Untrusted search path vulnerability in Corel PDF Fusion 1.12 Build 16/04/2013 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as an .pdf file.
Untrusted search path vulnerability in Corel Painter 2015 14.0.0.728 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll that is located in the same folder as an .rif file.
This module exploits a double-free vulnerability in "afd.sys" by calling to "AfdTransmiteFile" function with crafted parameters.
This update adds support to Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8 and Windows 2012 (all 64 bit versions).
This update adds support to Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8 and Windows 2012 (all 64 bit versions).
This update introduces improvements and fixes to classes related to DHCP servers.
A vulnerability in Microsoft's implementation of the Kerberos authentication protocol allows to modify a Kerberos ticket to remotely escalate privileges. This module exploits the vulnerability impersonating a user of the domain's Administrators group to install an agent in the domain controller with System privileges.
This update introduces the option to use NTLM hashes for authentication and Network RPT-AP integration.
This update introduces the option to use NTLM hashes for authentication and Network RPT-AP integration.
The specific flaw exists within the PocketNetNVRMediaClientAxCtrl.NVRMediaViewer.1 control. The SaveCurrentImageEx method copies an attacker provided filename into a fixed size buffer.
This module abuses a design flaw in the way Microsoft Windows implements a UAC whitelist. The flaw could allow a process running with Medium Integrity to elevate itself to High Integrity without a UAC prompt when the process is run from an account in the administrators group.
This module exploits a vulnerability in the Linux Kernel. The futex_requeue function in kernel/futex.c in the Linux kernel does not ensure that calls have two different futex addresses, which allows local attackers to gain privileges via a crafted FUTEX_REQUEUE command.
This update makes a new version of DLLMaker library available to exploits.
New features and fixes:
+ Compatibility with PROCESS_MITIGATION_ASLR_POLICY process creation flags.
+ fixes IAT inconsistencies
+ new sections: .reloc, .rsrc.
+ adds VS_VERSION_INFO resource
New features and fixes:
+ Compatibility with PROCESS_MITIGATION_ASLR_POLICY process creation flags.
+ fixes IAT inconsistencies
+ new sections: .reloc, .rsrc.
+ adds VS_VERSION_INFO resource
A use after free vulnerability exists in Internet Explorer. The vulnerability is due to accessing a freed CInput object in memory.
A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.
A remote attacker could exploit this vulnerability by enticing the target user to open a malicious web page. In the case of successful exploitation, arbitrary attacker code would be executed in the security context of the target user.