ad7bd81657
21 new exploits Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption Microsoft Office PowerPoint 2010 - MSO/OART Heap Out-of-Bounds Access Microsoft Office PowerPoint 2010 GDI - 'GDI32!ConvertDxArray' Insufficient Bounds Check Adobe Flash - MP4 AMF Parsing Overflow Adobe Flash - SWF Stack Corruption Adobe Flash - Use-After-Free in Applying Bitmap Filter Adobe Flash - YUVPlane Decoding Heap Overflow DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery Joomla! Component J-HotelPortal 6.0.2 - 'review_id' Parameter SQL Injection Joomla! Component J-CruiseReservation Standard 3.0 - 'city' Parameter SQL Injection Joomla! Component Eventix Events Calendar 1.0 - SQL Injection Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' Parameter SQL Injection Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection Joomla! Component Magic Deals Web 1.2.0 - SQL Injection Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection Sophos Web Appliance 4.2.1.3 - block/unblock Remote Command Injection (Metasploit) Sophos Web Appliance 4.2.1.3 - DiagnosticTools Remote Command Injection (Metasploit) Sonicwall 8.1.0.2-14sv - 'extensionsettings.cgi' Remote Command Injection (Metasploit) Sonicwall 8.1.0.2-14sv - 'viewcert.cgi' Remote Command Injection (Metasploit) AlienVault OSSIM/USM <= 5.3.1 - Remote Code Execution (Metasploit)
7 lines
343 B
Text
Executable file
7 lines
343 B
Text
Executable file
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018
|
|
|
|
There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4.
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/41420.zip
|