The buffer overflow hen parsing an LZH compressed file. Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
The module sends an email with a malformed png file attached, when the mail is read with a vulnerable mail client an agent will be installed. The exploit code is specially crafted to avoid the user from detecting the exploitation. The number of agents installed depends in how many times the user reads the mail, a new thread is created for each one.
KingView is prone to a stack based buffer overflow when opening specially crafted KVL files (log files). This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Kingsoft Writer is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .DOC document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Kingsoft Writer is prone to a Buffer Overflow when handling font names via a specially crafted WPS file with an overly long font name. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Kingsoft Writer 2010 is prone to a vulnerability that may allow execution of plgpf.dll if this dll is located in the same folder than .WPS file. The attacker must entice a victim into opening a specially crafted .WPS file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
Kingsoft Writer is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .WPS document. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
KeePass Password Safe is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .KDBX file. The attacker must entice a victim into opening a specially crafted .KDBX file. This file and the associated binary may be delivered to a user through remote WebDAV shares. An attacker may exploit this issue to execute arbitrary code.
The vulnerability is caused due to a boundary error within the parsing of .SSA files, this can be exploited to cause a stack-based buffer overflow via a .SSA file with an overly long file string. Kantaris uses a vulnerable library that was originally shipped by VideoLAN VLC 0.8.6d. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
Subscribe to Client Side