A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sun Microsystems Java. User interaction is required in that a user must open a malicious file or visit a malicious web page. The specific flaw occurs within the Java AWT library. If a custom image model is used for the source 'Raster' during a conversion through a 'ConvolveOp' operation, the imaging library will calculate the size of the destination raster for the conversion incorrectly leading to a heap-based overflow. This can result in arbitrary code execution under the context of the current user.
69fedebd39ae5325af19cf3b911107a594218eaf78e8854814af705e0eb836e1
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing a malformed XML tag, the application does not allocate enough space for it's contents. During copying of this to the newly allocated buffer, the application will overwrite heap structures with attacker-supplied data that can then be leveraged to achieve code execution with the privileges of the application.
64031b7963a8183849481e9b4f497d24a2a4b9e9c4d0c42051491727813240a3
A vulnerability allows remote attackers to potentially execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XML processing code for Trillian. When parsing specially formulated xml, the application will corrupt an internal data structure. Whilst deallocating this data structure, the application can be tricked into freeing a single allocated chunk multiple times, which can potentially lead to code execution.
0a3bb0651dccdaccf0dce67e0c5fad1b2a93d2ec1c4babc22f0814d43b035077
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cerulean Studios Trillian. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tooltip processing code for Trillian. When creating a tooltip for an image, the application generates an XML tag including a property containing the filename. This data is then copied directly into a stack-based buffer without any length verifications which can eventually lead to code execution with the privileges of the client.
ccf4a13dfd890cabd4e17cd20131ee7971a15f2f9efbd2d2ff84366a9eea1e91
iDefense Security Advisory 08.12.08 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Office filter for WordPerfect Graphics Files, could allow an attacker to execute arbitrary code with the privileges of the victim. This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code. iDefense has confirmed this vulnerability in the following versions of Microsoft Office; Office XP SP3, Office 2003 SP2, Office 97. Other versions may also be affected.
741b9a8dfe66a386492a78748e537e58ca472a1b8d510f626a6e5ff078151ef0
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Computer Associates ARCserve Backup. Authentication is not required exploit this vulnerability. The specific flaw exists within the caloggerd log daemon during the processing of log messages that contain directory traversal modifiers. A lack of sanity checking on the provided path allows attackers to append arbitrary data to a file of their choosing and can easily result in a full system compromise.
87cfdcbb6613e14cedaf10c5b3083bd9012df90c3f6873619469e64a0001b4c8
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of CA BrightStor ARCserve Backup for Linux. User interaction is not required to exploit this vulnerability. The specific flaw exists due to improper bounds checking in the xdr_rwsstring() library function. By sending a long parameter into a daemon using this function to process strings, a stack based buffer overflow occurs, leading to execution of arbitrary code.
5beac44d9fa93dd531a5772fb664510c95b8fb10a85ab02246b9e9235be2a914
iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for reading in sections within a PE binary packed with the WWPack executable compressor. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
4d031b3623c5acf6d2df2a012826f123b600e16b2467a042482a60b36cd59aab
iDefense Security Advisory 04.14.08 - Remote exploitation of a heap overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the code responsible for decompressing sections within a PE binary packed with the PeSpin executable protector. iDefense has confirmed the existence of this vulnerability in ClamAV 0.92.1. Previous versions may also be affected.
12c041db8179f0af23b92ec5c1b92fa5e93528888fedbef1b5e18790d04781fa
iDefense Security Advisory 02.12.08 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Works Converter, as included with Microsoft Office, could potentially allow an attacker to execute arbitrary code as the current user. This vulnerability stems from improper input validation of OLE structures within wkcvqd01.dll when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, heap corruption can occur. This leads to a potentially exploitable condition. iDefense has confirmed that wkcvqd01.dll version 7.03.0616.0, as included with Microsoft Office 2003, is vulnerable to this issue. Older versions are assumed to be vulnerable as well. Additionally, Microsoft Works itself is suspected to be vulnerable.
32ffb0aa2cf242fe619293167d1c2c969fe87d8c43749f7ae32ff4984f67495a
iDefense Security Advisory 02.16.07 - TrendMicro's ServerProtect product uses a web interface which runs on port TCP 14942 to configure the product. This interface is protected with a user configurable password. Upon successful login, a cookie is set with the name 'splx_2376_info' and a valid session id as its value. The ServerProtect web application suffers from a design error vulnerability in its authorization checking routines. Attackers can gain full access to the web application by requesting any internal page while supplying their own 'splx_2376_info' cookie with an arbitrary value. iDefense has confirmed this vulnerability in Trend ServerProtect v1.3 for Linux. This vulnerability is not present in the Windows based versions of Server protect.
7526f737f4d486bbd52cceb0d0f0278593c220859fda585bc67acd98645d1085
iDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Heap Overflow attack when scanning malformed CHM archives. Specifically, if the CHM file has a Window_size of 0 set in a LZX decompression header then memory corruption will occur. Sophos Antivirus for Linux product version 4.03 and engine version 4.05 are affected.
182af370ccde593d5804cd8d52fb3416866ed89454cd4bd2364de8c278d29f3a
iDefense Security Advisory 12.08.06 - Sophos AntiVirus Engine is vulnerable to a Memory Corruption vulnerability when scanning malformed CHM archives. This memory corruption vulnerability can be triggered when Sophos Antivirus engine scans a malformed CHM file which has a large name length specified in a CHM chunk header. Affected includes Sophos Small business edition (Linux) product version 4.06.1 and engine version 2.34.3.
ee9c0956599b2f599795e3855ac7854534cef49c18fe996453def6c145846b4b
iDefense Security Advisory 12.08.06 - Remote exploitation of a denial of service vulnerability in Multiple Vendors' Antivirus engines allows an attacker to cause the engines to consume excessive resources. The affected vendors' scan engines are vulnerable to a DoS attack when scanning specially malformed RAR archives. Specifically, the malformed archives will have the head_size and pack_size fields set to zero in Archive Header section. When such a file is encountered, the affected scan engines will enter an infinite loop. Confirmed systems affected: Sophos Small business edition (Windows/Linux) 4.06.1 with engine version 2.34.3. Trend Micro PC Cillin - Internet Security 2006. Trend Micro Office Scan 7.3. Trend Micro Server Protect 5.58.
67c4a280c65b80adddfea7555c151689fa0a7b7c4e14641e6726e9b11f3ce9f5
ImageMagick versions 6.2.8 and below suffer from a heap overflow in ReadSGIImage().
5950a0314acf70e0dd34e433fec8db1056c5f593a0011bb867946fcbe9014527
Remote exploitation of a heap overflow vulnerability in ClamAV versions below 0.88.4 could allow execution of arbitrary code or cause a denial of service.
1cd849986b87713037475de463f4c103a2493f35031e88976bb88641e50d07a1
Overflow.pl Security Advisory #5 - Clam AntiVirus Win32-UPX Heap Overflow: Remote exploitation of an integer overflow vulnerability could allow execution of arbitrary code or cause denial of service.
a079b9e2c3c8cd3397a0b0dcf893077f32ec7c922641600173613bedb7dccf63
Overflow.pl Security Advisory #4 - Blender BlenLoader Integer Overflow - Remote exploitation of an integer overflow vulnerability could allow execution of arbitrary code or cause denial of service.
ecad4ecf01d7a30fd3c0c8494f3547a01b76cffdd091d9ddd8de47fbe8856d76
SHOUTcast DNAS/Linux version 1.9.4 format string remote exploit. Tested on slackware 9.1 and 10.0. Bind a shell to port 7000.
d2c5f4ccf6da4f8162e3796a3521048971da31a1653d14c5d1dc589793cbd7bd