XMPlay 3.8.3 allows remote attackers to execute arbitrary code via a crafted http:// URL in a .m3u file.

Microsoft Windows Shell does not properly sanitize special characters in a URI, allowing the opening a dangerous files.

An attacker can leverage this vulnerability to execute code in the context of the current user.

A Buffer Overflow exists when parsing .PDF files. The vulnerability is caused due to a boundary error when handling a crafted .PDF files.

A Buffer Overflow exists when parsing .mp3/wma files. The vulnerability is caused due to a boundary error when handling a crafted .mp3/wma files.

Path traversal vulnerability in WinRAR when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

The specific flaw exists within the parsing of CSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer.

A Buffer Overflow exists when parsing .M3U files. The vulnerability is caused due to a boundary error when handling a crafted .M3U files.

The specific flaw exists within the parsing of CXP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer.

A Buffer Overflow exists when parsing .PLS files. The vulnerability is caused due to a boundary error when handling a crafted .PLS files.

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.