The vulnerability is a memory corruption caused due to an error when parsing TIFF files within the Microsoft Graphics Component (GDI+).

This update adds support for Windows Seven sp1 and 64 bits.

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 holds a memory corruption vulnerability that allows the bypassing of "dataOffsets[]" boundary checks. This module exploits such vulnerability allowing for remote code execution.

A heap overflow in the ActiveX control qp2.cab in IBM Lotus Quickr for Domino allows remote attackers to execute arbitrary code via a crafted argument to the Attachment_Names method.

A Buffer Overflow exist in Sophos Antivirus when parsing encrypted revision 3 PDF files by reading the encryption key contents onto a fixed length stack buffer.

The default Java security properties configuration does not restrict access to certain objects in the com.sun.jmx.mbeanserver packages. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.



This update adds support for Mac OS X 10.7.4 (i386).

Aloaha PDF Suite is prone to a security vulnerability when processing PDF files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing Aloaha users to open a specially crafted PDF file.

This module exploits a vulnerability in Oracle Java. The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of "dataBitOffset" boundary checks. This vulnerability allows for remote code execution.

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native IntegerInterleavedRaster.verify() function inside jre/bin/awt.dll

This module exploits a vulnerability in Oracle Java. The vulnerability is an invalid array indexing that exists within the native storeImageArray() function inside jre/bin/awt.dll.

This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.