A format string vulnerability in Nedit <= 5.5 allows an attacker to execute arbitrary code by passing maliciously crafted arguments to the program. The vulnerability is caused by improper handling of user-supplied input when the program is used with the -import argument. The attacker can use the %n format string specifier to write arbitrary values to arbitrary memory locations. The exploit code uses the %n specifier to write the address of the shellcode to the stack, and then executes the shellcode.
A buffer overflow vulnerability exists in PlaylistMaker V1.5 when a specially crafted .TXT file is opened. This could allow an attacker to execute arbitrary code in the context of the application.
The vulnerability exist in /inc/viewthread.php file at line 3. As you can see below the $_GET['post'] parameter isn't properly sanitized. A remote user can access these files to cause the system to display an error message that indicates the installation path.
Microsoft Reader is a software needed to read and catalog the ebooks in LIT format and the Audible audio books bought via internet. Possibility to write a 0x00 byte in an arbitrary memory location exists due to the lack of check before being written in memory.
An array overflow vulnerability exists in Microsoft Reader versions <= 2.1.1.3143 (PC version) and <= 2.6.1.7169 (Origami version). The bug can be exploited to cause a crash of the application or an alternative memory corruption.
Heap overflow caused by the allocation of a certain amount of memory and the copying of arbitrary data during the decompression of the sections. The vulnerability is exploitable only if the size of the data to copy is greater than 0x7fffffff bytes.
Microsoft Reader is affected by an integer overflow just during the handling of the number of pieces of the initial ITLS header at offset 0x10. The multiplication of the number of pieces with 0x10 (0x10 * 0x10 = 0x100) can cause an integer overflow and the allocation of a buffer of 0x100 bytes instead of 0x1000 bytes.
A stack overflow vulnerability exists in itss.dll, which is part of Microsoft HTML Help. The vulnerability is caused by the copying of an arbitrary amount of data into a stack buffer during the decompression of the content. The data that will be copied in this stack buffer is controlled by the attacker.
Wordtrainer V3.0 is vulnerable to a buffer overflow vulnerability when processing specially crafted .ORD files. An attacker can exploit this vulnerability by crafting a malicious .ORD file and sending it to the victim, which will cause the application to crash and potentially execute arbitrary code.
By getting a victim to click on a specially crafted link in the FirstClass mail client, an attacker can place an executable file on the victim's computer which will be executed upon the next system reboot. The way it works is that you can make a URI to create a settings file for the user to use, by crafting it as such: fcp://username:password(optional)@servername.tld;settingsfilename.fc Whatever you put into username and servername gets put into the settings file as plain-text, so that is how I inject some code. You normally can't change the file extension though (seen at the end of the URI), but after a lot of tinkering I found that if you make the URI try to access a path inside of the firstclass server, you (for some reason) CAN change the file extension. Since I had to inject some command line code, I used the “start” command to execute the file.
Services By CQR