VLC media player is prone to multiple stack-based buffer-overflow vulnerabilities.



When parsing a MP4, ASF or AVI file with an overly deep box structure, a stack overflow might occur. It would overwrite the return address and thus redirect the execution flow.



Attackers can exploit these issues to execute arbitrary code in the context of the affected application or crash the application, denying service to legitimate users.



VLC media player 1.0.1 is vulnerable; prior versions may also be affected.

Multiple IBM Informix products are prone to a buffer-overflow vulnerability because the software fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

This module abuses the scripting functionality in Blender to trigger remote code execution via a blender file with an embedded python script.

This module exploits a vulnerability in Adobe Flash Player triggered when processing a specially crafted .SWF file.

This update adds support for One Link Multiple Clientsides.

This update adds support for Microsoft Excel 2000 SP3 and Microsoft Excel 2003 SP3.



This module exploits a buffer overflow in the Microsoft Excel file via a hyperlink bigger than 8000 bytes of length.

This module exploits an arbitrary file download and execute vulnerability in the Altiris.AeXNSPkgDL.1 ActiveX Control included in Symantec Altiris Deployment Solution.

Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4,

8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via a malformed U3D content in a .PDF file.



WARNING: This is an early release module. This is not the final version of this module.

It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations.

Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a memory corruption in Windows Media Runtime (wmspdmod.dll) when handling the sample rate for a Windows Media Voice frame.

Alleycode HTML Editor fails when optimizing certain malformed HTML pages,leading to a stack-based buffer overflow that can be exploited to execute arbitrary code.

This module exploits Microsoft Office 2007 systems via a crafted Excel document that triggers an access attempt on an invalid SST record.



This update modifies the CVE number related to the module to correctly reflect the specific vulnerability which is being exploited.