iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in multiple versions of Adobe Systems Inc's Reader and Acrobat PDF reader and processor could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a FlateDecode filter inside a PDF file. FlateDecode is a filter for data compressed with zlib deflate compression method. Several parameters can be specified for the FlateDecode filter. Those values are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data decompressed from the FlateDecode stream. This leads to a heap-based buffer overflow that can result in arbitrary code execution. Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and prior versions are vulnerable.
48b4c5eb3ef997087bc4e824ebc4d6c72a992fb1b8e45a08db98b531d00f3505iDefense Security Advisory 06.09.09 - Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Windows 2000 operating system could allow an unauthenticated attacker to execute arbitrary code with system-level privileges. This vulnerability exists in the EnumeratePrintShares function in win32spl.dll. The vulnerable function does not correctly validate the length of the printer server's response. When a malformed response is received from the printer server, the stack buffer can be overflowed, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in win32spl.dll version 5.00.2195.7054, as included in Windows 2000 Service Pack 4, with all available patches as of September 2008. All previous versions are suspected vulnerable. Windows XP SP2 and later versions of Windows are not affected.
694378c665ee66b058d66c03ea71426d961d982f2df2e76eda8ce2592ff49302iDefense Security Advisory 06.09.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file.
10b25a2ead8344835636ecbd2f58b22d735b49d76b8351d055defe853529e1ffiDefense Security Advisory 06.11.09 - Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory. According to section 2.4 of the IETF Request For Comments (rfc) 4514, LDAP requests can contain strings that have been encoded using hexadecimal encoding. When Active Directory on Windows 2000 encounters such a request, it fails to release the memory associated with the hexadecimal encoded portion of the request. By continually making such requests, an attacker can exhaust virtual memory on the targeted system. iDefense confirmed the existence of this vulnerability using a Windows 2000 SP4 domain controller with all patches available as of January 2008 applied. All versions of Active Directory installed on Windows 2000 are suspected to be vulnerable.
fe2fe4b965ee27267925f430684c17c2c3e67fa18af4c891cfe1f4cb5bfb694fiDefense Security Advisory 06.08.09 - Remote exploitation of a memory corruption vulnerability in multiple vendors' WebKit browser engine could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when JavaScript code is used to set a certain property of an HTML tag within a web page. When JavaScript code sets this property, child elements of the tag are freed. However, when an error in the remaining HTML is encountered, these previously freed tag values are referenced. The freed memory is then treated as a C++ object, which can lead to attacker controlled values being used as function pointers. iDefense has confirmed the existence of this vulnerability in WebKit-r42162. Previous versions may also be affected.
2435fec72e75174b6080e9ba92c5e1f2ac6084a0c73ee3e6e95f87039ff1207fA memory corruption vulnerability has been discovered in Adobe Reader and Acrobat during the processing of a TrueType font within the document.
ce2c488cf702358779198214f9b93449d1d62798959298dceb3f9ce2bbf74e7fSplit and Join - Bypassing Web Application Firewalls with HTTP Parameter Pollution.
d9138d2ef5c70f66085e0ebe9e8fb002a06deccb890f2c809ff765e25b48d86fModSecurity versions 2.5.9 and below using ModSecurity Core Rules versions 2.5-1.6.1 and below suffer from a HPP filter bypass vulnerability.
2f61c414417e494073857e6cf0e2a2326c2b1a0f0799ba9d2d5afabe77938145Sniggabo CMS remote SQL injection exploit that leverages article.php.
77886f32cc1a96f86a970129a2269ba05eeb2e750d2090f69d8d232d6c090dbbYogurt version 0.3 suffers from remote SQL injection and cross site scripting vulnerabilities.
a8edd731d660a2d9144063143463a2f0a96f764f3b46d591509aa5e2e3dc5738TorrentVolve version 1.4 suffers from an arbitrary file deletion vulnerability.
669624fda8d98361ab647d071d3ab13e5bb6c07000717bb5f7f1d45b87e8d58bphpWebThings versions 1.5.2 and below suffer from a local file inclusion vulnerability in help.php.
19c35f0137389e093b2fff76aaf861a4e31c72b62b13edbb88550c090e610a0dWhitepaper called Bypassing Hardware Based Data Execution Prevention (DEP) on Windows 2003 SP2.
d184381c4ad889006627d8570ca692515a97b3b6be034ad73a212421887c84aaWhitepaper called Evading network-level emulation.
d489c38435ff90e51abe56d25eade253c749f37d9416b3fe83c932c3e141b042The F5 Networks FirePass SSL VPN controller suffers from a cross site scripting vulnerability.
a99fc64227c1de861c79d79fa7b5ad11f7594d5049c4d2c67fa06de529ac3423Splog versions 1.2 Beta and below suffer from multiple remote SQL injection vulnerabilities.
74a5150617cbfaf933a0730596cf9220acfc6b2681d1408f13bb161e77cf8fbeMichal Zalewski has released some details with links to proof of concept code for a MSIE same-origin bypass race condition, MSIE memory corruption on page transitions, CANVAS implementation crashes, and Safari page transition tailgating.
aada75a86af557c06b7ae5af9b0eebe4b1e6812bafa534a00cb5dd004ecdf459Ubuntu Security Notice USN-786-1 - Matthew Palmer discovered an underflow flaw in apr-util. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. Applications using libapreq2 are also affected. It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk.
6fdf404d3e87c32b88b8a588aac734977d1001553fd859a031a0c8e9b929ead9HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and bypass security restrictions.
264e65a664b0389ec6e7d20ae2d5d4e971920f81b26d09e75eaf4a99078d5169FreeBSD Security Advisory - An integer overflow in computing the set of pages containing data to be copied can result in virtual-to-physical address lookups not being performed.
8655e2660ef04de220a65ec6f8631ef7f52a3e801d6816f4535bd98a398662fcFreeBSD Security Advisory - The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. Local users, including non-root users and users inside jails, can set some IPv6 interface properties. These include changing the link MTU and disabling interfaces entirely.
ac68c0baaefa4bfdc7df1c0fa45bed659499c7dbaf9c342aee6ff1990c40e4a0FreeBSD Security Advisory - The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is configured to use the 'autokey' security model.
ec6c782f4a0e120ad1feee4a35e1fb30428529ec48d4b15ba1b394a88c31d3bdSecunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the processing of Huffman encoded JBIG2 text region segments. This can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. Successful exploitation may allow execution of arbitrary code. Adobe Reader version 9.1.0 is affected.
8628a799db013887f6f7638ae105c3171c982627797e972918ff84f183df7579Secunia Research has discovered a vulnerability in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in the Microsoft PowerPoint Freelance Windows 2.1 Translator (FL21WIN.DLL) when parsing layout information and can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. PowerPoint versions 2000 and 2002 are affected.
22e975308c0ce027d9e39e4535bd0a9f2d93941d6c5b6b5aca2bf4ccf6d78cb0Yahoo! 360 suffers from a cross site request forgery vulnerability.
c561b2f59db19b25e668508edc921b0cbd9477da5ea8253e3c76382200ab8f43
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed