Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with FirePOWER Services 5.4.0 through 126.96.36.199 allow remote attackers to bypass malware protection via crafted fields in HTTP headers, aka Bug ID CSCux22726.
This archive contains all of the 196 exploits added to Packet Storm in March, 2016.
The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crashes are triggering in multiple different ways (two examples attached).
The included proof of concept crashes Windows 7 with special pool enabled on win32k.sys. The crash is due to accessing memory past the end of a buffer.
There is a use-after-free in URLStream.readObject in Adobe Flash. If the object read is a registered class, the constructor will get invoked to create the object. If the constructor calls URLStream.close, the URLStream will get freed, and then the deserialization function will continue to write to it.
There is a use-after-free in the TextField.maxChars setter in Adobe Flash. If the maxChars the field is set to is an object with valueOf defined, the valueOf function can free the field’s parent object, which is then used.