Unsafe type handling performed by the AtomicReferenceArray class of the Oracle Java Runtime Environment can be abused to cause a type confusion error.

This flaw allows an unprivileged Java applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

The vulnerability is caused due to a boundary error when processing the tags within .PAC files. This can be exploited to cause a stack-based buffer overflow via an overly long string.

This update adds CVE number.

This module exploits an object type confusion vulnerability in Adobe Flash Player. The specific error occurs due to the way Adobe Flash handles the AMF0 response (_error) when connecting to a malicious RTMP server. By supplying a crafted AMF0 response it is possible to execute arbitrary code in the context of the vulnerable application.

A vulnerability found in Apple QuickTime Player when handling a crafted TeXML file, it is possible to trigger a stack-based buffer overflow.

This update bypass DEP for Internet Explorer 8 support and for execute the mov file directly in Quicktime player.

Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0, as used by Internet Explorer, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code by enticing an unsuspecting user to visit a specially crafted web site.

The vulnerability is caused due to a boundary error within the Formats plug-in (Formats.dll) when handling TFF files. This can be exploited to cause a stack-based buffer overflow via a specially crafted TFF file.

A vulnerability found in Apple QuickTime Player when handling a crafted TeXML file, it is possible to trigger a stack-based buffer overflow.

WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Apple Itunes is prone to a buffer-overflow when handling M3U files with an overly long string.

This module exploits a use-after-free vulnerability in the MSHTML component in Internet Explorer. The specific error ocurrs due to the way Internet Explorer handles objects in memory. It is possible to use a pointer in CTableRowCellsCollectionCacheItem::GetNext after it gets freed and get remote code execution.



This vulnerability was one of the 2012's Pwn2Own challenges.

VLC Media Player is prone to a buffer overflow vulnerability due to insufficient validation of user supplied data. An attacker is able to execute arbitrary code in the context of the user when opening malicious .S3M media files.

This version adds the CVE number.