This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port.



This module adds support for Windows 2003.

The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow.

WebKit in Android 2.1 does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

This vulnerability exists within the handling of MixerSequencer objects. When this object is used to play a MIDI file, the GM_Song structure is populated with song data. In particular, it stores a integer value from the file and uses it later as an index into an array of function pointers. If this value is over 128 the process can be made to call a pointer outside the array.

This module exploits a remote buffer overflow in the Motorola Netopia netOctopus SDCS server service.



The vulnerability exists within the code responsible for parsing client requests. When reading in a request from the network, a 32-bit integer is read in that specifies the number of bytes that follow. This value is not validated, and is then used to read data into a fixed-size stack buffer. This results in an exploitable stack buffer overflow.

A flaw was found in the Linux kernels IPv4 IGMP query processing. This module exploit this to cause a denial of service.

The CA iGateway component, contains a buffer overflow vulnerability due to improper bounds checking on HTTP GET requests by the iGateway component when debug mode is enabled.

The CmdProcessor.exe service of Trend Micro Control Manager is prone to a stack-based buffer overflow, which can be exploited by remote unauthenticated attackers to execute arbitrary code by sending a specially crafted IPC packet to the vulnerable service.

This module exploits a heap overflow in Windows Media Player (winmm.dll) when handling a specially crafted MIDI file.

A denial of service vulnerability has been found in the way the multiple

overlapping ranges are handled by the Apache HTTPD server.



This update fixes an issue when launching the module from an agent running

in a Linux system.