An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine allows a local low privileged user to gain elevation of privileges.
In the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local) path as SYSTEM when the execute_installer parameter is used in an HTTP message.
Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 2259, and TwinCAT 3.1 lack proper validation of user-supplied pointer values. An attacker who is able to execute code on the target may be able to exploit this vulnerability to obtain SYSTEM privileges.
Adobe Reader has a built-in sandbox feature that usually makes exploitation difficult. By combining vulnerabilities, this attack achieves code execution and then bypasses the sandbox protection to fully compromise the targeted system.
A Buffer Overflow exists in Zip-n-Go 4.9 when parsing .ZIP files. The vulnerability is caused due to a boundary error when handling a crafted .ZIP files.
Delta Industrial COMMGR is prone to a buffer overflow when handling spacially crafted packets.
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.
Eternalromance targets were added to this module (Win 2000 to Win 2016)
The specific flaw exists within the processing of DVP files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This update adds CVE number and corrects some xml tags.
A Buffer Overflow exists when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files.