Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6aASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.
3b57e1d843a64059edf1200acba22a276913db2838fb449328d307badda0ce0eThis Metasploit module exploits a stack-based buffer overflow in Orbit Downloader. The vulnerability is due to Orbit converting an URL ascii string to unicode in a insecure way with MultiByteToWideChar. The vulnerability is exploited with a specially crafted metalink file that should be opened with Orbit through the "File->Add Metalink..." option.
3fabd80b37cf0e1969d54e9e5602e17e7766d95225a456a310cee421d520516cCore Security Technologies Advisory - Adobe Audition is vulnerable to numerous buffer overflows while parsing several fields inside the TRKM chunk on session (.ses) files. Then, a memory corruption can be leveraged to execute arbitrary code on vulnerable systems by enticing users to open specially crafted session files.
bca39d351128dc119a842d9e07ba7f07d956f9a7c41897996b07986de69c7d31Core Security Technologies Advisory - While investigating the OpenType Compact Font Format vulnerability disclosed in MS10-037, Diego Juarez discovered another kernel bug in the parsing of OTF files. Loading a malformed OpenType font can cause the entire system to crash. The vulnerability could be used locally by attackers with access to an unprivileged account to elevate privileges to those of a System Administrator.
0e3069b48078cc6ce57a0ba9ae979121fd8801e0819abc6cd8b9765d2daa3a61Core Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system.
06e57ed0863415c369e25cbef95b7d726f955222074ae28cf5b2b20d11fdfe9dCore Security Technologies Advisory - Luxology Modo 401 suffers from an integer overflow vulnerability when parsing .LXO files.
51b9cf82b285e0e429b33854d143984df2fb806fbb892adaa88ca3f6cc587050Core Security Technologies Advisory - Awakening's Winds3D Viewer, which runs as a plugin within most popular web browsers, is vulnerable to a remotely exploitable arbitrary command execution vulnerability which can be triggered by making the user visit a malicious link/website. Versions 3.5.0.0 and 3.0.0.5 are vulnerable.
9678ea739c83991289267c1a44276a19199e2657a49fbf488df9eccc5dd96d31Core Security Technologies Advisory - Orbit Downloader is vulnerable to a buffer overflow attack which can be exploited to execute arbitrary code. Versions 2.6.3 and 2.6.4 are verified vulnerable.
5d3f26cc60b2acbc37303d798ced9e82dfcc36f67de4fa6c23dad8b588c86a14
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed