This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk.



This is only a documentation update of the original module "Microsoft Windows Win32k pprFlattenRec Vulnerability Exploit".

A buffer overflow within the "rf_report_error()" function (ermapper_u.dll) when parsing ERS files exist in ERDAS ER VIEWER.

The vulnerability is caused due to a boundary error within Mini HTTPD when processing HTTP GET Request. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. Arbitrary code can be directly executed by overwriting a return address.

This module exploits a vulnerability in the NICM.SYS driver shipped with Novell Client 2 when handling specially crafted IOCTL requests.

A remote code execution vulnerability exists in Microsoft Silverlight that can allow a specially crafted Silverlight application to access memory in an unsafe manner. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the current user.

Corel PDF Fusion is prone to a stack-based buffer overflow vulnerability when parsing long names in ZIP directory entries within an XPS file.

PCMan's FTP Server is prone to a buffer-overflow when handling an overly long USER command.

The specific flaw exists within crs.exe which listens by default on a random TCP port. When parsing different opcodes, the process blindly copies user supplied data into a fixed-length stack buffer. A remote attacker can abuse this to execute remote code under the context of the SYSTEM user.

This module exploits a vulnerability in Adrenalin Player .ASX files. The vulnerability is caused due to lack of boundary checks in exporting an ASX file witch causes an Buffer Overflow of the stack and a SEH attack is possible due to a vulnerable DLL included in the software.

This module exploits a vulnerability in Adrenalin Player .WAX files. The vulnerability is caused due to lack of boundary checks in exporting a WAX file witch causes an Buffer Overflow of the stack and a SEH attack is possible due to a vulnerable DLL included in the software.