:: Deepquest ::

The BytePackedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataBitOffset” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This vulnerability allows for remote code execution

The IntegerInterleavedRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a signed integer overflow that allows bypassing of “dataOffsets[0]” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll. This vulnerability allows for remote code execution.

Oracle Java versions prior to 7u25 suffer from an invalid array indexing vulnerability that exists within the native storeImageArray() function inside jre/bin/awt.dll.

This Metasploit module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as ‘rdrf’ or ‘dref’ in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the user.

Apple Security Advisory 2013-07-02-1 – Security Update 2013-003 is now available and addresses multiple arbitrary code execution vulnerabilities in QuickTime.

Apple Security Advisory 2013-06-18-1 – Java for OS X 2013-004 and Mac OS X v10.6 Update 16 are now available and addresses multiple vulnerabilities that include arbitrary code execution issues.

This is a whitepaper called Usability vs. Security: The Everlasting Trade-Off in the Context of Apple iOS Mobile Hotspots.

This application assists in generating an iOS hotspot cracking word list, which might be used in subsequent attacks on other hotspot users. The application also gives explanations and hints on how to crack a captured WPA2 handshake using well-known password crackers.