A vulnerability has been identified in Foxit Reader, which could be exploited by attackers to potentially compromise a vulnerable system. This issue is caused by a memory corruption error when processing Compact Font Format (CFF) data within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.



This is the same vulnerability that is currently being exploited to jailbreak the iPhone 4 OS.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

Windows Media Player is prone to a buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data via a crafted .ASF file.

QQPlayer contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in QQPlayer when handling .ASX files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .ASX file.

Serenity Audio Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Serenity Audio Player when handling .M3U files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .M3U file.

This module causes a DoS in win32k.sys when attempts are made to render a malformed embedded font. This updates improves the functionality of the module.

HTML Email Creator is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied input, when sending or creating mails, with malformed HTML tags.

The vulnerability is caused due to boundary errors in libpurple.dll within the processing of MSNSLP messages. This can be exploited to cause an arbitrary write without user interaction.



This module updates the MSN library, because of minor changes in the handling of the HTTP encapsulation of the MSN protocol within the Microsoft MSN server.

Millennium MP3 Studio contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Millennium MP3 Studio when handling .PLS files. This can be exploited to cause a stack-based buffer overflow via a specially crafted .PLS file.

This module exploits a vulnerability caused due to an error in the MPC::HTML::UrlUnescapeW() function in helpctr.exe when escaping URLs, add direct exploitation from Real Player to the original Internet Explorer attack vector.

Pointdev IDEAL Migration is prone to a stack-based buffer-overflow vulnerability because the applications fail to perform adequate boundary checks on user-supplied data, when handling .IPJ files.