The vulnerability occurs when processing corrupted TTF font files, leading to a Windows kernel crash. The crash is caused by a DRIVER_PAGE_FAULT_BEYOND_END_OF_ALLOCATION error, where more memory is being referenced than allocated. This can be triggered by a write operation to a memory address beyond the allocated memory.
The crash is caused by a 1 bit delta from the original file at offset 0x4A45. OffViz identified this offset as OLESSRoot.DirectoryEntries[100].OLESSDirectoryEntry[20].sidLeft with an original value of 0x00000000 and a fuzzed value of 0x00008000.
The crash occurs in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled. It also reproduces in Office 2010 running on Windows 7 x86. The crash is caused by a memory corruption bug.
This Perl script demonstrates a remote denial of service vulnerability in the IO::Socket::INET module. It sends a crafted SIP message to a specified destination IP address, port, and username, causing the target system to crash or become unresponsive. The vulnerability allows an attacker to disrupt the availability of the target system.
This exploit targets the NetSprint Toolbar ActiveX toolbar.dll and causes a denial of service by crashing Internet Explorer. The vulnerability is due to the function ischecked() not properly handling a string parameter. When a parameter is supplied, IE crashes. Although data can be seen on the stack, it is difficult to exploit further. This proof-of-concept is provided for educational purposes only.
The filediff command in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, allows remote attackers to execute arbitrary commands via a repository name with a -r (aka revision) option containing a shell metacharacter.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This exploit causes a remote Denial of Service (DOS) by crashing the Valhala Honeypot software. It sends a series of ABOR commands with increasing lengths of payload, causing a stack based buffer overflow.
The filename parameter of CLSID 2078D6EC-693C-4FB2-AE7B-A6B8D2BC4DC8 is vulnerable. This activex gives error like, Buffer Overrun detected. This is complied with /GS flag.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross-site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Services By CQR