Microsoft Office Web Components unauthorized access

A number of unsafe functions...

Security Bulletin MS02-044 : Unsafe Functions in Office Web Components (Q328130)

---------------------------------------------------------------------- Title: Unsafe Functions in Office Web Components Q328130 Date: 21 August 2002 Software: Office Web Components, Office, BackOffice Server, BizTalk Server, Commerce Server, ISA Server, Money, Microsoft Project, Microsoft Project...

ISS Security Brief: Multiple Vulnerabilities in Microsoft Office Web Components

TO UNSUBSCRIBE: email "unsubscribe alert" in the body of your message to [email protected] Contact [email protected] for help with any problems! --------------------------------------------------------------------------- -----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Aler...

CVE-2002-0695

Buffer overflow in the Transact-SQL T-SQL OpenRowSet component of Microsoft Data Access Components MDAC 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command...

Security Bulletin MS02-040: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)

---------------------------------------------------------------------- Title: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise Q326573 Date: 31 July 2002 Software: Microsoft Data Access Components Impact: Run code of attacker's choice Max Risk: Moderate Bulletin: MS02-040...

Multiple bugs in different hardware

No description provided...

CVE-2002-0621

Buffer overflow in the Office Web Components OWC package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer...

CVE-2002-0622

The Office Web Components OWC package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution"...

Microsoft SQLXML HTTP components vulnerable to cross-site scripting via root parameter

Overview A cross-site scripting vulnerability exists in the Microsoft SQLXML HTTP components. This vulnerability could allow an attacker to execute script on a victim's system with the victim's privileges. Description Microsoft SQL Server 2000 includes a feature called SQLXML that allows the serv...

Reading local files with OWC in IE (GM#006-IE)

GreyMagic Security Advisory GM006-IE ===================================== By GreyMagic Software, Israel. 08 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm006-ie/. Topic: Reading local files with OWC in IE. Discovery date: 24 Feb 2002. Affected applications:...

Scripting for the scriptless with OWC in IE (GM#005-IE)

GreyMagic Security Advisory GM005-IE ===================================== By GreyMagic Software, Israel. 08 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm005-ie/. Topic: Scripting for the scriptless with OWC in IE. Discovery date: 10 Mar 2002. Affected applications:...

Multiple bugs in Office Web Components

Script execution, access to local files and clipboard...

Controlling the clipboard with OWC in IE (GM#007-IE)

GreyMagic Security Advisory GM007-IE ===================================== By GreyMagic Software, Israel. 08 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm007-ie/. Topic: Controlling the clipboard with OWC in IE. Discovery date: 24 Feb 2002. Affected applications:...

Multiple local files detection issues with OWC in IE (GM#008-IE)

GreyMagic Security Advisory GM008-IE ===================================== By GreyMagic Software, Israel. 08 Apr 2002. Available in HTML format at http://security.greymagic.com/adv/gm008-ie/. Topic: Multiple local files detection issues with OWC in IE. Discovery date: 25 Feb 2002, 05 Mar 2002...

CVE-2001-1127

Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via 1 proapsv, 2 mprosrv, 3 mprshut, 4 orarx, 5 sqlcpp, 6 probrkr, 7 sqlschema and 8 sqldump...

buffer overflow in mshtml.dll

Topic: buffer overflow in mshtml.dll Authors: ERRor and DarkZorro of domain Hell 3APA3A of SECURITY.NNOV Date: February, 13 2002 Vendor Informed: December, 20 2001 Software affected: Microsoft Internet Explorer 6.0 and prior Microsoft Outlook Express 6.0 and prior Microsoft Outlook 2000 and prior...

CVE-1999-1355

BMC Patrol component, when installed with Compaq Insight Management Agent 4.23 and earlier, or Management Agents for Servers 4.40 and earlier, creates a PFCUser account with a default password and potentially dangerous privileges...

ОБращение к реестру через IE5.5 (javascript execution)

Несколько ActiveX компонентов могут записывать разделы реестра...

Уязвимость ActiveX в Microsoft Outlook (code execution)

ActiveX компонент управляющий всей работой Outlook помечен как безопасный, что позволяет использовать его в Internet-страницах и письмах...

Очередная серьезная дырка в Internet Explorer (Microsoft VM ActiveX Component)

Один из встроенных JAVA-объектов позволяет выполнение любых ActiveX-компонент, в т.ч. не помеченные как безопасные...