1337day-Exploits Posted February 14, 2013 Share Posted February 14, 2013 PacketStorm-Security Acaba de publicar lo siguiente: This is the hidden content, please Sign In or Sign Up ;) An integer overflow vulnerability has been discovered in the EncoderParameter class of the .NET Framework. Exploiting this vulnerability results in an overflown integer that is used to allocate a buffer on the heap. After the incorrect allocation, user-supplied buffers are copied into the new buffer, resulting in a corruption of the heap. By exploiting this vulnerability, it is possible for an application running with Partial Trust permissions to break from the CLR sandbox and run arbitrary code with Full Trust permissions. 13/02/2013 23:35 Link to comment Share on other sites More sharing options...
Recommended Posts