CA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596eEye Security Advisory - Windows VDM #UD Local Privilege Escalation. Describes in more detail but with different terminology the "shatter" attacks corrected by MS04-032, and also discussed in a paper by Brett Moore.
6d969851dce47717c7c8d2b34a7d86e3e4b6339359ea1b5ff2767ce9961e7872eEye Security Advisory - A critical vulnerability has been discovered in the PAM component used in all current ISS host, server, and network device solutions. A routine within the Protocol Analysis Module (PAM) that monitors ICQ server responses contains a series of stack based buffer overflow vulnerabilities. If the source port of an incoming UDP packet is 4000, it is assumed to be an ICQ v5 server response. Any incoming packet matching this criterion will be forwarded to the vulnerable routine. By delivering a carefully crafted response packet to the broadcast address of a network operating RealSecure/BlackICE agents an attacker can achieve anonymous, remote SYSTEM access across all vulnerable nodes.
c6c0d8948e71c161a5add829f745ebab0f86413f58d23225b1380cf524cb01c0eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in both RealSecure and BlackICE. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This attack will succeed with BlackICE using its most paranoid settings.
93cd5a0b4754b466a9453652642e3208192566bab669f59e2f78794309c03ac3eEye Security Advisory - Zonelabs Pro/Plus/Integrity versions 4.0 and above are susceptible to a stack based buffer overflow within vsmon.exe that can be exploited to execute code with the context of the SYSTEM account. The vulnerability exists within the component responsible for processing the RCPT TO command argument.
a0725e7ec08055483e5b54ac2703231057838074d0fb3f3ce1007b83e9fe049deEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).
8815b9231e3ce56295d951ce888973253d6699e1085fcffeabace7cd8f1ce3dfeEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).
1de333b1ddd32e19f140c70af8d8745df36130a84594833d58298734c09ce432Macromedia Shockwave Flash Malformed Header Overflow #2 - Macromedia Flash Player versions less than 6.0.65.0 allows remote code execution via HTML email and web pages. Fix available here.
018888a6c288f72d88dd0f5fddd22ecea22e5d438947c9dabdd5059490d624a6EEye Security Advisory - During a review of the PNG image format implemented in Microsoft Windows, pngfilt.dll, serious vulnerabilities were discovered related to the interpretation of PNG image data. The more serious bug is a heap overflow which can be exploited to execute code when the malicious PNG image is viewed. IE 5.01-6.0 is vulnerable, along with the IE web control for Outlook, Access 2000, Backoffice, Microsoft Visual Studio .NET 2002, Office 2000, Office XP pro, Project 2002 Professional, Publisher 98, SNA Server 4.0, SQL Server 7.0, Visio 2002, Visual Basic .NET Standard 2002, Visual C, Visual C++ .NET Standard 2002, Visual FoxPro 7.0, Visual Studio 6.0, Windows 2000, Windows 95, Windows 98, NT, and XP. Microsoft advisory is ms02-066.
f11b994b879980c3165d71f5cef07811d6d5feb5f65c16286a58a35a2b0cacf3Eeye Advisory - IIS 4.0 and 5.0 for Windows NT and 2000 contain a remotely exploitable heap overflow which allows remote code execution. The bug is in transfer chunking in combination with the processing of HTR request sessions.
48ccb83f54a8646059f912592e5f6d519b887ca5833838d10ec76f21014b6fa0A buffer overflow vulnerability has been found by eEye in the parameter handling of the MSN Messenger OCX and can allow remote code execution on affected systems.
76df0e68a796ea743a0cc568c84f1055d8df681f7945e0a436d49f5ed4e21b47Macromedia Flash ActiveX Buffer overflow - Flash ActiveX Ocx Version 6, revision 23 and below contains a remotely exploitable buffer overflow which leads to the execution of attacker supplied code via email, web or any other avenue in which Internet Explorer is used to display html that an attacker can supply. All users of Internet Explorer are potentially vulnerable.
c6c8ca1f7b23f1726dfc2ae5a03d47ea1e5728d9a0f6a3cd3a1e16082fa3c47fIISHack 1.5 attempts to remotely exploit a local buffer overflow in the IIS 4.0 and 5.0 .asp file parsing mechanism using the unicode bug, resulting in remote system access.
afcef2c9b91202ec97d8ad74851f7050f034f962c38fb8bf8733f531b474694dA buffer overflow has been discovered in the IIS 4.0 and 5.0 .asp file parsing mechanism. When IIS reads a malformed .asp file, code can be executed to take control of the local server as system. This can be exploited remotely by combining with the unicode bug or by paying for a web hosting account.
55452aba2566040a0d3cd658472e5693c9fb1752803985a1aceccb5a5abe6090IIS FTP Exploit/DoS Attack - Buffer Overflow in 3.0 and 4.0 versions of IIS results in Denial of Service attacks and possibility of remote execution of code.
3687bfadb19cc6a2e0d5e948ff65192fdc8c3f9c83b1b9487250ad80a22e4da9Detailed description of the Brain File used to uncover the eEye NT4+IIS4 URL buffer overflow remote exploit.
9ccb8012a7fa14933beb8e4aa92ca1c05c22e3d03e3eed20ffe537042503fb10Details about how and why the eEye NT4+IIS4 URL buffer overflow remote exploit hole was exploited and released.
d4bc30711d23b93629e3af8119fa500bae9d918c2ecb58bc72ef2fa9b3d36f87General description of the eEye NT4+IIS4 URL buffer overflow remote exploit.
6a3eff4bb72d597d70ae5dc2c7d4680f46c2714618348baced0db5374695a7c8asm source code for the eEye NT4+IIS4 URL buffer overflow remote exploit. Use with one of the ncx* files.
11759f245563a0a577e93805db9657a7e367501a6b60fb28aa65fcb2ed054e04Executable eEye NT4+IIS4 URL buffer overflow remote exploit program. Use with one of the ncx* files.
d285726fc63c31e1e2f636ea8777450b6d158051c05201b7d4200dc46f474b37Hacked netcat-based trojan used to exploit the eEye NT4+IIS4 URL remote buffer overflow - gain remote control over NT servers with this backdoor.
58760eddc454eb83a69dac7dc6375a069fb4ee2c796b229db876d1cff6d09a5fHacked netcat-based trojan used to exploit the eEye NT4+IIS4 URL remote buffer overflow (for use on port 99) - gain remote control over NT servers with this backdoor.
f2d006d20ae413f942415387e47af01ebe36de35fde4257e1409f94b016fbb80The actual Brain File used by Retina to uncover the IIS4 URL buffer overflow.
5d0225f1fc6f4665ef5f013e34f3ce9fe67098a8cf65c73b013c630a4b9e2de7Security hole in Windows NT 4 web servers running IIS allows remote attacker to execute arbitrary code. Detailed exploit description, four exploit scripts (2 perl, 2 C), VB app fix, Microsoft advisory, CERT advisory, more.
41fd168e89f3d3b4ff7eff7dea59d4702f8bd805da153a3bc0c70bb7468b80e0Complete package of the eEye NT4+IIS4 URL buffer overflow remote exploit advisory and code. Includes: retina.vs.iis4-round2.txt, retina.vs.iis4-round2-the.brain.txt, retina.vs.iis4-round2-the.exploit.txt, brain.ini, iishack.asm, iishack.exe, ncx.exe, ncx99.exe.
394741db75ec0ba4e9f4e5581c6e248983aa36aa9a23bcc7c3b35abd87b8aed8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
