ABB Panel Builder is prone to a Heap-Overflow when handling specially cracted .PBA files.
The specific flaw exists within the processing of a TLF file. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer.
The specific flaw exists within the handling of UMP files. When parsing the BgOnOffBitAddr element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU UserManage. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList Description element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator.
The specific flaw exists within the handling of the UserMgr.xml file. When parsing the GroupList Description element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of Administrator.
A Stack Overflow exists when parsing .m3u files. The vulnerability is caused due to a boundary error when handling a crafted .m3u files.
Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.
A Buffer Overflow exists in Zip-n-Go 4.9 when parsing .ZIP files. The vulnerability is caused due to a boundary error when handling a crafted .ZIP files.
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
The specific flaw exists within the processing of DVP files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This update adds CVE number and corrects some xml tags.
A Buffer Overflow exists when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files.