Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 07:58:59 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1204547318&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Overflow%20Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2Ffiles%2Ftags%2Foverflow%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1204547318.1338191939.1338191939.1338191939.1%3B%2B__utmz%3D32867617.1338191939.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/113043/rabidhamster_r4_log.rb.txt http://packetstormsecurity.org/files/113043/rabidhamster_r4_log.rb.txt http://packetstormsecurity.org/files/113043/RabidHamster-R4-Log-Entry-sprintf-Buffer-Overflow.html Fri, 25 May 2012 20:56:18 GMT This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/113041/resedit-overflow.tgz http://packetstormsecurity.org/files/113041/resedit-overflow.tgz http://packetstormsecurity.org/files/113041/ResEdit-1.5.11-win32-Buffer-Overflow.html Fri, 25 May 2012 20:36:33 GMT ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included. http://packetstormsecurity.org/files/113013/ESA-2012-020.txt http://packetstormsecurity.org/files/113013/ESA-2012-020.txt http://packetstormsecurity.org/files/113013/EMC-AutoStart-Multiple-Buffer-Overflows.html Thu, 24 May 2012 15:22:39 GMT EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected. http://packetstormsecurity.org/files/112919/flexnet_lmgrd_bof.rb.txt http://packetstormsecurity.org/files/112919/flexnet_lmgrd_bof.rb.txt http://packetstormsecurity.org/files/112919/FlexNet-License-Server-Manager-lmgrd-Buffer-Overflow.html Tue, 22 May 2012 01:40:17 GMT This Metasploit module exploits a vulnerability in the FlexNet License Server Manager. The vulnerability is due to the insecure usage of memcpy in the lmgrd service when handling network packets, which results in a stack buffer overflow. In order to improve reliability, this module will make lots of connections to lmgrd during each attempt to maximize its success. http://packetstormsecurity.org/files/112918/foxit_reader_launch.rb.txt http://packetstormsecurity.org/files/112918/foxit_reader_launch.rb.txt http://packetstormsecurity.org/files/112918/Foxit-Reader-3.0-Open-Execute-Action-Stack-Based-Buffer-Overflow.html Tue, 22 May 2012 01:39:05 GMT This Metasploit module exploits a buffer overflow in Foxit Reader 3.0 builds 1301 and earlier. Due to the way Foxit Reader handles the input from an "Launch" action, it is possible to cause a stack-based buffer overflow, allowing an attacker to gain arbitrary code execution under the context of the user. http://packetstormsecurity.org/files/112899/peexplorer-overflow.txt http://packetstormsecurity.org/files/112899/peexplorer-overflow.txt http://packetstormsecurity.org/files/112899/PE-Explorer-1.99-R6-Heap-Overflow.html Sat, 19 May 2012 13:11:11 GMT PE Explorer version 1.99 R56 suffers from a heap overflow vulnerability. http://packetstormsecurity.org/files/112864/bea_weblogic_post_bof.rb.txt http://packetstormsecurity.org/files/112864/bea_weblogic_post_bof.rb.txt http://packetstormsecurity.org/files/112864/Oracle-Weblogic-Apache-Connector-POST-Request-Buffer-Overflow.html Fri, 18 May 2012 14:58:27 GMT This Metasploit module exploits a stack based buffer overflow in the BEA Weblogic Apache plugin. The connector fails to properly handle specially crafted HTTP POST requests, resulting a buffer overflow due to the insecure usage of sprintf. Currently, this module works over Windows systems without DEP, and has been tested with Windows 2000 / XP. In addition, the Weblogic Apache plugin version is fingerprinted with a POST request containing a specially crafted Transfer-Encoding header. http://packetstormsecurity.org/files/112849/skincrafter-overflow.txt http://packetstormsecurity.org/files/112849/skincrafter-overflow.txt http://packetstormsecurity.org/files/112849/SkinCrafter-3.0-Buffer-Overflow.html Fri, 18 May 2012 14:18:55 GMT SkinCrafter active-x control version 3.0 suffers from a buffer overflow vulnerability. http://packetstormsecurity.org/files/112799/dsa-2473-1.txt http://packetstormsecurity.org/files/112799/dsa-2473-1.txt http://packetstormsecurity.org/files/112799/Debian-Security-Advisory-2473-1.html Wed, 16 May 2012 23:53:38 GMT Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution. http://packetstormsecurity.org/files/112792/CVE-2012-1149.txt http://packetstormsecurity.org/files/112792/CVE-2012-1149.txt http://packetstormsecurity.org/files/112792/OpenOffice.org-vclmi.dll-Integer-Overflow.html Wed, 16 May 2012 23:27:40 GMT A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. http://packetstormsecurity.org/files/112791/PRE-SA-2012-03.txt http://packetstormsecurity.org/files/112791/PRE-SA-2012-03.txt http://packetstormsecurity.org/files/112791/Linux-Kernel-HFS-Plus-Buffer-Overflow.html Wed, 16 May 2012 23:25:02 GMT PRE-CERT Security Advisory - The Linux kernel contains a vulnerability in the driver for HFS plus file systems that may be exploited for code execution or privilege escalation. A specially-crafted HFS plus filesystem can cause a buffer overflow via the memcpy() call of hfs_bnode_read() (in fs/hfsplus/bnode.c). http://packetstormsecurity.org/files/112789/APPLE-SA-2012-05-15-1.txt http://packetstormsecurity.org/files/112789/APPLE-SA-2012-05-15-1.txt http://packetstormsecurity.org/files/112789/Apple-Security-Advisory-2012-05-15-1.html Wed, 16 May 2012 23:16:27 GMT Apple Security Advisory 2012-05-15-1 - QuickTime 7.7.2 is now available and addresses multiple security issues. Multiple stack overflows existed in QuickTime's handling of TeXML files. A heap overflow existed in QuickTime's handling of text tracks. A heap buffer overflow existed in the handling of H.264 encoded movie files. An uninitialized memory access issue existed in the handling of MP4 encoded files. For OS X Lion systems, this issue is addressed in OS X Lion v10.7.3. For Mac OS X v10.6 systems, this issue is addressed in Security Update 2012-001. Various other issues were also addressed. http://packetstormsecurity.org/files/112680/tftp_server_v14ST.rb.txt http://packetstormsecurity.org/files/112680/tftp_server_v14ST.rb.txt http://packetstormsecurity.org/files/112680/TFTP-Server-1.4-ST-RRQ-Buffer-Overflow.html Mon, 14 May 2012 23:23:23 GMT This Metasploit module creates a buffer overflow condition by sending a Read Request (RRQ) packet to TFTP server version 1.4. http://packetstormsecurity.org/files/112662/imgrd_1.tgz http://packetstormsecurity.org/files/112662/imgrd_1.tgz http://packetstormsecurity.org/files/112662/FlexNet-License-Server-Manager-11.9.1-Stack-Overflow.html Sun, 13 May 2012 23:23:23 GMT FlexNet License Server Manager versions 11.9.1 and below suffer from a stack overflow vulnerability in lmgrd. Proof of concept included. http://packetstormsecurity.org/files/112661/proservrex_1.tgz http://packetstormsecurity.org/files/112661/proservrex_1.tgz http://packetstormsecurity.org/files/112661/Pro-face-Pro-Server-EX-1.30.000-Memory-Issues-Integer-Overflow.html Sun, 13 May 2012 19:22:22 GMT Pro-face Pro-Server EX versions 1.30.000 and PCRuntime versions 3.1.00 suffer from memory related and integer overflow vulnerabilities. Proof of concept included. http://packetstormsecurity.org/files/112646/anvsoftanyvideo-overflow.txt http://packetstormsecurity.org/files/112646/anvsoftanyvideo-overflow.txt http://packetstormsecurity.org/files/112646/AnvSoft-Any-Video-Conveter-4.3.6-Unicode-Buffer-Overflow.html Sat, 12 May 2012 17:22:22 GMT AnvSoft Any Video Converter version 4.3.6 unicode buffer overflow exploit that creates a malicious .reg file. http://packetstormsecurity.org/files/112623/qnx-overflows.tgz http://packetstormsecurity.org/files/112623/qnx-overflows.tgz http://packetstormsecurity.org/files/112623/QNX-phrelay-phindows-phditto-Overflows.html Fri, 11 May 2012 15:23:52 GMT QNX phrelay/phindows/phditto suffer from bpe_decompress stack overflow and Photon Session buffer overflow vulnerabilities. Proof of concept test code included. http://packetstormsecurity.org/files/112622/9sg_photoshock.tgz http://packetstormsecurity.org/files/112622/9sg_photoshock.tgz http://packetstormsecurity.org/files/112622/Adobe-Photoshop-CS5.1-U3D.8BI-Buffer-Overflow.html Fri, 11 May 2012 02:44:31 GMT Adobe Photoshop version CS5.1 U3D.8BI suffers from a library collada asset elements stack based buffer overflow vulnerability. Proof of concept included. http://packetstormsecurity.org/files/112579/CAL-2011-0073.txt http://packetstormsecurity.org/files/112579/CAL-2011-0073.txt http://packetstormsecurity.org/files/112579/Adobe-Photoshop-TIF-Buffer-Overflow.html Wed, 09 May 2012 22:22:22 GMT Adobe Photoshop EXTENDED versions CS5 12.0 and CS5.1 12.1 suffer from a TIF parsing heap buffer overflow vulnerability. http://packetstormsecurity.org/files/112463/VL-536.txt http://packetstormsecurity.org/files/112463/VL-536.txt http://packetstormsecurity.org/files/112463/Format-Factory-2.95-Buffer-Overflows.html Fri, 04 May 2012 15:00:08 GMT Format Factory version 2.95 suffers from multiple buffer overflow vulnerabilities. http://packetstormsecurity.org/files/112444/anvsoft-overflow.txt http://packetstormsecurity.org/files/112444/anvsoft-overflow.txt http://packetstormsecurity.org/files/112444/AnvSoft-Any-Video-Converter-4.3.6-Stack-Overflow.html Thu, 03 May 2012 22:46:18 GMT AnvSoft Any Video Converter version 4.3.6 suffers from a stack overflow vulnerability. http://packetstormsecurity.org/files/112442/vlc_mms_bof.rb.txt http://packetstormsecurity.org/files/112442/vlc_mms_bof.rb.txt http://packetstormsecurity.org/files/112442/VLC-MMS-Stream-Handling-Buffer-Overflow.html Thu, 03 May 2012 22:45:00 GMT This Metasploit module exploits a buffer overflow in VLC media player VLC media player prior to 2.0.0. The vulnerability is due to a dangerous use of sprintf which can result in a stack buffer overflow when handling a malicious MMS URI. This Metasploit module uses the browser as attack vector. A specially crafted MMS URI is used to trigger the overflow and get flow control through SEH overwrite. Control is transferred to code located in the heap through a standard heap spray. The module only targets IE6 and IE7 because no DEP/ASLR bypass has been provided. http://packetstormsecurity.org/files/112435/dsa-2462-2.txt http://packetstormsecurity.org/files/112435/dsa-2462-2.txt http://packetstormsecurity.org/files/112435/Debian-Security-Advisory-2462-2.html Thu, 03 May 2012 22:26:57 GMT Debian Linux Security Advisory 2462-2 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. The initial update introduced a regression, which could lead to errors when processing some JPEG files. http://packetstormsecurity.org/files/112312/dsa-2462-1.txt http://packetstormsecurity.org/files/112312/dsa-2462-1.txt http://packetstormsecurity.org/files/112312/Debian-Security-Advisory-2462-1.html Sun, 29 Apr 2012 16:24:43 GMT Debian Linux Security Advisory 2462-1 - Several integer overflows and missing input validations were discovered in the ImageMagick image manipulation suite, resulting in the execution of arbitrary code or denial of service. http://packetstormsecurity.org/files/112294/cpe17-overflow.rb.txt http://packetstormsecurity.org/files/112294/cpe17-overflow.rb.txt http://packetstormsecurity.org/files/112294/CPE17-Autorun-Killer-1.7.1-Buffer-Overflow.html Fri, 27 Apr 2012 12:11:11 GMT CPE17 Autorun Killer versions 1.7.1 and below stack buffer overflow exploit.