The exploit is a stack buffer overflow vulnerability in MyMp3-Player software version 3.02.067. It allows an attacker to bypass DEP (Data Execution Prevention) and execute arbitrary code on the target system. The exploit uses a buffer of 1024 bytes and a shellcode that spawns a calculator. It also leverages ROP (Return-Oriented Programming) techniques to bypass DEP using the SetProcessDEPPolicy function. The exploit has been tested on Windows XP SP3 - ES.
A vulnerability exists in the _XAsyncReply() function of libX11. This function utilizes size information retrieved as part of a client supplied packet. This value is a signed integer. By forcing this value to be negative, it becomes possible to cause stack corruption. It is further possible to use this stack corruption to overwrite the return address on the stack. In theory, this could be used to execute arbitrary code. On systems where there are setuid X applications, such as xterm, it is possible for a local user to gain root.
The vulnerabilities in HM Software S to Infinity allow users to rename files and directories, bypass the drive invisibility mechanism, and modify file and directory attributes. These vulnerabilities can be exploited to cause the program to cease functioning or run unauthorized applications.
The ufsrestore utility in Solaris is vulnerable to a buffer overflow attack, allowing a local user to gain elevated privileges. The issue arises due to an oversight in the code that tries to prevent buffer overflow. The strncat calls in a function of ufsrestore are used to construct a string, but an incorrect number of bytes are passed to these calls as length. As a result, it is possible to overflow the buffer and execute arbitrary code with root privileges.
A weak encryption scheme exists in Computer Associates eTrust Intrusion Detection System (formerly known as SessionWall-3) password which authorizes users to view and configure the application's registry settings. Provided that either a remote or local user has access to the registry, it is possible to decrypt the password into plaintext with the use of an exploit tool (sw3passw.exe) or through simple XORing techniques.
One of the functions in mso.dll (older versions mso9.dll) cannot properly handle the specially crafted files causing invalid memory access and in some cases arbitrary overwrites. The exported function LsCreateLine (entry: mso_203) contains a boundary error while parsing certain specially crafted .DOC files, resulting in an invalid memory access. Following proof of concept code generates a .doc file, opening the file will cause an access violation in mso.dll. Code execution is possible if 4-bytes of arbitrary memory is overwritten. Apparently, this is not specific to MS Word only but other Office products are also vulnerable which use these functions. No other user interaction required in order to trigger the vulnerability.
Windows NT 4.0 can crash due to winlogon.exe's inability to process specially malformed remote registry requests. Rebooting the machine would be required in order to regain normal functionality.
The Linux kernel implements POSIX "Capabilities" as an additional form of privilege control. These capabilities allow more specific control over what privileged processes can do. However, there is a vulnerability where capabilities are copied with fork() execs, meaning that if capabilities are modified by a parent process, they can be carried over. An attacker can exploit this by setting all capabilities to zero and executing a setuid program that attempts to drop privileges before executing dangerous code. This can lead to a complete compromise of the system.
This PoC exploit demonstrates a remote buffer overflow vulnerability in sipXtapi. It sends a crafted INVITE packet to a target host, causing a buffer overflow in the CSeq field. The exploit is written in Perl and uses the IO::Socket module. The payload consists of a sequence of 'A' characters ('0x41' in hex) as the return address (EIP).
If VT control-characters are displayed in the xterm, they can be interpreted and used to cause a denial of service attack against the client (and even the host running the client). This vulnerability allows remote users to crash the xterm of an admin or consume all available memory. The control characters can be injected into the xterm through various means such as rogue FTP servers, rogue banner messages on FTP, telnet, mud daemons, and spoofed syslog messages, web server logs, and FTP server logs.
Services By CQR