151 matches found
Windows GDI Privilege Elevation
Added: 05/25/2009 CVE: CVE-2006-5758 BID: 20940 OSVDB: 30214 Background The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions. Problem Users with local access can remap the shar...
openSUSE 10 Security Update : seamonkey (seamonkey-5657)
This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...
Mozilla Foundation Security Advisory 2008-42
Mozilla Foundation Security Advisory 2008-42 Title: Crashes with evidence of memory corruption rv:1.9.0.2/1.8.1.17 Impact: Critical Announced: September 23, 2008 Reporter: Mozilla developers and community Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbi...
VulnCheck KEV: CVE-2006-5758
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...
CVE-2008-4064
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to graphics rendering and 1 handling of a long alert messagebox in the...
Integer overflow
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to graphics rendering and 1 handling of a long alert messagebox in the...
CVE-2008-4064
CVE-2008-4064 affects Mozilla Firefox 3.x prior to 3.0.2. The description identifies three concrete vectors contributing to memory safety issues: (1) a memory corruption/possible code execution path via graphics rendering related to a long alert messagebox in cairo_surface_set_device_offset, (2) ...
CVE-2008-4064
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to graphics rendering and 1 handling of a long alert messagebox in the...
Mozilla crashes with evidence of memory corruption
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to graphics rendering and 1 handling of a long alert messagebox in the...
CVE-2008-4064
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via vectors related to graphics rendering and 1 handling of a long alert messagebox in the...
[Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow
Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow Assurent ID: FSC20080909-12 1. Affected Software Digital Image Suite 2006 Forefront Client Security 1.0 Microsoft Office 2003 SP2, SP3 Microsoft Office PowerPoint Viewer 2003 Microsoft Windows XP prior to SP3 Microsoft Window...
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption http://www.zerodayinitiative.com/advisories/ZDI-08-049 August 12, 2008 -- CVE ID: CVE-2008-3021 -- Affected Vendors: Microsoft -- Affected Products: Microsoft File Format Vulnerability -- TippingPointTM IPS Customer...
Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists in the handling of PICT images in an office document. D...
iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability
iDefense Security Advisory 04.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 08, 2008 I. BACKGROUND Microsoft Windows graphics device interface GDI is the core library used to display graphics and text on the Windows operating system. It is the standard interface through which...
iDefense Security Advisory 04.08.08: Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
iDefense Security Advisory 04.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 08, 2008 I. BACKGROUND Microsoft Windows graphics device interface GDI is the core library used to display graphics and text on the Windows operating system. It is the standard interface through which...
CVE-2007-3034
Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...
CVE-2007-3034
Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...
Microsoft Security Bulletin MS07-046 - Critical Vulnerability in GDI Could Allow Remote Code Execution (938829)
Microsoft Security Bulletin MS07-046 - Critical Vulnerability in GDI Could Allow Remote Code Execution 938829 Published: August 14, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves a privately reported vulnerability. A remote code execution...
CVE-2006-5586
The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."...
CVE-2006-5586
CVE-2006-5586 is a GDI-based local privilege-elevation vulnerability in the Graphics Rendering Engine of Microsoft Windows 2000 SP4 and Windows XP SP2 (and related Windows variants). The flaw stems from processing invalid application window sizes when rendering layered windows, allowing a logged-...