ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability

ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-014 January 21, 2010 -- CVE ID: CVE-2010-0248 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer --...

Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of cloned DOM object...

Mozilla IFRAME Style Change Handling Code Execution (CVE-2008-1236)

Firefox is an open source web browser developed by Mozilla Foundation. The application is capable of interpreting and rendering many types of Internet content, including various versions of HTML, XML, CSS Cascade Style Sheet, Javascript, various graphic formats, and so on. Firefox is made availab...

'Blitzableiter' Protects Against Flash Player Exploits

A German security researcher has released an open-source tool that analyses and cleans up Flash code before playback to prevent security holes in Adobe Flash Player from being exploited. The tool, called “Blitzableiter” lightning rod, is the brainchild of Felix “FX” Lindner, a well-known hacker w...

PDF Containing Obfuscated Name Objects

New exploits were released for several remote code execution vulnerabilities that were discovered in the way Adobe Acrobat Reader and Foxit Reader handle specially crafted PDF files. Although various security products provide coverage against many malformed PDF files vulnerabilities, these new...

CVE-2009-3987

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive...

Mozilla Foundation Security Advisory 2009-71

Mozilla Foundation Security Advisory 2009-71 Title: GeckoActiveXObject exception messages can be used to enumerate installed COM objects Impact: Low Announced: December 15, 2009 Reporter: Gregory Fleischer Products: Firefox, SeaMonkey Fixed in: Firefox 3.5.6 Firefox 3.0.16 SeaMonkey 2.0.1...

FreeBSD : mozilla -- multiple vulnerabilities (01c57d20-ea26-11de-bd39-00248c9b4be7)

Mozilla Project reports : MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer...

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2009-71 GeckoActiveXObject exception messages can be used to enumerate installed COM objects MFSA 2009-70 Privilege escalation via chrome window.opener MFSA 2009-69 Location bar spoofing vulnerabilities MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-67 Integer...

GeckoActiveXObject exception messages can be used to enumerate installed COM objects — Mozilla

Security researcher Gregory Fleischer reported that the exception messages generated by Mozilla's GeckoActiveXObject differ based on whether or not the requested COM object's ProgID is present in the system registry. A malicious site could use this vulnerability to enumerate a list of COM objects...

EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...

EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...

EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...

EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009 BID: 36440 OSVDB: 59939 Background QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products. Problem A stack buffer overflow vulnerability in the...

PT-2009-5945 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 7 through 8 Description: The issue arises from improper handling of objects in memory, allowing remote attackers to execute arbitrary code by accessing an object that was not properly initialized or has be...

PT-2009-5943 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Description: A remote code execution issue exists due to improper handling of objects in memory. This allows attackers to execute arbitrary code by accessing an object that was not properly initialized or...

MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability

This host is missing a critical security update according to Microsoft Bulletin MS09-072. OpenVAS Vulnerability Test $Id: gbmsiestyleobjectremotecodeexecvuln.nasl 6527 2017-07-05 05:56:34Z cfischer $ Description: MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability Authors: Suj...

Vulnerability Note VU#261869

Vulnerability Note VU261869 Clientless SSL VPN products break web browser domain-based security models Overview Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or...

Foxit Reader - COM Objects Memory Corruption Remote Code Execution

Foxit Reader - COM Objects Memory Corruption Remote Code Execution Bugtraq ID: 36673 Published: Oct 14 2009 12:00AM Updated: Nov 19 2009 03:25PM Credit: mrx Vulnerable: Foxit Reader 3.1.1 Build 0928 Foxit Foxit Reader 3.0.2009 1301 Foxit Foxit Reader 3.0 Build 1817 Foxit Foxit Reader 3.0 Build 15...

Foxit Reader COM Objects Memory Corruption Remote Code Execution Vulnerability

No description provided by source. Bugtraq ID: 36673 Published: Oct 14 2009 12:00AM Updated: Nov 19 2009 03:25PM Credit: mrx Vulnerable: Foxit Reader 3.1.1 Build 0928 Foxit Foxit Reader 3.0.2009 1301 Foxit Foxit Reader 3.0 Build 1817 Foxit Foxit Reader 3.0 Build 1506 Foxit Foxit Reader 3.0 Foxit...