Posted by Stefan Kanthak on Dec 26

“Shawn McMahon” <syberghost () gmail com> wrote:

0. why was F-Secure able to fix their bugs in their program?

1. which of the DLLs are loaded by the OS, which are loaded by their program?

2. what’s (not) wrong with
a) the OS?
b) <https://blogs.msdn.microsoft.com/oldnewthing/20101111-00/?p=12303>?
c) ALL executable installers and self-extractors?
d) <https://cwe.mitre.org/data/definitions/426.html>…

Posted by Hans Jerry Illikainen on Dec 26

`_TIFFVGetField()’ in libtiff-4.0.6 may write field data for certain
extension tags to invalid or possibly arbitrary memory.

Each tag has a `field_passcount’ variable in their TIFFField struct:

tiff-4.0.6/libtiff/tif_dir.h #276..289:
,—-
| struct _TIFFField {
| uint32 field_tag; /* field’s tag */
| short field_readcount; /* read count/TIFF_VARIABLE/TIFF_SPP */
| short…

Posted by Rio Sherri on Dec 26

# Title : EasyCafe Server <= 2.2.14 Remote File Read
# Date : 25/12/2015
# Author : R-73eN
# Tested on : Windows 7 Ultimate
# Software Link : http://www.tinasoft.com/easycafe/
# Vulnerable Versions : EasyCafe Server <= 2.2.14
# EasyCafe Server has a feature to upload file from the server to a client.
# And the request is as following. EasyCafe Server sends an UDP request to
the client with the file that wants to upload,
# Then the client…