Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:56:01 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=2099772409&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Operating%20System%3A%20Windows%20Vista%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Fos%2Fvista%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.2099772409.1338191761.1338191761.1338191761.1%3B%2B__utmz%3D32867617.1338191761.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113012/MDVSA-2012-081.txt http://packetstormsecurity.org/files/113012/MDVSA-2012-081.txt http://packetstormsecurity.org/files/113012/Mandriva-Linux-Security-Advisory-2012-081.html Thu, 24 May 2012 15:20:53 GMT Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed. http://packetstormsecurity.org/files/111853/intrust_annotatex_add.rb.txt http://packetstormsecurity.org/files/111853/intrust_annotatex_add.rb.txt http://packetstormsecurity.org/files/111853/Quest-InTrust-Annotation-Objects-Uninitialized-Pointer.html Fri, 13 Apr 2012 22:12:21 GMT This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser. http://packetstormsecurity.org/files/107503/ccmplayer_m3u_bof.rb.txt http://packetstormsecurity.org/files/107503/ccmplayer_m3u_bof.rb.txt http://packetstormsecurity.org/files/107503/CCMPlayer-1.5-Stack-Buffer-Overflow.html Sat, 03 Dec 2011 18:32:22 GMT This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7. http://packetstormsecurity.org/files/105643/acdsee_fotoslate_string.rb.txt http://packetstormsecurity.org/files/105643/acdsee_fotoslate_string.rb.txt http://packetstormsecurity.org/files/105643/ACDSee-FotoSlate-PLP-File-id-Parameter-Overflow.html Mon, 10 Oct 2011 22:35:13 GMT This Metasploit module exploits a buffer overflow in ACDSee FotoSlate 4.0 Build 146 via a specially crafted id parameter in a String element. When viewing a malicious PLP file with the ACDSee FotoSlate product, a remote attacker could overflow a buffer and execute arbitrary code. This exploit has been tested on systems such as Windows XP SP3, Windows Vista, and Windows 7. http://packetstormsecurity.org/files/104726/dvdx_plf_bof.rb.txt http://packetstormsecurity.org/files/104726/dvdx_plf_bof.rb.txt http://packetstormsecurity.org/files/104726/DVD-X-Player-5.5-.plf-PlayList-Buffer-Overflow.html Fri, 02 Sep 2011 15:22:44 GMT This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7. http://packetstormsecurity.org/files/101523/nsiproxy-dos.txt http://packetstormsecurity.org/files/101523/nsiproxy-dos.txt http://packetstormsecurity.org/files/101523/Microsoft-Windows-Vista-Server-2008-nsiproxy.sys-Denial-Of-Service.html Wed, 18 May 2011 09:09:09 GMT Microsoft Windows Vista/Server 2008 nsiproxy.sys local kernel denial of service exploit. http://packetstormsecurity.org/files/100472/VUPEN-mswotcffdso.txt http://packetstormsecurity.org/files/100472/VUPEN-mswotcffdso.txt http://packetstormsecurity.org/files/100472/Microsoft-Windows-OpenType-CFF-Driver-Stack-Overflow.html Fri, 15 Apr 2011 14:28:37 GMT The VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by a stack overflow error in the OpenType Compact Font Format (CFF) driver "ATMFD.dll" when processing certain operands within an OpenType font, which could be exploited by remote attackers to execute arbitrary code on a vulnerable Windows 7, Windows Server 2008, Windows Server 2008 R2, and Windows Vista systems via a malicious font, or by local attackers to gain elevated privileges on Windows XP and Windows Server 2003 systems via a malicious application. http://packetstormsecurity.org/files/96091/uacpoc.zip http://packetstormsecurity.org/files/96091/uacpoc.zip http://packetstormsecurity.org/files/96091/Windows-Vista-7-UAC-Bypass-Exploit.html Wed, 24 Nov 2010 22:52:18 GMT Microsoft Windows Vista / 7 privilege escalation exploit that has UAC bypass. http://packetstormsecurity.org/files/95166/lpksetup-dllhijack.txt http://packetstormsecurity.org/files/95166/lpksetup-dllhijack.txt http://packetstormsecurity.org/files/95166/Windows-Vista-7-lpksetup.exe-DLL-Hijacking.html Wed, 27 Oct 2010 01:49:35 GMT Microsoft Windows Vista/7 suffers from a DLL hijacking vulnerability in lpksetup.exe. http://packetstormsecurity.org/files/91380/MSRC-001.txt http://packetstormsecurity.org/files/91380/MSRC-001.txt http://packetstormsecurity.org/files/91380/NtUserCheckAccessForIntegrityLevel-Use-After-Free-Vulnerability.html Fri, 02 Jul 2010 01:05:02 GMT Microsoft Windows Vista / Server 2008 suffer from a NtUserCheckAccessForIntegrityLevel use-after-free vulnerability. http://packetstormsecurity.org/files/89489/ms10_004_textbytesatom.rb.txt http://packetstormsecurity.org/files/89489/ms10_004_textbytesatom.rb.txt http://packetstormsecurity.org/files/89489/Microsoft-PowerPoint-Viewer-TextBytesAtom-Stack-Buffer-Overflow.html Fri, 14 May 2010 14:44:02 GMT This Metasploit module exploits a stack buffer overflow vulnerability in the handling of the TextBytesAtom records by Microsoft PowerPoint Viewer. According to Microsoft, the PowerPoint Viewer distributed with Office 2003 SP3 and earlier, as well as Office 2004 for Mac, are vulnerable. NOTE: The vulnerable code path is not reachable on versions of Windows prior to Windows Vista. http://packetstormsecurity.org/files/86712/ms09_050_smb2_negotiate_func_index.rb.txt http://packetstormsecurity.org/files/86712/ms09_050_smb2_negotiate_func_index.rb.txt http://packetstormsecurity.org/files/86712/Microsoft-SRV2.SYS-SMB-Negotiate-ProcessID-Function-Table-Dereference.html Fri, 26 Feb 2010 18:18:48 GMT This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw. http://packetstormsecurity.org/files/81723/smb2_negotiate_func_index.rb.txt http://packetstormsecurity.org/files/81723/smb2_negotiate_func_index.rb.txt http://packetstormsecurity.org/files/81723/Microsoft-SRV2.SYS-SMB-Negotiate-ProcessID-Function-Table-Dereference.html Tue, 29 Sep 2009 21:36:39 GMT This Metasploit module exploits an out of bounds function table dereference in the SMB request validation code of the SRV2.SYS driver included with Windows Vista, Windows 7 release candidates (not RTM), and Windows 2008 Server prior to R2. Windows Vista without SP1 does not seem affected by this flaw. http://packetstormsecurity.org/files/81152/lame-smb-bsod.txt http://packetstormsecurity.org/files/81152/lame-smb-bsod.txt http://packetstormsecurity.org/files/81152/Lame-Windows-Vista-7-2k8-SMB-2.0-Blue-Screen-Of-Death.html Thu, 10 Sep 2009 19:24:31 GMT Lame Windows Vista / Windows 7 / Win2k8 R1 SP2 and beta R2 SMB 2.0 NEGOTIATE PROTOCOL REQUEST remote blue screen of death denial of service exploit. http://packetstormsecurity.org/files/81107/smb-bsod.txt http://packetstormsecurity.org/files/81107/smb-bsod.txt http://packetstormsecurity.org/files/81107/Microsoft-Windows-SMB-Blue-Screen-Of-Death.html Thu, 10 Sep 2009 17:18:18 GMT Windows Vista/7 suffers from a denial of service vulnerability when passed a malformed SMB header for the NEGOTIATE PROTOCOL REQUEST. Proof of concept code included. http://packetstormsecurity.org/files/81055/sa36599.txt http://packetstormsecurity.org/files/81055/sa36599.txt http://packetstormsecurity.org/files/81055/Secunia-Security-Advisory-36599.html Wed, 09 Sep 2009 16:34:30 GMT Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/79281/07.14.09-1.txt http://packetstormsecurity.org/files/79281/07.14.09-1.txt http://packetstormsecurity.org/files/79281/iDEFENSE-Security-Advisory-2009-07-14.1.html Thu, 16 Jul 2009 21:15:33 GMT iDefense Security Advisory 07.14.09 - Remote exploitation of a heap based buffer overflow vulnerability in Microsoft Corp.'s Embedded OpenType Font Engine (T2EMBED.DLL) could allow an attacker to execute arbitrary code with the privileges of the current user. During the processing of a malicious OpenType Font, an integer truncation issue can occur on a specific length value. This can result in a large overwrite of the heap using attacker controlled data. The attacker may gain arbitrary execution control by overwriting specific data structures on the heap, such as an object virtual function table. iDefense has confirmed the existence of this vulnerability in the Embedded OpenType Font Engine for Windows Vista SP1 (T2EMBED.DLL version 6.0.6001.18000) and Windows XP SP3 (T2EMBED.DLL version 5.1.2600.5512). Previous versions may also be affected. http://packetstormsecurity.org/files/76100/sa34428.txt http://packetstormsecurity.org/files/76100/sa34428.txt http://packetstormsecurity.org/files/76100/Secunia-Security-Advisory-34428.html Fri, 27 Mar 2009 14:09:22 GMT Secunia Security Advisory - Some vulnerabilities have been reported in Windows 2008, Windows Vista, and Microsoft Windows Services for UNIX, which can potentially be exploited by malicious people to compromise a vulnerable system. http://packetstormsecurity.org/files/74664/amayavista-overflow.txt http://packetstormsecurity.org/files/74664/amayavista-overflow.txt http://packetstormsecurity.org/files/74664/Amaya-Web-Browser-11-Overflow-For-Vista.html Wed, 04 Feb 2009 23:55:20 GMT Amaya 11 remote stack overflow exploit for Windows Vista that makes use of the bdo tag. http://packetstormsecurity.org/files/74287/DLL_Injection_In_Vista.tgz http://packetstormsecurity.org/files/74287/DLL_Injection_In_Vista.tgz http://packetstormsecurity.org/files/74287/Whitepaper-Win-Vista-DLL-Injection-32bit.html Sun, 25 Jan 2009 19:39:33 GMT Whitepaper discussing DLL injection on Windows Vista (32bit). Includes an executable for injecting a DLL in a process of your choice and the original source code is in the pdf. http://packetstormsecurity.org/files/72229/sa32791.txt http://packetstormsecurity.org/files/72229/sa32791.txt http://packetstormsecurity.org/files/72229/Secunia-Security-Advisory-32791.html Mon, 24 Nov 2008 16:32:13 GMT Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/72103/msvista-overflow.txt http://packetstormsecurity.org/files/72103/msvista-overflow.txt http://packetstormsecurity.org/files/72103/msvista-overflow.txt.html Wed, 19 Nov 2008 23:22:36 GMT The Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. Proof of concept test code included. http://packetstormsecurity.org/files/70632/sa32115.txt http://packetstormsecurity.org/files/70632/sa32115.txt http://packetstormsecurity.org/files/70632/Secunia-Security-Advisory-32115.html Mon, 06 Oct 2008 22:35:25 GMT Secunia Security Advisory - Defsanguje has discovered a vulnerability in Microsoft Windows Vista, which can be exploited by malicious, local users to cause a DoS (Denial of Service). http://packetstormsecurity.org/files/70625/vista-access.txt http://packetstormsecurity.org/files/70625/vista-access.txt http://packetstormsecurity.org/files/70625/vista-access.txt.html Mon, 06 Oct 2008 22:30:00 GMT Microsoft Windows Vista access violation from limited account denial of service blue screen of death exploit. http://packetstormsecurity.org/files/70044/sa31883.txt http://packetstormsecurity.org/files/70044/sa31883.txt http://packetstormsecurity.org/files/70044/Secunia-Security-Advisory-31883.html Wed, 17 Sep 2008 04:00:29 GMT Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows Vista, which can be exploited by malicious people to cause a DoS (Denial of Service).