CVE-2011-0027

Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer...

CVE-2011-0027

CVE-2011-0027 concerns Microsoft Data Access Components (MDAC) 2.8 SP1/SP2 and Windows Data Access Components (WDAC) 6.0, where memory allocation for internal data structures is not properly validated. According to MS11-002, a remote attacker could trigger a code execution by a user viewing a cra...

Microsoft Data Access Components - Remote Overflow (MS11-002)

Microsoft Data Access Components - Remote Overflow MS11-002 .body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var...

Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)

This host is missing a critical security update according to Microsoft Bulletin MS11-002. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Data Access Components Data Source Name Buffer Overflow Vulnerability

Description Microsoft Data Access Components MDAC are prone to a buffer-overflow vulnerability because they fail to properly bounds-check user-supplied data. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will...

MS11-002: Vulnerabilities in Microsoft Data Access Components Could Allow Remote Code Execution (2451910)

The version of Microsoft Data Access Components MDAC installed on the remote Windows host is affected by two vulnerabilities, which could allow arbitrary code execution if a user views a specially crafted web page: - A buffer overflow in the Open Database Connectivity ODBC API used by third-party...

Microsoft Data Access Components CacheSize Memory Corruption (MS11-002; CVE-2011-0027)

Microsoft Data Access Components MDAC is a collection of components that make it easy for programs to access databases and then to manipulate the data within them. MDAC provides a consolidated set of functions for working with different kinds of data sources in a consistent manner The vulnerabili...

PT-2011-2023 · Microsoft · Data Access Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components MDAC versions 2.8 SP1 through 2.8 SP2 Windows Data Access Components WDAC version 6.0 Description: The issue is related to an integer signedness error in the SQLConnectW function within the odbc32.dll of...

Microsoft Data Access Components DSN Overflow Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Data Access Components. The vulnerability is present in an API call and as such successful exploitation will depend on an application's implementation of this call. The specific flaw exists with...

MS11-002: Microsoft Data Access Components Vulnerability

Exploit for windows platform in category remote exploits .body test // This code has been released under the Q Public License by Trolltech // http://en.wikipedia.org/wiki/QPublicLicense // Source: http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ var StartTime = new Date; var...

Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)

This host is missing a critical security update according to Microsoft Bulletin MS08-032. OpenVAS Vulnerability Test $Id: gbms08-032.nasl 5362 2017-02-20 12:46:39Z cfi $ Description: Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability 950760 Authors: Madhuri D...

FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (d560b346-08a2-11e0-bcca-0050568452ac)

The YUI team reports : A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. %NASLMINLEVEL 70300 C Tenable Network...

YUI JavaScript library -- JavaScript injection exploits in Flash components

The YUI team reports: A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files...

CVE-2010-3525

Unspecified vulnerability in the 1 PeopleSoft Enterprise FMS, 2 SCM, 3 EPM, 4 CRM, and 5 Campus Solutions components in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors...

Microsoft Windows multiple security vulnerabilities

Multiple privilege escalation with different drivers. MFC buffer overflow. EOT and OTF fonts memory corruptions and integer overflow. comctl32 buffer overflow. LPC buffer overflow. SChannel DoS...

Stolen Digital Certificates Becoming Standard Malware Components

In the 15 years or so of serious malware production before 2010, there had been perhaps a handful of examples of malicious programs using digitally signed binaries to bypass antimalware systems. The emergence of Stuxnet earlier this year brought this tactic into the center of the spotlight, and n...

httpd: Expect header XSS

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

IrcDelphi Daemon Server - Denial of Service

IrcDelphi Daemon Server - Denial of Service DCA-0010 Software - IrcDelphi Daemon Server Vendor Product Description - IRC Daemon IRCd, IRC Server coded in Delphi/Kylix using Indy components. Easy to use and light irc daemon. Bug Description - The IRC Daemon does not sanitize the variable NICK...

Moderate: Red Hat Security Advisory: Red Hat Enterprise Virtualization Manager security update

Red Hat Enterprise Virtualization Manager 2.2 is now available for Red Hat Enterprise Virtualization. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Apple Patches Critical Mac OS X Security Flaws

Apple has shipped another mega Mac OS X patch bundle to fix a total of 28 documented security vulnerabilities affecting the Mac ecosystem. The update, which includes fixes for the Adobe Flash Player plugin and several open-source components, is rated highly-critical because it exposes Mac OS X...