This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

This module exploits a use after free in Internet Explorer by using a SetMouseCapture vulnerability in MSHTML.



This update fixes a typo in the name of the module.



This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The vulnerability is caused due to a boundary error within the authentication process. This can be exploited to cause a stack-based buffer overflow by sending an overly long, specially-crafted password to the affected server. This update adds CVE Number.

This module exploits a stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process.

Allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.



This update fixes a bug that occurs when this module is launched by RPT, with a newer Windows platform such as Windows Seven as target.

An error in the way that the Windows kernel handles string atoms when registering a new window class allows unprivileged users to re-register atoms of privileged applications.

This vulnerability can be exploited by local unprivileged users to execute arbitrary code with SYSTEM privileges.

The Dovecot documentation contains an example using a dangerous configuration option for Exim, which leads to a remote command execution vulnerability.

Bifrost Server is prone to a buffer overflow vulnerability which can be exploited remotely by sending a specially crafted packet to port TCP/81.

Adobe ColdFusion is vulnerable to a remote authentication-bypass, allowing the attacker to upload an agent and execute it. The agent may have SYSTEM privileges if ColdFusion is installed as a service in Windows.

This module exploits a Windows kernel vulnerability calling to "NtGdiScaleViewportExtEx" function by using crafted parameters.



This update adds support for all 32 bit Windows versions.

Microsoft Access contains a vulnerability in the way it handles compiled queries that are stored in .aacdb files. It mistakenly interprets certain fields in the file as pointers and produce memory corruption.