Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 6.0.0.1 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
Monthly Archives: March 2016
Patch Out For 'Ridiculous' Trend Micro Command Execution Vuln
US Marine Corps Launches Hacker Support Unit
Cyber Criminals 'Hacked Law Firms'
Magento Becomes Fresh Target For KimcilWare Ransomware
Packet Storm New Exploits For March, 2016
This archive contains all of the 196 exploits added to Packet Storm in March, 2016.
Windows Kernel Bitmap Use-After-Free
The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).
Windows Kernel NtGdiGetTextExtentExW Out-Of-Bounds Memory Read
The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crash is due to accessing memory past the end of a buffer.
Adobe Flash URLStream.readObject Use-After-Free
There is a use-after-free in URLStream.readObject in Adobe Flash. If the object read is a registered class, the constructor will get invoked to create the object. If the constructor calls URLStream.close, the URLStream will get freed, and then the deserialization function will continue to write to it.
Adobe Flash TextField.maxChars Use-After-Free
There is a use-after-free in the TextField.maxChars setter in Adobe Flash. If the maxChars the field is set to is an object with valueOf defined, the valueOf function can free the field’s parent object, which is then used.