A privilege escalation vulnerability exists in the clfs.sys driver which comes installed by default on Windows 10 21H2, Windows 11 21H2 and Windows Server 20348 operating systems. This Metasploit module exploit makes use to two different kinds of specially crafted .blf files.
9aa5ede2ea03c876775407f0098c013dfd3c503cc4ebb1ee7306284def339699
This whitepaper discusses low-level reversing of the BLUEKEEP vulnerability.
0677b8441e78f758bec54dab3454d421969b72e6583840ca61e41fe11d0be904
Core Security Technologies Advisory - VAMPSET version 2.2.145 is vulnerable to a stack-based and heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.
57fc076cced40621b525e0c4d60739b93696cbf99216bd6939f718ba48293d6d
Core Security Technologies Advisory - Advantech WebAccess version 7.2 suffers from multiple buffer overflow vulnerabilities.
909690e95e7b916c1fbab64b4af5b09fb3ba04112c7ca47c95bbd232e68cb553
Core Security Technologies Advisory - RealPlayer is prone to a security vulnerability when processing RMP files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing RealPlayer users to open a specially crafted RMP file (client-side attack). Versions 16.0.2.32 and 16.0.3.51 are affected.
138c669ee28a20c01fad95f2ddae01490a953b8043d0631d15f8c2f418a3d9c1
Core Security Technologies Advisory - XnView is prone to a security vulnerability when processing PCT files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file.
ca26300ca7108c01d37afc023226b062ec8f28da70b639d5efffa6f4508c47ce
Core Security Technologies Advisory - Lattice Diamond Programmer is vulnerable to client-side attacks, which can be exploited by remote attackers to run arbitrary code by sending specially crafted '.xcf' files.
df8058279a3a470f0f6120f9c7043177979a194827cfc608434c36cb3b42c698
Core Security Technologies Advisory - Two vulnerabilities have been found in VLC media player, when handling .AMV and .NSV file formats. These vulnerabilities can be exploited by a remote attacker to obtain arbitrary code execution with the privileges of the user running VLC. Versions 1.1.4 through 1.1.7 are affected.
8be83321208dda4d6d31da8ff809448217d99f09c95ce0362ee9c5369cec08f6
Core Security Technologies Advisory - Adobe Acrobat Reader is prone to a use-after-free vulnerability due to an invalid usage of a released memory chunk. This vulnerability could be used by a remote attacker to execute arbitrary code, by enticing the user of Adobe Acrobat Reader to open a specially crafted file and click on PAGES thumbnails.
b904c5a6e5a8de97f43c56644b6a9ba52dae475e7eef0a3f2c048059d81b1e24
Core Security Technologies Advisory - A vulnerability has been found in the ActiveX control DLL (axvlc.dll) used by VLC player. This library contains three methods whose parameters are not correctly checked, and may produce a bad initialized pointer. By providing these functions specially crafted parameters, an attacker can overwrite memory zones and execute arbitrary code. Vulnerable versions include VLC media player 0.86, 0.86a, 0.86b and 0.86c.
a87e849266c4e77d90eb2721b17cdf3a56fc7d7192d74bad333d639a52d5e13e