GSM SIM Utility contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in GSM SIM Editor when handling misleading .sms files. When opening such files an error message is shown and then a buffer overflow occurs. This situation allows an attacker to overwrite an SEH Pointer and control the execution flow.
Elecard MPEG Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Elecard MPEG Player when handling .m3u files, situation that leads to a buffer overflow and the possibility to overwrite an SEH Pointer. This can be exploited via a specially crafted .m3u file.
The specific flaw exists within the lrFileIOService ActiveX control. The control exposes the WriteFileBinary method which accepts a parameter named data that it uses as a valid pointer. By specifying invalid values an attacker can force the application to jump to a controlled location in memory. This can be exploited to execute remote code under the context of the user running the web browser.
Oracle WebCenter Content is prone to a Remote File Execution vulnerability within the CheckOutAndOpen.dll ActiveX when using openWebdav method. By specifying a constructed path an attacker can force the contents of the file to be passed to ShellExecuteExW, thus being able to execute arbitrary files. The payload is embedded on a VBS file which is automatically executed when a HTA file is requested through Webdav.
ABBS Audio Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in ABBS when handling .lst files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .lst file.
Subscribe to Client Side