Searching pointers software vulnerabilities

A race condition in the way env_start and env_e

fs/proc/basec | initialized | env_start | condition | pointers | service | env_end | allows | system | execve | denial | cause | local | users | Linux | race | call | used | way |

A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).


Linux kernel does not properly convert 64-bit f

pointers | properly | portions | convert | offset | memory | access | allows | 64-bit | kernel | local | users | Linux | which | file | does | bits | not |

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.


NtRegmon before 6.12 allows local users to caus

NtRegmon | before |

NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.


The exit_thread function (process.c) in Linux k

exit_thread | function |

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.


Heap-based buffer overflow in Trend Micro AntiV

Heap-based | AntiVirus | overflow | Library | buffer | before | VSAPI | Trend | Micro |

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.


Race condition in the ia32 compatibility code f

compatibility | condition | system | before | kernel | execve | Linux | ia32 | Race | call | code |

Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a concurrent thread that increments a pointer count after the nargs function has counted the pointers, but before the count is copied from user space to kernel space, which leads to a buffer overflow.


Domain Name Relay Daemon (DNRD) before 2.19.1 a

Daemon | Domain | Relay | Name |

Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer).


The sysctl functionality (sysctl.c) in Linux ke

functionality | sysctl |

The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table.


Unspecified vulnerability in Microsoft Excel 20

vulnerability | Unspecified | Microsoft | Excel |

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.


The "mechglue" abstraction interface of the GSS

abstraction | "mechglue" | interface | Kerberos | through | GSS-API | library |

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.


Computer Associates Host Intrusion Prevention S

Prevention | Associates | Intrusion | Computer | System | Host |

Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.


Unspecified vulnerability in Internet Explorer

vulnerability | Unspecified | Explorer | Internet |

Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.


PUBCONV.DLL in Microsoft Office Publisher 2007

PUBCONVDLL | Publisher | Microsoft | Office |

PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".


Multiple vulnerabilities in the layout engine f

vulnerabilities | Multiple | Firefox | Mozilla | before | layout | engine | 15x |

Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.


Net::DNS before 0.60, a Perl module, allows rem


Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.


Software vulnerabilities results 1 to 16 of 16     
Page: 1