UltraVNC 1.0.8.2 - DLL Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/42846/info UltraVNC is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share location that contains a...

Acunetix Web Vulnerability Scanner - DLL Loading Arbitrary Code Execution

Acunetix Web Vulnerability Scanner - DLL Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/42697/info Acunetix Web Vulnerability Scanner is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate...

Acunetix Web Vulnerability Scanner - DLL Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/42697/info Acunetix Web Vulnerability Scanner is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a legitimate user to use the vulnerable application to open a file from a network share...

Microsoft Releases Security Advisory

Microsoft has released a security advisory indicating that it is aware of a remote attack vector for a class of vulnerabilities related to how applications load external dynamic link libraries DLLs. If an application does not securely load DLL files, an attacker may be able to cause the applicati...

JAVA web start arbitrary command-line injection - "-XXaltjvm" arbitrary dll loading (0day)

HTML Version ---------- http://www.reversemode.com/index.php?option=comcontent&task=view&id=67&Itemid=1 ---------- Bye bye my little 0day :, Tavis Ormandy did a great job uncovering a big logic flaw within Java JRE. I discovered that bug and other that affects every browser few weeks ago and I...

Code injection

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

CVE-2009-3954

CVE-2009-3954 refers to a DLL-loading vulnerability in the 3D implementation of Adobe Reader/Acrobat. Affected products span Adobe Reader/Acrobat 9.x prior to 9.3 and 8.x prior to 8.2 on Windows and macOS. The root cause is a DLL-loading issue in the 3D component that could allow arbitrary code e...

CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

acroread: multiple code execution flaws (APSB10-02)

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."...

Adobe Reader U3D DLL Loading Remote Code Execution (APSB10-02; CVE-2009-3954)

Portable Document Format PDF is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. A remote code execution vulnerability has been discovered in Adobe Reader and Acrobat. A remote...

Adobe Reader < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)

The version of Adobe Reader installed on the remote host is earlier than 9.3 / 8.2. Such versions are reportedly affected by multiple vulnerabilities : - A use-after-free vulnerability in 'Multimedia.api' can lead to code execution. CVE-2009-4324 - An array boundary issue in 'U3D' support can lea...

Adobe Acrobat < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)

The version of Adobe Acrobat installed on the remote host is earlier than 9.3 / 8.2. Such versions are reportedly affected by multiple vulnerabilities : - A use-after-free vulnerability in 'Multimedia.api' can lead to code execution. CVE-2009-4324 - An array boundary issue in 'U3D' support can le...

Mirosoft Windows打印后台程序DLL库加载漏洞(MS09-022)

BUGTRAQ ID: 35209 CVECAN ID: CVE-2009-0230 Microsoft Windows是微软发布的非常流行的操作系统。 Windows打印后台处理程序没有正确地验证可能加载DLL的路径。如果远程攻击者将恶意的DLL存储在了打印后台程序可访问的位置上然后向受影响的系统发送了特制的RPC消息的话，就可能导致打印后台程序加载恶意的DLL并以提升的权限执行代码。 Microsoft Windows XP SP3 Microsoft Windows XP SP2 Microsoft Windows Vista SP2 Microsoft Windows Vista...

Immunity Canvas: MS09_022_LOADDLL

Name| ms09022loaddll ---|--- CVE| CVE-2009-0230 Exploit Pack| CANVAS Description| Microsoft Windows Print Spooler Arbitrary DLL Loading Notes| CVE Name: CVE-2009-0230 VENDOR: Microsoft MSADV: MS09-022-LOADDLL Repeatability: One shot Note: Valid credentials of a user with "Manage Printer" privileg...

Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)

This host is missing a critical security update according to Microsoft Bulletin MS09-022. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Technical Details of Security Issues Regarding Safari for Windows

The first issue is the one described in Microsoft Security Advisory 953818. It's worked out by Aviv Raff: http://www.microsoft.com/technet/security/advisory/953818.mspx http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx It's covered by news but Aviv Raff has not published technical...

CA eTrust Intrusion Detection CallCode ActiveX vulnerability

Added: 08/09/2007 CVE: CVE-2007-3302 BID: 25050 OSVDB: 37698 Background CA eTrust Intrusion Detection includes the CallCode Caller.dll ActiveX control. Problem The CallCode ActiveX control is incorrectly marked safe for scripting. This ActiveX control contains scriptable functions which, if a use...

Kerio可注入伪造iphlpapi DLL漏洞

Kerio Personal Firewall是一款个人桌面系统防火墙。 Kerio Personal Firewall处理程序相关组件的加载时存在漏洞，本地攻击者可能利用此漏洞提升权限或使防火墙失效。 Kerio Personal Firewall在加载相关的库文件iphlpapi.dll时，首先从软件的安装目录搜索，如果搜索不到才从操作系统目录加载，而且软件的安装目录是可写的，本地攻击者可以创建伪造的DLL文件，防火墙服务在初始化时加载执行其中的代码，导致执行攻击者的任意指令。 Kerio Personal Firewall 4.3.268 Kerio Personal Firewa...

18ZLZA.txt

Summary: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 http://www.zonelabs.com/ Details: During Windows startup the TrueVector service vsmon.exe - an integral piece of most Zone Labs products is set to startup automatically. The TrueVector service runs und...