Adobe Flash Player is prone to a use-after-free vulnerability because the ByteArray::UncompressViaZlibVariant method frees an object while leaving a dangling pointer that can be later dereferenced.

This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file.



This update adds support for Windows 8 and Windows 8.1.

The vulnerable component gefebt allows to execute remote BCL files in

shared resources. An attacker can abuse this behaviour to execute a malicious BCL and drop an arbitrary EXE .This can be executed remotely through the WebView server.

This module exploits a buffer overflow in FSSO Collector Agent for Windows Active Directory from FORTINET and installs an agent into the target host

Microsoft Windows is prone to a vulnerability that may allow a DLL file to be automatically loaded because the software fails to handle LNK files properly.

Specifically, the issue occurs when loading the icon of a shortcut file. A specially crafted LNK file can cause Windows to automatically execute code that is specified by the shortcut file.

This vulnerability is the result of an incomplete fix for MS10-046 (CVE-2010-2568).



WARNING: This is an early release module. This is not the final version of this module. It is a pre-released version in order to deliver a module as quickly as possible to our customers that may be useful in some situations. Since this module is not the final version it may contain bugs or have limited functionality and may not have complete or accurate documentation.

The specific flaw exists within the AnnotateX dll ActiveX control included with the software. An attacker can use an unvalidated object parameter in the Insert() function to execute arbitrary code in the context of the browser.

A vulnerability in Microsoft's implementation of the Kerberos authentication protocol allows to modify a Kerberos ticket to remotely escalate privileges. This module exploits the vulnerability impersonating a user of the domain's Administrators group to install an agent in the domain controller with System privileges.



This update solves issues related to name resolution of the target and to running the exploit with a source agent installed on a Linux host.

Webgate WESP SDK WESPMonitor Module is prone to a buffer overflow vulnerability when LoadImage method is invoked with a crafted argument.

This module exploits a double free vulnerability in win32k.sys, allowing an unprivileged local user to cause a BSOD.

This module exploits an integer overflow in Adobe Flash Player. The specific flaw exists within the implementation of casi32. The issue lies in the failure to properly sanitize a user-supplied length value with a specific array implementation. An attacker can leverage this vulnerability to execute code within the context of the current process.

Adobe Flash Player is prone to a use-after-free vulnerability because the ByteArray::UncompressViaZlibVariant method frees an object while leaving a dangling pointer that can be later dereferenced.

This vulnerability allows attackers to execute arbitrary code on vulnerable machines by enticing unsuspecting users to visit a website serving a specially crafted SWF Flash file.