:: Deepquest ::

WordPress Pie Register plugin version 2.0.18 suffers from a cross site scripting vulnerability.

WordPress Font plugin version 7.5 suffers from a path traversal vulnerability.

WordPress Pie Register plugin version 2.0.18 suffers from multiple remote blind SQL injection vulnerabilities.

libsndfile versions 1.0.25 and below suffer from a heap overflow vulnerability.

Tomabo MP4 Converter version 3.10.12 suffers from a denial of service vulnerability.

Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.

CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.

The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists in the ThinApp container parsing. Kaspersky Antivirus and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.

Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This is obviously exploitable for remote, zero-interaction code execution as NT AUTHORITYSYSTEM on any system with Kaspersky Antivirus.

Fuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.