Slideshow


Apple Safari

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and
Safari before 4.0.3, allows remote attackers to execute arbitrary code
or cause a denial of service (application crash) via an image with
crafted EXIF metadata.

Apple QuickTime

Buffer overflow in Apple QuickTime before 7.6 allows remote attackers
to cause a denial of service (application termination) and possibly
execute arbitrary code via a crafted MP3 audio file. Heap-based buffer
overflow in?Apple QuickTime before 7.6 allows remote attackers to cause
a denial of service (application termination) and execute arbitrary
code via an AVI movie file with an invalid nBlockAlign value in the
_WAVEFORMATEX structure.

Adobe Shockwave

Allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption, related to an “invalid string length vulnerability.” Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site.


Adobe Flash Player

by tadmin

Does not properly remove references to destroyed objects during
Shockwave Flash file processing, which allows remote attackers to
execute arbitrary code via a crafted file, related to a “buffer
overflow issue.” Allows attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via unknown
vectors, related to a “privilege escalation vulnerability.” Allows
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via unspecified vectors, related to a “null
pointer vulnerability.”

Adobe Acrobat, Adobe Reader

by tadmin

Vulnerabilities that allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.