This update adds support to Microsoft Windows Vista, Microsoft Windows 2008 and Microsoft Windows 7.



When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD.

This module exploits a path traversal vulnerability in Novell ZENworks Asset Management.



The flaw exists within the rtrlet component. This process listens on TCP port 8080. When handling an unauthenticated file upload the process does not properly sanitize the path. Directory traversal can be used to drop a file in an arbitrary location and a null byte inserted into the filename to provide arbitrary extension.

This module exploits a remote buffer overflow in the streamprocess.exe service included in the Citrix Provisioning Services application by sending a malformed packet to the 6905/UDP port.

CyberLink Power2Go is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .P2G file.

A policy issue existed in Apple Safari before 5.1 when handling of file:// URLs.

This module exploits a vulnerability in DameWare Mini Remote Control by sending a specially crafted packet to port 6129/TCP.

When a crafted TTF file is processed by Windows kernel it produces a stack exhaustion finishing it in a BSoD.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

webserver.exe is a component in 3S CoDeSys for handling the HTTP connections on port 8080.

The process is affected by a buffer overflow that copies the input URI in a limited buffer allowing code execution.

Buffer overflow in libtelnet/encrypt.c in various implementations of telnetd allows remote attackers to execute arbitrary code with root permissions via a long encryption key.



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The vulnerability is a buffer overflow in TinyIdentD via a long string to TCP port 113.