This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML.



This update fixes a typo in the name of the module.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Microsoft Access contains a vulnerability in the way it handles compiled queries that are stored in .aacdb files. It mistakenly interprets certain fields in the file as pointers and produce memory corruption.

Music Animation Machine MIDI Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in MAM Player when handling misleading MIDI files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This vulnerability can be exploited via a specially crafted .mamx file.

This module exploits a vulnerability in Mozilla Firefox when serializing XML to a DOM object. A certain method used during this process is likely to create a dangling pointer. Remote attackers can take advantage of this memory and use it to execute arbitrary code.

The vulnerability is caused due to an error when handling theme and screensaver files.

Siemens Solid Edge SEListCtrlX ActiveX control is prone to an arbitrary memory write vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Use after free in Internet Explorer when an invalid reference to CFlatMarkupPointer is used. Successful control of the freed memory may leverage arbitrary code execution under the context of the user.

Kingsoft Writer is prone to a Buffer Overflow when handling font names via a specially crafted WPS file with an overly long font name.

The specific flaw exists within the micWebAjax.dll ActiveX control. The control exposes the NotifyEvent method. The method performs insufficient bounds checking on user-supplied data which results in stack corruption.

Triologic Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Triologic Player when handling misleading m3u files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This is an UNICODE overflow so special shellcode must be considered. This vulnerability can be exploited via a specially crafted .m3u file.