A stack-based buffer overflow vulnerability exists in Beetel Connection Manager. The vulnerability is due to improper parsing of parameters in the NetConfig.ini file. A remote attacker could exploit this vulnerability by enticing a user to use a crafted NetConfig.ini file.
Category Archives: Checkpoint
Checkpoint
F5 Big-IP TLS Information Disclosure (Ticketbleed; CVE-2016-9244)
An information disclosure vulnerability has been reported in F5 Big-IP TLS products. An attacker can leverage this vulnerability to disclose memory contents of a connected server.
UltraISO CUE File Parsing Buffer Overflow (CVE-2007-2888)
A stack-based buffer overflow exists in UltraISO. The vulnerability is due to lack of bounds validation which might lead to a buffer overflow. A remote attacker can execute arbitrary code by enticing a victim to open a CUE crafted file.
VUPlayer CUE File Buffer Overflow
A stack overflow exists in VUPlayer. The vulnerability is due to improper boundary checking of user-supplied input when processing CUE files. By enticing a victim to open a malicious CUE file, a remote attacker could execute arbitrary code on the affected system.
SafeNet SoftRemote GROUPNAME Buffer Overflow (CVE-2009-3861)
A stack buffer overflow vulnerability exists in SafeNet SoftRemote Security Policy Editor. The vulnerability is due to insufficient input validation while handling a specially formatted security policy. Successful exploitation could lead to arbitrary code execution in the security context of the target user.
Microsoft Edge document.domain Same Origin Policy Bypass (MS17-001: CVE-2017-0002)
A policy bypass vulnerability has been reported in Microsoft Edge. This vulnerability is due improper enforcement of cross-domain policies with pages that have an empty document.domain property. A remote attacker could exploit this vulnerability by enticing a user to visit a maliciously crafted web-page. Successful exploitation of this vulnerability would allow an attacker to bypass the same origin policy and disclose sensitive information.
Suspicious Malvertising Redirection
Campaigns of malvertising, redirecting to malicious web pages, have been identified. Successful exploitation could result in remote code execution on the target system once the malicious page is loaded.
Microsoft Windows gdi32.dll Out Of Bounds Reads Information Disclosure (CVE-2017-0038)
An information disclosure vulnerability exists in Microsoft Windows gdi32.dll. A remote attacker can exploit this vulnerability by sending the target user a malicious file. Successful exploitation could result in an out-of-bounds read and access to private user data.
Adobe Flash Player Heap Buffer Overflow (APSB17-04: CVE-2017-2992)
A heap buffer overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted mp4 file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.
Adobe Flash Player Use After Free Code Execution (APSB17-04: CVE-2017-2985)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.