Trillian
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly
earlier, allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DTD file.
tadmin
Sun Java
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x?before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to gain privileges via a crafted image file,
aka Bug Id 6862969. Sun Java SE in JDK and JRE 5.0 before Update 22,
JDK and JRE 6 before Update 17, SDK and?JRE 1.3.x before 1.3.1_27, and
SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color
profiles, which allows remote attackers to gain privileges via a
crafted image file.
RealNetworks RealPlayer
A DLL file in RealNetworks RealPlayer 11 allows remote attackers to
execute arbitrary code via a crafted Internet Video Recording (IVR)
file with a modified field that controls an unspecified structure
length and triggers heap corruption, related to use of RealPlayer
through a Windows Explorer plugin.
Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.
The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird
allows?remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and
Safari before 4.0.3, allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via an image with
crafted EXIF metadata.
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers
to cause a denial of service (application termination) and possibly
execute arbitrary code via a crafted MP3 audio file. Heap-based buffer
overflow in?Apple QuickTime before 7.6 allows remote attackers to cause
a denial of service (application termination) and execute arbitrary
code via an AVI movie file with an invalid nBlockAlign value in the
_WAVEFORMATEX structure.
Allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an “invalid string length vulnerability.” Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site.
Does not properly remove references to destroyed objects during
Shockwave Flash file processing, which allows remote attackers to
execute arbitrary code via a crafted file, related to a “buffer
overflow issue.” Allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unknown
vectors, related to a “privilege escalation vulnerability.” Allows
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via unspecified vectors, related to a “null
pointer vulnerability.”
Vulnerabilities that allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
