The specific flaw exists within the implementation of the 0x2711 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call.
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via command injection using the module import feature in admin/moduleinterface.php
A Local Buffer Overflow exists when parsing .wav files. The vulnerability is caused due to a boundary error when handling a crafted .wav files.
A Buffer Overflow exists when parsing .lsm files. The vulnerability is caused due to a boundary error when handling a crafted .lsm files.
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated local attacker, to execute arbitrary commands with SYSTEM user privileges.
In VirIT eXplorer Anti-Virus, the VIAGLT64.SYS driver file contains an Arbitrary Write vulnerability, and can be exploited to elevate privileges from a local account to SYSTEM.
The specific flaw exists within bwnodeip.exe, which is accessed through the 0x2711 IOCTL in the webvrpcs process.
The specific flaw exists within the implementation of the 0x138bd IOCTL in the webvrpcs process. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this functionality to execute code under the context of Administrator.