A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted JPG file.
Monthly Archives: February 2017
Trane comfort Link II DSS services handling remote code execution (CVE-2015-2868)
An exploitable remote code execution vulnerability exists in the Trane ComfortLink II DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II device can send an overly long request that can overflow a fixed size stack buffer, resulting in arbitrary code execution.
GraphicsMagick and ImageMagick popen() Command Execution (CVE-2016-5118)
A remote code execution vulnerability exists in ImageMagick and GraphicsMagick. The vulnerability is due to an error in the way the programs handle specially crafted files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file that could run arbitrary code in the context of the current user.
Adobe Acrobat and Reader Memory Corruption (APSB17-01: CVE-2017-2963)
A memory corruption vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to out-of-bounds error while accessing to unintended memory in a specially crafted TIFF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted TIFF file.
WordPress CM Download Manager Code Injection (CVE-2014-8877)
Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full compromise of the affected application.
Autodesk Design Review BMP biClrUsed Buffer Overflow
A heap-based buffer overflow vulnerability exists in Autodesk Design Review. The vulnerability is due to improper handling of biClrUsed field in a BMP file. A remote attacker could exploit these vulnerabilities by enticing the user to visit a maliciously crafted web-page or open a maliciously crafted file. Successful exploitation would allow the attacker to execute arbitrary code in the context of the user.
CVE-2017-5549
The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
CVE-2017-5548
drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
CVE-2017-2596
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
CVE-2017-5551
The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.