This module exploits a Use-After-Free vulnerability in Adobe Reader when handling a specially crafted PDF file.



This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.



This update adds Javascript obfuscation to the PDF document and fixes some documentation issues.

A Buffer Overflow exist in Vortex Light Alloy when parsing .M3U files. The vulnerability is caused due to a boundary error in Vortex Light Alloy when handling .M3U files beginning with "http://", when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file.

IBM Forms Viewer is prone to a buffer overflow when handling a specially crafted XFDL file.

Real Media Player are vulnerable to a heap buffer overflow when provided with a specially crafted .rmp file with malformed TRACKID tags.

PDFCool Studio Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing users to open a specially crafted PDF file.

Use after free in Internet Explorer when handling the caret (text cursor) object. Successful control of the freed memory may leverage arbitrary code execution under the context of the user.

Corel Paint Shop Pro is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .JPG file.

This module exploits a Use-After-Free vulnerability in Adobe Reader when handling a specially crafted PDF file.



This module runs a malicious web site on the CORE IMPACT Console and waits for an unsuspecting user to trigger the exploit by connecting to the web site.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This updates improves the reliability of Microsoft Internet Explorer Tabular Data Control ActiveX Exploit.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 holds a memory corruption vulnerability that allows the bypassing of "dataOffsets[]" boundary checks. This module exploits such vulnerability allowing for remote code execution.