A stack-based buffer overflow in CyberLink LabelPrint allows an attacker to execute arbitrary code via an overly long name attribute in a .LPP file. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
The vulnerability is caused due to a boundary error when handling .WAV files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension.
An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability.
The specific flaw exists within the parsing of a PBA file. The issue lies in the failure to properly validate the length of user-supplied data prior to copying it to a fixed-length buffer.
The vulnerability is caused due to a boundary error when handling .LSM files. This can be exploited to cause a stack-based buffer overflow via a specially crafted file of said extension.
The specific flaw exists in fsws.exe (Easy File Sharing server) when handling specially crafted POST request.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
Delta Industrial Automation COMMGR is prone to a buffer-overflow vulnerability when handling a crafted packet.
Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTL.