This module exploits a vulnerability in "win32k.sys" by calling to "NtUserValidateHandleSecure" function with crafted parameters.



This is a documentation update from the original module "Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS".

The specific flaw exists within the Borland Silk Central TeeChart ActiveX control. The control suffers from an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process.

A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer.

The copying procedure stops when a null byte is found and no size check is proceeded.

AT and T Connect Participant Application is prone to a Buffer-Overflow when handling specially crafted SVT files.

This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014.



This update adds support for Windows 7 x64, Windows Server 2008 x64 and Windows Server 2008 R2 x64.

Removes instantiating a java class, avoiding the popup stating Java is required to complete further operations.

HP LoadRunner lrFileIOService has a vulnerability in the WriteFileString method, which allow the user to write arbitrary and load abitrary modules.

This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKBCopyD.exe service.



The Yokogawa Centum CS3000 solution uses different services in order to provide all its functionality. The BKBCopyD.exe service, started when running the FCS / Test Function, listens by default on TCP/20111. By sending a specially crafted packet to the port TCP/20111 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user.

This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKHOdeq.exe service.



The BKHOdeq.exe service, started when running the FCS / Test Function listens by default on TCP/20109, TCP/20171 and UDP/1240. By sending a specially crafted packet to the port TCP/20171 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user.

The file names showed in WinRAR when opening a ZIP file come from the central directory, but the file names used to extract and open contents come from the Local File Header. This allows to spoof file names when opening ZIP files

and can be abused to execute arbitrary code.