what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 54 RSS Feed

Files Date: 2011-06-14 to 2011-06-15

Core Security Technologies Advisory 2011.0203
Posted Jun 14, 2011
Authored by Core Security Technologies, Nicolas A. Economou | Site coresecurity.com

Core Security Technologies Advisory - A security vulnerability was found in the driver 'vmswitch.sys', associated to the Windows Hypervisor subsystem, allowing an authenticated local DoS. The vulnerability could allow denial of service if a specially crafted packet is sent to the VMBus by an authenticated user in one of the guest virtual machines hosted by the Hyper-V server. The impact is all guests on that host became non-responsive. An attacker must have valid logon credentials and be able to send specially crafted content from a guest virtual machine to exploit this vulnerability.

tags | exploit, denial of service, local
systems | windows
advisories | CVE-2011-1872
SHA-256 | 91762eded6d6cb85d92e2b2d56180960888179b29b556d5094c71c5746715573
Zero Day Initiative Advisory 11-219
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-219 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file loaded by the 3difr.x3d component. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-2094
SHA-256 | acf6bfe9f7de5ecc1b76793830fce058dcc64e664030d123e592d4058effeaa1
Zero Day Initiative Advisory 11-218
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-218 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file that is loaded by the tesselate.x3d plugin. The application will duplicate an arbitrarily sized string from the file into a statically sized buffer located on the stack. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-2095
SHA-256 | 07714542f169f4aeee8ed97b239fc946735fc6ea12ebab17dc7bcb849c48ec5a
Zero Day Initiative Advisory 11-217
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-217 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Asset.x32 module responsible for parsing font-related structures within Director movies (.dir). The code within this module extracts and copies strings without any bounds checking. Several calls to strcpy can be abused to overwrite stack buffers and subsequently execute remote code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2109
SHA-256 | b031cca70311aa881c39bc59fb3aceab5a961c44fb0f134f3f90ef977a8f200f
Zero Day Initiative Advisory 11-216
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-216 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the Dirapi.dll is affected by an integer wrap caused by size values being calculated without proper checking. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 176bd1c412d29418a16f3ba7958308ea7a8459e66782c9e781ece208211e42f0
Zero Day Initiative Advisory 11-215
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-215 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TextXtra.x32 module responsible for parsing text elements within RIFF-based Director files. The code within this module trusts various length and count values present in the file. A boundary error exists when processing the data section of DEMX chunks, which subsequently leads to a stack-based buffer overflow. This can be leveraged to execute remote code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-2112
SHA-256 | dc2c551ae219eb09a874f7eeefcd6e1c9d9b82d6c9079a92a8da796ba17c3d4b
Zero Day Initiative Advisory 11-214
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-214 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CASt chunk inside Adobe's RIFF-based Director file format. The code within the Dirapi.dll module does not properly check a size value used for a memmove. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2112
SHA-256 | 3c6fec7f64a4123bfbd4446a30594e408594209678eabe83cccd45777cbc0e86
Zero Day Initiative Advisory 11-213
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-213 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the rcsL RIFF chunk within Director files. When handling specific structures within this chunk, the process trusts an offset and uses it to calculate a pointer value. By modifying this element an attacker can force the application to corrupt memory at a controlled location. This can be leveraged by an attacker to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2114
SHA-256 | df4e10793b2e4e485be19b31ec65b5d6273cc4bb1017ffebe49a2f5b0fe7e4dc
Zero Day Initiative Advisory 11-212
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-212 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Shockwave handles KEY* elements in a Director file. The Shockwave player will allocate memory with a size taken from the Shockwave file but will always copy a few bytes into that allocation. KEY* sizes smaller then 4 will therefore cause an overwrite of the allocation. By cleverly crafting the input file, an attacker can leverage this to execute remote code under the context of the current user.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2111
SHA-256 | c0ba59d70db4d4e22f3858f30467248b98c157fd281060a8eb7cdafd4f37ae35
Zero Day Initiative Advisory 11-211
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-211 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the DEMX chunk inside Adobe's RIFF-based Director file format. The code within the Shockwave 3d Asset.x32 module does not properly check a size value used as the size for a malloc. The given size will wrap, causing a small buffer to be allocated. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2113
SHA-256 | 303f6cd86e450ceafe716bd2d3a901a8f97041c4cef75ccff7a5b0b5edf2e71b
Zero Day Initiative Advisory 11-210
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-210 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the IML32.dll is affected by an integer overflow caused by the allocation of the input size plus 1 and the subsequent copying of the input string using the original size. The given size will wrap, causing a small buffer to be allocated. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2011-2112
SHA-256 | 9be166eec9cca7372e5f102682541735aa7872a1efc7b96ec117684bb02237b0
Zero Day Initiative Advisory 11-209
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-209 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the Dirapi.dll is affected by an integer wrap caused by the size value being calculated from the difference of two pointers without checking if the first is above the other and resulting in endless copying. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | 5034d98cbb0d3ea6446f4c09451dc005fa93652011d8321fb4238383016f74c7
Zero Day Initiative Advisory 11-208
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-208 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rcsL chunk inside Adobe's RIFF-based Director file format. The code within the Dirapi.dll is affected by an integer wrap caused by size values being calculated without proper checking. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2109
SHA-256 | e90faad32a8c5c62ff87015ca8c30bea5b6b95ea8019dd014cf68440cd6083bf
Zero Day Initiative Advisory 11-207
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-207 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for embedding various file types within the RIFF-based Director file format. Several of the asset modules distributed with Shockwave do not properly extract string values from within embedded media objects. The code attempts to null-terminate such strings using a 32-bit size value specified prior to the string value. By crafting an embedded media object with a large string size an attacker can write a NULL byte to a controlled offset from the buffer containing the string. This can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2118
SHA-256 | ebb726bfe36fbf867b2338a278267d4eae9e06cce3a5cd050555ea67fc7d2a08
Zero Day Initiative Advisory 11-206
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-206 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for embedded GIF images inside Adobe's RIFF-based Director file format. The code within the IML32.dll module does not properly check a counter value that is decreased during loop iterations for an integer underflow. By crafting a GIF image with a sufficiently small value this can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2111
SHA-256 | fdac4d5a11f8f130ecf8b93a852a967b7f3623a20c26c0e463cffd97407953b0
Zero Day Initiative Advisory 11-205
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-205 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the RIFF-based Director file format that Shockwave utilizes. When parsing such files, the code within the dirapi.dll module expects to find a chunk with a fourCC value of Lctx. The code does not consider the possibility that one may not exist and in that scenario if fails to properly initialize certain values that are used later on in parsing other chunks. By removing the Lctx chunk and also filling heap memory, an attacker can take advantage of the uninitialized values to write values to an arbitrary location in memory. This can be leveraged to execute remote code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-0335
SHA-256 | fd5ea199b1d51fae2bfd1e359349e926c0c617d581efbdf9c9895e040bd33ff0
Zero Day Initiative Advisory 11-204
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-204 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TextXtra.x32 module responsible for parsing text elements within RIFF-based Director files. The code within this module trusts various length and count values present in the file. By crafting certain values an attacker can wrap arithmetic operations and subsequently under-allocate a heap buffer. This can be leveraged to execute remote code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2112
SHA-256 | 9596c8d7512abba520c0b64b6f3aa7ee1ab4f5734f4fdf0cbde669465c04248d
Zero Day Initiative Advisory 11-203
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-203 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing xtcL RIFF chunks within Director files. When attempting to allocate dynamic memory for substructures within this object, the code within DIRAPI.dll does not properly validate the size specified within the chunk. By crafting malicious values the process can be made to under-allocate a buffer which is later corrupted by memory copy operations. This can be leveraged by a remote attacker to execute code under the context of the user running the browser.

tags | advisory, remote, arbitrary
advisories | CVE-2011-2112
SHA-256 | 742a8b99fa7bd40970f9c188954d7fd27d7833ee7611df20d931ed5867e1b1ce
Zero Day Initiative Advisory 11-202
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-202 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing the rcsL RIFF chunk within Director files. The logic within the DIRAPI.dll module fails to account for a specific condition and can be made to misallocate a buffer on the heap. By crafting specific values within rcsL substructures an attacker can corrupt memory leading to arbitrary code execution under the context of the user running the browser.

tags | advisory, remote, arbitrary, code execution
advisories | CVE-2011-2119
SHA-256 | 0256a6f807bdf1a85abd0abeab39d7692aac2b4e8bf7947b4b86cd993b0b8081
Zero Day Initiative Advisory 11-201
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-201 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Cursor Asset.x32 module responsible for parsing cursor structures from within Director movie files (.dir). While handling a size element, the code performs an unchecked multiplication operation which can cause an integer to wrap. This results in an undersized heap allocation which can be overflowed with user data leading to arbitrary code execution under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-2120
SHA-256 | 2a03dfb1b34bdf7bc6d08540758852d03002dda003368d96604750732c6dfaf0
Zero Day Initiative Advisory 11-200
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-200 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AudioMixer.x32 module responsible for parsing mixer structures from within Director movie files (.dir). While handling a size element, the code performs an unchecked multiplication operation which can cause an integer to wrap. This results in an undersized heap allocation which can be overflowed with user data leading to arbitrary code execution under the context of the user running the browser.

tags | advisory, remote, overflow, arbitrary, code execution
advisories | CVE-2011-2121
SHA-256 | 3cc0ad1988aee0bcea53b422812228a8ebd9881dc7228e65d6951a487c4ce108
Microsoft Security Bulletin Summary For June 2011
Posted Jun 14, 2011
Site microsoft.com

This bulletin summary lists 16 Microsoft security bulletins released for June 2011. The bulletins included are MS11-038,MS11-039,MS11-040,MS11-041,MS11-042,MS11-043,MS11-044,MS11-050,MS11-052,MS11-037,MS11-045,MS11-046,MS11-047,MS11-048,MS11-049, and MS11-051.

tags | advisory
SHA-256 | cfb94240f6c6b681ca918e6622f0d2a78f3d17847deb4d4a373b674effda92a7
WordPress Wysi 0.0.2 Shell Upload
Posted Jun 14, 2011
Authored by Net.Edit0r

The WordPress Wysi plugin version 0.0.2 suffers from a shell upload vulnerability.

tags | exploit, shell
SHA-256 | 8d9e486111ef64c9e44b4735f860662342db16afdc037f7b4f8a2d7a59a04007
Zero Day Initiative Advisory 11-199
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-199 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java parses soundbank files. When a soundbank file contains compressed data it is first decompressed and then Java will parse the decompressed data. Java will read the 'channels' and 'frames' properties from the decompressed data and uses those to calculate a buffer size to store data. An integer wrap can occur during this calculation resulting in the creation of a buffer that is too small to hold all the data. This can result in remote code execution under the context of the current user.

tags | advisory, java, remote, arbitrary, code execution
advisories | CVE-2011-0802
SHA-256 | 939f7b7f2d501153f701bcc73cddebc018b061da8a7f038cfe5c0406fb135a49
Zero Day Initiative Advisory 11-198
Posted Jun 14, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-198 - This vulnerability allows remote attackers to leak information on vulnerable installations of Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Internet Explorer that allows malicious users to leak information about the memory layout of an Internet Explorer process. When creating a new 'Option' HTML Element, the 'index' field of the object is not set to zero and can be used to leak the location of the global variable table. This can be used to defeat ASLR or to remove the need for heap spraying while exploiting a remote code execution flaw.

tags | advisory, remote, code execution
SHA-256 | 92115dda2419cfb46501d909a5d30ecc8888dbd7c5e5c93f8d0cc072ff68bf86
Page 1 of 3
Back123Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close