PDF Filter Stream Length Code Execution Vulnerability June 8, 2016 CVE Number CVE-2016-0278 Description An integer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to process crash and possible...

ESnet iPerf3 JSON parse_string UTF Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0164 ESnet iPerf3 JSON parsestring UTF Code Execution Vulnerability June 8, 2016 CVE Number CVE-2016-4303 DESCRIPTION An exploitable remote code execution vulnerability exists in the JSON handling functionality of ESnet iPerf3. A specially crafted JSON string...

IBM Domino KeyView PDF Filter BaseFont Code Execution Vulnerability

Summary A heap buffer overflow vulnerability present in the PDF filter of KeyView as used by Domino can lead to arbitrary code execution. Tested Versions KeyView 10.16 as used by IBM Domino 9.0.1 Product URLs http://www-03.ibm.com/software/products/en/ibmdomino Details While parsing a specially...

IBM Domino KeyView PDF Filter Trailer ID Code Execution Vulnerability

SUMMARY A heap based buffer overflow vulnerability present in KeyView PDF filter as used by Domino can lead to remote arbitrary code execution. TESTED VERSIONS KeyView 10.16 as used by IBM Domino 9.0.1 PRODUCT URLs http://www-03.ibm.com/software/products/en/ibmdomino DETAILS While parsing an ID...

7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability

Summary An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Tested Versions 7-Zip 32 15.05 beta 7-Zip 64 9.20 Product URLs http://www.7-zip.org/ Details...

7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0093 7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability May 10, 2016 CVE Number CVE-2016-2334 DESCRIPTION An exploitable heap overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method functionality of...

Libarchive zip zip_read_mac_metadata Code Execution Vulnerability

SUMMARY An exploitable heap overflow vulnerability exists in the zip archive decompression functionality of libarchive. A specially crafted zip file can cause memory corruption leading to code execution. An attacker can send a malformed file to trigger this vulnerability. TESTED VERSIONS libarchi...

Network Time Protocol Ephemeral Association Time Spoofing Vulnerability

SUMMARY ntpd is vulnerable to Sybil attacks. A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win ntpd’s clock selection algorithm and modify a victim’s clock. TESTED VERSIONS NTP 4.2.8p3 NTP 4.2.8p4 NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 NTPs...

Network Time Protocol libntp Message Digest Disclosure Vulnerability

SUMMARY An exploitable vulnerability exists in the message authentication functionality of Network Time Protocol libntp. An attacker can send a series of crafted messages to attempt to recover the message digest key. TESTED VERSIONS ntp 4.2.8p4 NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92...

Network Time Protocol ntpd Reference Clock Impersonation Vulnerability

SUMMARY ntpd relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock 127.127.1.1 for example that reach...

Network Time Protocol Forced Interleaved Time Spoofing Vulnerability

SUMMARY It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst...

Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability

SUMMARY An off-path attacker can cause a preemptible client association to be demobilized by sending a crypto NAK packet to a victim client with a spoofed source address of an existing associated peer. This is true even if authentication is enabled. Furthermore, if the attacker keeps sending cryp...

Oracle IOT IX SDK libvs_pdf XRef Index Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0086 Oracle IOT IX SDK libvspdf XRef Index Code Execution Vulnerability April 19, 2016 CVE Number CVE-2016-3455 DESCRIPTION A vulnerability in PDF parser of the IX SDK exists that allows an out of bounds heap memory overwrite potentially leading to remote cod...

Lhasa lha decode_level3_header Heap Corruption Vulnerability

SUMMARY An exploitable integer underflow exists during calculation size for all headers in decodelevel3header function of Lhasa lha application. Smaller value of headerlen than LEVEL3HEADERLEN 32 cause during subtraction integer underflow and lead later to memory corruption via heap based buffer...

Apple OS X Gen6Accelerator IOGen575Shared::new_texture Local Privilege Escalation Vulnerability

SUMMARY A vulnerability exists in the communication functionality of the Apple Intel HD 3000 Graphics kernel driver. A specially crafted message can cause a vulnerability resulting in local privilege escalation. TESTED VERSIONS Apple OSX Intel HD 3000 Graphics driver 10.0.0 -...

Trane ComfortLink II SCC Service Hardcoded Credentials Vulnerability

Talos Vulnerability Report TALOS-2016-0028 Trane ComfortLink II SCC Service Hardcoded Credentials Vulnerability February 8, 2016 CVE Number CVE-2015-2867 Description A design flaw in the Trane ComfortLink II SCC service allows remote attackers to take complete control of the system. During system...

Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0026 Trane Comfortlink II DSS Service Request Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 Description An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who...

Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0027 Trane Comfortlink II DSS Service REG Handling Remote Code Execution Vulnerability February 8, 2016 CVE Number CVE-2015-2868 DESCRIPTION An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can...

Libgraphite Context Item Code Execution Vulnerability

Talos Vulnerability Report TALOS-2016-0059 Libgraphite Context Item Code Execution Vulnerability February 5, 2016 CVE Number CVE-2016-1523 Description An exploitable heap-based buffer overflow exists in the context item handling functionality of Libgraphite. A specially crafted font can cause a...

Libgraphite LocaLookup Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2016-0061 Libgraphite LocaLookup Denial of Service Vulnerability February 5, 2016 CVE Number CVE-2016-1521 Description An exploitable denial of service vulnerability exists in the font handling of Libgraphite. A specially crafted font can cause an out-of-bounds re...