Microsoft SQL Server sqlvdir.dll ActiveX控件缓冲区溢出漏洞

BUGTRAQ ID: 31129 Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server所安装的sqlvdir.dll ActiveX控件（默认路径为C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlvdir.dll，clsid：FC13BAA2-9C1A-4069-A221-31A147636038）所暴露的ISQLVDirControl接口没有正确的验证用户输入参数，如果用户受骗访问了恶意网页并向该方式传送了超长参数的话，就可能触发缓冲区溢出，导致执行任意代码。 Microsoft S...

CVE-2008-3014

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digita...

CVE-2008-3013

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006,...

Memory corruption

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006,...

Code injection

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006,...

sqlvdir-overflow.txt

. . | / | | \ \ | / / |\ \ \ |/ // / /\ \ / |/ \ / // | / | | / \ /|\ / / / / \ / \ / / / \ | | /\ /\ / \ | \ // est.2007 / / forum.darkc0de.com --d3hydr8 -rsauron-baltazar -sinner01 -C1c4Tr1Z - r4s4al ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE and all darkc0de members ---...

Microsoft GDI+ EMF文件远程代码执行漏洞（MS08-052）

BUGTRAQ ID: 31019 CVE ID：CVE-2008-3012 CNCVE ID：CNCVE-20083012 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+子系统解析特殊构建的EMF文件存在问题，远程攻击者可以利用漏洞进行内存破坏，可导致以登录用户进程权限执行任意代码。 处理EMF图像文件时由于GDI+分配内存存在错误，构建特殊的EMF文件，诱使用户访问，可触发此漏洞。 Microsoft Works 8.0 Microsoft Windows XP Professional x64 Edition SP2...

Microsoft GDI+ WMF文件远程代码执行漏洞（MS08-052）

BUGTRAQ ID: 31021 CVE ID：CVE-2008-3014 CNCVE ID：CNCVE-20083014 Microsoft Windows是一款微软开发的操作系统。 Microsoft Windows GDI+子系统解析特殊构建的WMF文件存在问题，远程攻击者可以利用漏洞进行内存破坏，可导致以登录用户进程权限执行任意代码。 处理WMF图像文件时由于GDI+分配内存存在错误，构建特殊的WMF文件，诱使用户访问，可触发此漏洞。 Microsoft Works 8.0 Microsoft Windows XP Professional x64 Edition SP2...

CVE-2008-3014

Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digita...

CVE-2008-3012

CVE-2008-3012 corresponds to an in-GDI+ memory allocation flaw in gdiplus.dll that could allow remote code execution when a specially crafted EMF image is viewed. Connected docs confirm this as MS08-052, addressing vulnerabilities in GDI+ across Windows and Office components (IE6, Windows XP, Ser...

CVE-2008-3013

CVE-2008-3013 corresponds to a GDI+ GIF parsing vulnerability. The connected KB954593 (MS08-052) describes remote code execution in Windows GDI+ when a user views a specially crafted GIF, affecting multiple Windows versions and Office components. The underlying issue is memory corruption during G...

aspwebalbum 3.2 - Multiple Vulnerabilities

aspwebalbum 3.2 - Multiple Vulnerabilities - Discovered by AleminKrali - aspWebAlbum 3.2 - Script Download "http://www.fullrevolution.com" - aspWebAlbum 3.2 Single Site License | $60.00 : - HomePage al3m.blogspot.com - [email protected] - Dork ? : album.asp?pic= .jpg cat=...

Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)

Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution 954593 Published: September 9, 2008 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. Thes...

Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the...

Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability

Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...

Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability

Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may...

MySQL: Privilege bypass

Background MySQL is a popular multi-threaded, multi-user SQL server. Description Sergei Golubchik reported that MySQL imposes no restrictions on the specification of "DATA DIRECTORY" or "INDEX DIRECTORY" in SQL "CREATE TABLE" statements. Impact An authenticated remote attacker could create MyISAM...

Update Protection against Microsoft SQL Server Convert Function Buffer Overrun Vulnerability (MS08-040)

A buffer overflow vulnerability was reported in Microsoft SQL Server. Microsoft SQL Server is a relational database management system RDBMS. A remote attacker may exploit this vulnerability to run code on a vulnerable system...

Microsoft SQL Server Xp_sprintf 缓冲区溢出

Microsoft SQL Server 6.5Service Pack 5以前的版本中有一个存储过程xpsprintf存在一个 缓冲区溢出问题。攻击者可以使用这个存储过程使服务器崩溃，并可能在运行SQL server的系统 中获得管理员控制权限。 Microsoft SQL Server 6.5 Microsoft SQL Server 6.0 - Microsoft Windows NT 4.00 更新到更高版本的SQL Server6.5...

Microsoft SQL Server multiple security vulnerabilities

Buffer overflows, memorry corruptions, information leak...