The win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The proof of concept code fills the kernel stack with a controlled marker byte and then invokes the affected syscall to leak stack bytes to user-mode.
This exploit targets a stack overflow vulnerability in Ipswitch IMail Server 2006. The vulnerability allows an attacker to execute arbitrary code by sending a specially crafted IMAP SEARCH COMMAND. The vulnerable code can be found in the imap4d32.exe file, version 6.8.8.1. The exploit takes advantage of a buffer overflow in the code, causing it to overwrite the return address and execute the attacker's payload.
The nt!NtQueryInformationProcess system call called with the ProcessVmCounters information class discloses portions of uninitialized kernel stack memory to user-mode clients.
It is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7-10 through the win32k!NtGdiGetOutlineTextMetricsInternalW system call. Only the first 4 bytes of the source structure on the kernel stack are initialized under normal circumstances, while the other 4 bytes are set to leftover data.
The win32k!NtGdiExtGetObjectW system call in Windows 7-10 allows disclosing portions of uninitialized kernel stack memory to user-mode applications. This is possible due to leftover kernel stack data in the trailing, uninitialized bytes of the LOGFONT structure for some stock fonts, which can be read back using the GetObject() function.
This exploit targets a remote buffer overflow vulnerability in SpyCamLizard v1.230. It bypasses SafeSEH protection.
The generic exception dispatching code present in the Windows kernel discloses portions of uninitialized kernel stack memory to user-mode clients via the CONTEXT structure set up for the ring-3 exception handlers.
This is an exploit for a stack overflow vulnerability in http://rshd.sourceforge.net. It took about 35 minutes to find the bug and exploit it on Win2k3 using the information provided by WabiSabiLabi.
The exploit is related to the index.php file. The exact vulnerability is not mentioned.
This exploit allows an attacker to execute commands remotely on the target system by exploiting a vulnerability in the Entertainment CMS custom.php file. The vulnerability can be exploited by appending a local file inclusion payload to the 'pagename' parameter in the URL. The exploit URL format is 'http://site.com/[path]/custom.php?pagename=[Local File Inclusion]'. The exploit was coded by Kw3rLn from the Romanian Security Team (RST) and the contact email is office@rstzone.org. More information about the exploit can be found at http://securityreason.com/securityalert/2878.
Services By CQR