Code Audit Labs has discovered that Opera versions 11.61 and below suffer from a website spoofing vulnerability.
50da669bf3824d6c802a70da8d221a4f3190ef60b1128133a28548f02da68d04Code Audit Labs has discovered that Microsoft Internet Explorer versions 8 and 9 suffer from a use-after-free vulnerability in the developer toolbar.
f7298e95d2549588ea1cd82324a1caedfe0a90734ffc624026081336553170f8Code Audit Labs has discovered a remote code execution vulnerability in Microsoft Internet Explorer 8 due to a use-after-free issue having to do with property ids.
d90822cc1fdf82eaf50e354edf2ba9269a59ae2ff8196eb2ba50bfbd36cfe29bAdobe Photoshop EXTENDED versions CS5 12.0 and CS5.1 12.1 suffer from a TIF parsing heap buffer overflow vulnerability.
1c57d18bc8b121e5eec5591dd3db388f8274048b340a3437da7be973d0c7a7afAdobe Shockwave Player versions 11.6.x.x suffer from a memory corruption vulnerability when parsing the field of KEY_ATOM of Director File.
af4574067944693d217e9b7ad5562a6fcb4b45eb39479343f7c42d4faa4f340bAdobe Shockwave Player versions 11.6.x.x suffer from a parsing cupt atom heap overflow vulnerability.
89f2974076f1ab581944249d3d66ef695b2f6a4ebb34ac4f04d4a2b08cf2e461Code Audit Labs has discovered an integer overflow vulnerability in array functions like Int32Array, Int16Array, etc in Opera versions 11.60 and below.
5f2cdab0cad16a592541c73485c7b031f99c884d2a8fac52fc03b4527ba21f05Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file parsing denial of service vulnerability.
a6ce6c08710b2be298adcfee6425607f99829e28a0c0ff7cc5af4dcdc68dc795Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file PAMM memory corruption vulnerability.
8fa0331e11caebc74f418fca888a60b9a5de00d45ee773bf9557006f4fd13e66Code Audit Labs has discovered a vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. Exploitation can lead to remote system compromise under the credentials of the currently logged in user.
a0f77eecd2a1403c980cb9c466c4691d6c105d645ef19b2d595726c654d1d978Code Audit Labs has discovered a vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used extern to signed integer. Exploitation can lead to remote system compromise under the credentials of the currently logged in user.
cf8e78b21a4eb4ac23bd52a6d488b0cc6e64d0a9c2ab1359260c09254c4e44f0Code Audit Labs has discovered a vulnerability on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. Exploitation can lead to remote system high cpu load (infinite loop).
0a144e4f9c1a09ee66a7a07dc51e8d46f392d77a7ee37b73e6d6eb2a5343baffiDefense Security Advisory 01.12.10 - Remote exploitation of a memory corruption vulnerability in multiple versions of Adobe Systems Inc.'s Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. iDefense has confirmed the existence of this vulnerability in latest version of Adobe Reader, at the time of testing, version 9.1.0. Previous versions may also be affected. Adobe has stated that all 9.2 and below versions, as well as all 8.1.7 and below versions are vulnerable.
139823d91661e5fccdd9d31846177997f1dc0fdf3d4259d9e33d6b309d80589ciDefense Security Advisory 01.12.09 - Local exploitation of an arbitrary file rewrite vulnerability in Oracle Corp.'s Oracle Database 10g Release 2 database product allows attackers to gain elevated privileges. The vulnerability exists in a function that allows a user with an authenticated session to create any file or rewrite any files to which the database account has access. iDefense has confirmed the existence of this vulnerability in Oracle Database 10g Release 2 version 10.2.0.3.0 on 32-bit Linux platform and Windows platform. Previous versions may also be affected. Oracle Database 11g Release 1 version 11.1.0.6.0 is not affected by this vulnerability.
610c95b870b142b03e112907707ba9657094278aaa69f7396c8de41722da6c51iDefense Security Advisory 10.29.08 - Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user. Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4.1.
fdb454b37d786a9ada30ce36452df4141a400dde4634b766ff1948e16de69370iDefense Security Advisory 08.21.07 - Remote exploitation of multiple buffer overflow vulnerabilities in Trend Micro Inc.'s ServerProtect anti-virus software could allow attackers to execute arbitrary code with system level privilege. iDefense has confirmed the existence of these vulnerabilities in ServerProtect for Windows 5.58 Build 1176 (Security Patch 3). Previous versions, as well as versions for other platforms, are suspected to be vulnerable.
7f1808fdb1f4124d8b15e150fb6b841b986420fed5f6e4237994682cf8784611The BlueSkyCat ActiveX control suffers from a remote heap overflow vulnerability. Versions 8.1.2.0 and below of v2.ocx are affected.
c2cff68e757ac77cdbcf509659f36a4117f7c3ebe93b060cd54b2951c40818ff
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed