:: Deepquest ::

Kaspersky Virtual Keyboard suffers from a path traversal vulnerability.

There is a type confusion issue during serialization if ObjectEncoder.dynamicPropertyWriter is overridden with a value that is not a function.

If IExternalizable.readExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a ‘method’ outside of the ActionScript object’s ActionScript vtable, leading to memory corruption.

If the numFonts field in the TTC header is greater than (SIZE_MAX+1) / 4, an integer overflow occurs in filevirus_ttf() when calling CSafeGenFile::SafeLockBuffer.

The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize early. The researcher observed this crash in Avast Antivirus, but the origin of the code appears to be the unrar source distribution. Many other antiviruses may be affected, and presumably WinRAR […]

The attached Microsoft Access Database causes JetDb::IsExploited4x to be called, which contains an unbounded search for objects.

Trivial fuzzing of molebox archives revealed a heap overflow decrypting the packed image in moleboxMaybeUnpack. This vulnerability is obviously exploitable for remote arbitrary code execution as NT AUTHORITYSYSTEM.

The attached PEncrypt packed executable causes an OOB write on Avast Server Edition. The attached testcase has the password “infected” to avoid disrupting your mail server.

It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. This attack also works on Office 2013 running on Windows 7 x64. Other platforms were not tested. The attached POC document “planted-mqrt.doc” contains what was originally an embedded Packager […]

Apple Security Advisory 2015-12-11-1 – iTunes 12.3.2 is now available and addresses 12 security vulnerabilities.