VBScript – ‘OLEAUT32!VariantClear' and ‘scrrun!VBADictionary::put_Item' Use-After-Free

Source

VBScript – ‘OLEAUT32!VariantClear' and ‘scrrun!VBADictionary::put_Item' Use-After-Free

Source

image
This module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record and take over the application. This module has been tested on Windows 7 (64 bit), Windows 8.1 (64 bit), and Windows 10 (64 bit).

Source

image
The WordPress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized users to trigger handlers and make configuration changes because of a failure to do capability checks when executing the 'save_setting' internal action. WARNING: The module sets WordPress configuration options without reading their current values and restoring them later.

Source