102574cb3e
5 new exploits EVA-Web 1.1<= 2.2 - (index.php3) Remote File Inclusion EVA-Web 1.1 <= 2.2 - (index.php3) Remote File Inclusion WordPress Plugin Simple Forum 1.10-1.11 - SQL Injection WordPress Plugin Simple Forum 1.10 < 1.11 - SQL Injection Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Perl) Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Ruby) Debian and Derivatives OpenSSL 0.9.8c-1<= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Debian and Derivatives OpenSSL 0.9.8c-1 <= 0.9.8g-9 - Predictable PRNG Brute Force SSH Exploit (Python) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4<11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4 / 2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) Linux Kernel 2.4.1<2.4.37 / 2.6.1<2.6.32-rc5 - 'pipe.c' Privilege Escalation (3) Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Privilege Escalation (3) Adobe Acrobat Reader 7<9 - U3D Buffer Overflow Adobe Acrobat Reader 7 < 9 - U3D Buffer Overflow Samba 3.0.21-3.0.24 - LSA trans names Heap Overflow (Metasploit) Samba 3.0.21 < 3.0.24 - LSA trans names Heap Overflow (Metasploit) Mozilla Firefox 7 / 8<= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Mozilla Firefox 7 / 8 <= 8.0.1 - nsSVGValue Out-of-Bounds Access (Metasploit) Adobe Flash - Crash When Freeing Memory After AVC decoding Adobe Flash - Video Decompression Memory Corruption Linux - SELinux W+X Protection Bypass via AIO Zortam Mp3 Media Studio 21.15 - Insecure File Permissions Privilege Escalation Wise Care 365 4.27 / Wise Disk Cleaner 9.29 - Unquoted Service Path Privilege Escalation Microsoft MSN Messenger 1<4 - Malformed Invite Request Denial of Service Microsoft MSN Messenger 1 < 4 - Malformed Invite Request Denial of Service Kerio Control Unified Threat Management 9.1.0 build 1087_ 9.1.1 build 1324 - Multiple Vulnerabilities Kerio Control Unified Threat Management 9.1.0 build 1087 / 9.1.1 build 1324 - Multiple Vulnerabilities Check Point VPN-1 SecureClient 4.0/4.1 - Policy Bypass Check Point VPN-1 SecureClient 4.0 < 4.1 - Policy Bypass Microsoft Excel 95<2004 - Malformed Graphic File Code Execution Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution Git-1.9.5 - ssh-agent.exe Buffer Overflow Git 1.9.5 - ssh-agent.exe Buffer Overflow Skybox Platform <=7.0.611 - Multiple Vulnerabilities Skybox Platform <= 7.0.611 - Multiple Vulnerabilities SOLIDserver <=5.0.4 - Local File Inclusion SOLIDserver <= 5.0.4 - Local File Inclusion WordPress Plugin DZS Videogallery <=8.60 - Multiple Vulnerabilities WordPress Plugin DZS Videogallery <= 8.60 - Multiple Vulnerabilities Microsoft Windows 7<10 / Server 2008-2012 (x32/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (PowerShell) Microsoft Windows 7<10 / Server 2008-2012 (x32/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7 < 10 / Server 2008 < 2012 (x86/x64) - Privilege Escalation (MS16-032) (C#) Microsoft Windows 7<10 / 2008<2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032) Microsoft Windows 7 < 10 / 2008 < 2012 (x86/x64) - Secondary Logon Handle Privilege Escalation (MS16-032)
9 lines
327 B
Text
Executable file
9 lines
327 B
Text
Executable file
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=859
|
|
|
|
There is a crash when the AVC decoder attempts to free memory, likely indicating memory corruption.
|
|
|
|
Fixed in the September update
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40421.zip
|