This Metasploit module exploits a vulnerability in the bad nesting with SVG tags. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
29062b9f8cced306f88a84cb2355e266c3598c5e90d26f6c36e1d2fb743a0cbfThis Metasploit module exploits a vulnerability in the nesting of frameset and iframe tags as implemented within Opera Browser. A memory corruption is triggered and some pointers got corrupted with invalid addresses. Successfully exploiting leads to remote code execution or denial of service condition under Windows XP SP3 (DEP = off).
cca2c04d9608cabd67212e6b6de6f391c4ae540b9386fc4c1e27694218c8edb5iDefense Security Advisory 07.20.11 - Remote exploitation of a heap based buffer overflow vulnerability in WebKit, as included with Apple Inc.'s Safari Web browser, could allow an attacker to execute arbitrary code with the privileges of the current user. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
30357d20ea6ff88371b69718cc38e33ee295d328c17ebae326814210907aea07iDefense Security Advisory 12.14.10 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to an uninitialized variable in the "CLayout::EnsureDispNode" method. This method is called to recalculate the location of various HTML elements within the page. This function passes a "CDispNodeInfo" object to another function, "CLayout::GetDispNodeInfo," which is supposed to initialize the object passed in; however, the function fails to properly initialize a flag's value that is used later to determine how many "extra" bytes to allocate for a heap buffer. This eventually leads to an undersized buffer being allocated to hold a "CDispClipNode" object in the "CLayout::EnsureDispNodeCore" function. The vulnerability manifests itself when the "CDispNode::SetUserClip" function attempts to use the invalid "extra size" to calculate an offset into the object and manipulate a bit at this location. This corrupts the objects VTABLE by setting the second bit to 1, which can lead to the execution of arbitrary code when this pointer is accessed later. Microsoft Internet Explorer 6, 7 and 8 are vulnerable.
71219e3d4aa0a8af4a6f70f59166543e9d763cb490d82b8b85ea2ee887b4898dWebkit on Apple Safari versions prior to 4.1.2 and 5.0.2 and Google Chrome versions prior to 5.0.375.125 suffers from a memory corruption vulnerability.
6377799e8809d0dbb51d80694c28c4c192e86d2cb2313c813d9801888e3a7294
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed