Siemens Solid Edge SEListCtrlX ActiveX control is prone to an arbitrary memory write vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
Use after free in Internet Explorer when an invalid reference to CFlatMarkupPointer is used. Successful control of the freed memory may leverage arbitrary code execution under the context of the user.
Kingsoft Writer is prone to a Buffer Overflow when handling font names via a specially crafted WPS file with an overly long font name.
The specific flaw exists within the micWebAjax.dll ActiveX control. The control exposes the NotifyEvent method. The method performs insufficient bounds checking on user-supplied data which results in stack corruption.
Triologic Media Player contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in Triologic Player when handling misleading m3u files. This situation leads to a buffer overflow and allows an attacker to overwrite an SEH Pointer and get control of execution. This is an UNICODE overflow so special shellcode must be considered. This vulnerability can be exploited via a specially crafted .m3u file.
This module exploits a vulnerability in Agnitum Outpost Security Suite acs.exe service server when handling a specially crafted request, sent to the acsipc_server named pipe. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the acs.exe server process.
GSM SIM Utility contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in GSM SIM Editor when handling misleading .sms files. When opening such files an error message is shown and then a buffer overflow occurs. This situation allows an attacker to overwrite an SEH Pointer and control the execution flow.
This module exploits a vulnerability in win32k.sys when the EPATHOBJ::pprFlattenRec() doesn't initialize the pointer to the next memory chunk.
This update adds support to Windows 2003 64 bits, Windows Vista 64 bits, Windows 2008 64 bits, Windows 2008 R2, Windows 7 64 bits, Windows 8 64 bits and Windows 2012 64 bits.
This update adds support to Windows 2003 64 bits, Windows Vista 64 bits, Windows 2008 64 bits, Windows 2008 R2, Windows 7 64 bits, Windows 8 64 bits and Windows 2012 64 bits.
The Import Server component of Oracle WebCenter Capture is affected by a buffer overflow vulnerability. This could allow command execution when a user loads a web page which calls the SetAnnotationFont method of the BlackIceDevMode.ocx ActiveX control with a overly long string argument.
The DefaultActionMapper class in Apache Struts2 supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:". The information contained in these prefixes is not properly sanitized before being evaluated as OGNL expressions on the server side, which allows remote attackers to execute arbitrary Java code on the server.
This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.
This module exploits the vulnerability in any web application built on top of vulnerable versions of the Apache Struts 2 framework.