Corelanc0D3R

**Name of the Vulnerable Software and Affected Versions** Integard Pro versions prior to 2.0.0.9037 Integard Home versions prior to 2.0.0.9037 Integard Pro and Home versions 2.2.x prior to 2.2.0.9037 **Description** The web server has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. This issue can be exploited through an EIP-overwrite buffer overflow. **Recommendations** For Integard Pro and Home versions prior to 2.0.0.9037, update to version 2.0.0.9037 or later. For Integard Pro and Home versions 2.2.x prior to 2.2.0.9037, update to version 2.2.0.9037 or later. As a temporary workaround, consider restricting access to the administration login `POST` request until a patch is available. Avoid using long passwords in the administration login until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 8 through 11 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by improper access to objects in memory, which could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 8 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 8 through 11 **Description** A remote code execution issue exists due to improper access to objects in memory, potentially causing memory corruption and allowing an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 8 through 11, update to a version that includes the fix for this issue to prevent remote code execution. As a temporary workaround, consider restricting access to potentially vulnerable web sites until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 7 through 10 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by improper access to objects in memory, which could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 7 through 10, update to a version that properly handles memory access to prevent code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to memory handling errors, allowing a remote attacker to potentially execute arbitrary code or cause a denial of service by accessing a specially crafted website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 7 through 11 **Description** The issue is related to memory corruption, allowing remote attackers to execute arbitrary code or cause a denial of service. It is caused by improper access to objects in memory, which can be exploited by attackers using a crafted web site. The vulnerability is also described as a use-after-free error when working with a CTreeNode object, enabling remote execution of arbitrary code. **Recommendations** For Microsoft Internet Explorer versions 7 through 11, update to a version that includes the fix for this memory corruption issue to prevent exploitation. As a temporary workaround, consider restricting access to potentially malicious web sites to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to the improper handling of objects in memory by Internet Explorer, which could lead to memory corruption and allow an attacker to execute arbitrary code in the context of the current user. This can be achieved through a specially crafted website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to improper memory object access, which could lead to memory corruption. This allows an attacker to potentially execute arbitrary code in the context of the current user by exploiting the vulnerability through a specially crafted website. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 11 **Description** A use-after-free issue allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function. This could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 6 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 9 through 11 **Description** The issue is related to memory handling errors, allowing an attacker to execute arbitrary code or cause a denial of service via a specially crafted website. This is due to incorrect access to objects in memory in the context of the current user. The vulnerability was demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. **Recommendations** For Internet Explorer versions 9 through 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** War FTP Daemon version 1.82 RC 12 **Description** The issue allows remote authenticated users to cause a denial of service, resulting in a crash, by utilizing format string specifiers in a LIST command. **Recommendations** For War FTP Daemon version 1.82 RC 12, consider restricting access to the LIST command until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer versions 8 through 11 **Description** The issue is related to a use-after-free error when working with the CHtmlLayout object, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. **Recommendations** For Internet Explorer versions 8 through 11, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 9 **Description** A remote code execution issue exists due to improper memory access, potentially leading to memory corruption and allowing attackers to execute arbitrary code in the context of the current user. This can be achieved via a crafted web site. **Recommendations** For Microsoft Internet Explorer versions 6 through 9, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 7 through 10 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This occurs because Internet Explorer improperly accesses an object in memory, potentially corrupting it in a way that enables an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 7 through 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GOM Player version 2.1.33.5071 **Description** A stack-based buffer overflow issue allows user-assisted remote attackers to execute arbitrary code via a .ASX file with a long URI in the `ref href` tag. This issue exists due to a regression. **Recommendations** For GOM Player version 2.1.33.5071, at the moment, there is no information about a newer version that contains a fix for this issue.