http://bandai.go.th/newsdetail.php?id=37 notified by Ashiyane Digital Security Team
>> TAG: #Security
This Metasploit module exploits a vulnerability found in Apple Quicktime. The flaw is triggered when Quicktime fails to properly handle the data length for certain atoms such as ‘rdrf’ or ‘dref’ in the Alis record, which may result a buffer overflow by loading a specially crafted .mov file, and allows arbitrary code execution under the context of the user.
Flux Player v3.1.0 iOS – Multiple Vulnerabilities
WiFly 1.0 Pro iOS – Multiple Vulnerabilities
Windows Movie Maker Version 2.1.4026.0 (.wav) – Crash POC
Symantec Workspace Virtualization 6.4.1895.0 Local Kernel Mode Privilege Escalation
Dell PacketTrap PSA 7.1 – Multiple XSS Vulnerabilities
Xibo 1.2.2 and 1.4.1 (index.php, p param) – Directory Traversal Vulnerability
ePhoto Transfer v1.2.1 iOS – Multiple Vulnerabilities
Anchor CMS 0.9.1 – Stored XSS Vulnerability