An error in the way that Java implements dynamic binding can be abused to overwrite public final fields. This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.



This update adds the CVE number to the exploit.

A Buffer Overflow exist in Mediacoder when parsing .LST files. The vulnerability is caused due to a boundary error in Mediacoder when handling .LST files beginning with http://, when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .LST file.

Google Sketchup fails to validate the input when parsing an crafted skp file with Pict texture, leading to an arbitrary stack offset overwrite and finally to an arbitrary code execution.

AudioCoder contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in AudioCoder when handling .m3u files beginning with http://, when the application tries to obtain a stream from an url. This can be exploited to cause a stack-based buffer overflow via a specially crafted .m3u file.

This module exploits a remote code injection in Mozilla Firefox by using vulnerabilities CVE-2013-0758 and CVE-2013-0757.

This module exploits an integer overflow vulnerability in the Vector Markup Language (VML) on Internet Explorer. The vulnerability exists in the handling of the dashstyle.array length for VML shapes on the vgx.dll module.



This vulnerability was one of the 2013's Pwn2Own challenges.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Buffer overflow in Microsoft Office allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation.

Zoom Player is prone to a buffer-overflow via a specially crafted BMP image with an overly large "biClrUsed" value.

Xnview is prone to a stack based buffer overflow which can be exploited through a specially crafted image layer within an XCF file.

Sketchup fails to validate the input when parsing an embedded MAC Pict texture, leading to an arbitrary stack offset overwrite and finally to an arbitrary code execution.