The KingSCADA application has a stack-based buffer overflow vulnerability where the application overwrites the structured exception handler (SEH). An attacker could send a specially crafted packet to KingSCADA, and the application would handle the packet incorrectly, causing a stack-based buffer overflow.
When the "HKEY_CURRENT_USER\Software\Classes\exefile" registry key is modified by this exploit and a Windows or third party service calls to the "ShellExecute" function, an invalid association file is produced, finalizing the attack with the execution of a crafted program instead of the original program.
This module exploits a vulnerability in "win32k.sys" by calling to "NtUserValidateHandleSecure" function with crafted parameters.
This is a documentation update from the original module "Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS".
This is a documentation update from the original module "Microsoft Windows Win32k IsHandleEntrySecure Null Pointer Dereference DoS".
The specific flaw exists within the Borland Silk Central TeeChart ActiveX control. The control suffers from an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. An attacker can exploit this condition to achieve code execution under the context of the browser process.
A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer.
The copying procedure stops when a null byte is found and no size check is proceeded.
The copying procedure stops when a null byte is found and no size check is proceeded.
AT and T Connect Participant Application is prone to a Buffer-Overflow when handling specially crafted SVT files.
This module exploits an integer underflow vulnerability in Adobe Flash Player. This vulnerability was exploited in 0day attacks in February 2014.
This update adds support for Windows 7 x64, Windows Server 2008 x64 and Windows Server 2008 R2 x64.
This update adds support for Windows 7 x64, Windows Server 2008 x64 and Windows Server 2008 R2 x64.
HP LoadRunner lrFileIOService has a vulnerability in the WriteFileString method, which allow the user to write arbitrary and load abitrary modules.
This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKBCopyD.exe service.
The Yokogawa Centum CS3000 solution uses different services in order to provide all its functionality. The BKBCopyD.exe service, started when running the FCS / Test Function, listens by default on TCP/20111. By sending a specially crafted packet to the port TCP/20111 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user.
The Yokogawa Centum CS3000 solution uses different services in order to provide all its functionality. The BKBCopyD.exe service, started when running the FCS / Test Function, listens by default on TCP/20111. By sending a specially crafted packet to the port TCP/20111 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user.
This module exploits a stack based buffer overflow in Yokogawa CENTUM CS 3000 by using its BKHOdeq.exe service.
The BKHOdeq.exe service, started when running the FCS / Test Function listens by default on TCP/20109, TCP/20171 and UDP/1240. By sending a specially crafted packet to the port TCP/20171 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user.
The BKHOdeq.exe service, started when running the FCS / Test Function listens by default on TCP/20109, TCP/20171 and UDP/1240. By sending a specially crafted packet to the port TCP/20171 it is possible to trigger a stack based buffer overflow which allows execution of arbitrary code with the privileges of the CENTUM user.