InduSoft Web Studio SCADA is prone to a vulnerability that may allow execution of module REVERB1 if this dll is located in the same folder than .APP file.

The vulnerability exists within the application's parsing of a particular record within a Microsoft Excel Compound Document. When specifying a particular value, the application will fail to initialize a variable that is used as the length of a memcpy operation.

When a crafted ".fon" file is loaded by Windows Kernel this produces a kernel heap overflow.

This module exploits this vulnerability filling the kernel memory via heap spraying and building a fake chunk header.

Windows Meeting Space is prone to a vulnerability that may allow the execution of any library file named wab32res.dll, if this dll is located in the same folder as a .WCINV file.

The Rhino Script Engine of Oracle Java fails to properly check for permissions on JavaScript error objects. This flaw allows an unprivileged applet to escape the sandbox and execute arbitrary code on the target machine with the privileges of the current user.

The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a crash via a specially crafted packet sent to TCP port 2194.

The Ancillary Function Driver (AFD.sys) present in Microsoft Windows is vulnerable to an arbitrary pointer overwrite. This module allows a local unprivileged user to execute arbitrary code with SYSTEM privileges by sending a specially crafted IOCTL to the vulnerable driver.



This update adds support for Windows 2003.

Oracle AutoVue Electro-Mechanical Professional is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .DWG file.

EViews Enterprise Edition is prone to a vulnerability that may allow the execution of any library file named dwmapi.dll, if this dll is located in the same folder than a .PRG file.

Stack Overflow in the MiniSmtp Server component of the NJStar Communicator.