tadmin

Trillian

Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly
earlier, allows remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DTD file.

Sun Java

Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in
JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK
and JRE 1.3.x?before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24
allows remote attackers to gain privileges via a crafted image file,
aka Bug Id 6862969. Sun Java SE in JDK and JRE 5.0 before Update 22,
JDK and JRE 6 before Update 17, SDK and?JRE 1.3.x before 1.3.1_27, and
SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color
profiles, which allows remote attackers to gain privileges via a
crafted image file.

RealNetworks RealPlayer

A DLL file in RealNetworks RealPlayer 11 allows remote attackers to
execute arbitrary code via a crafted Internet Video Recording (IVR)
file with a modified field that controls an unspecified structure
length and triggers heap corruption, related to use of RealPlayer
through a Windows Explorer plugin.


Opera Software (browser)

by tadmin

Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.

Mozilla Firefox

by tadmin

The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird
allows?remote attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code

Apple Safari

by tadmin

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and
Safari before 4.0.3, allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via an image with
crafted EXIF metadata.

Apple QuickTime

by tadmin

Buffer overflow in Apple QuickTime before 7.6 allows remote attackers
to cause a denial of service (application termination) and possibly
execute arbitrary code via a crafted MP3 audio file. Heap-based buffer
overflow in?Apple QuickTime before 7.6 allows remote attackers to cause
a denial of service (application termination) and execute arbitrary
code via an AVI movie file with an invalid nBlockAlign value in the
_WAVEFORMATEX structure.

Adobe Shockwave

by tadmin

Allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an “invalid string length vulnerability.” Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site.

Adobe Flash Player

by tadmin

Does not properly remove references to destroyed objects during
Shockwave Flash file processing, which allows remote attackers to
execute arbitrary code via a crafted file, related to a “buffer
overflow issue.” Allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unknown
vectors, related to a “privilege escalation vulnerability.” Allows
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via unspecified vectors, related to a “null
pointer vulnerability.”

Adobe Acrobat, Adobe Reader

by tadmin

Vulnerabilities that allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.