Microsoft Windows AVI File Data Validation Integer Overflow (MS09-038; CVE-2009-1546)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. The vulnerability is due to an error in the Windows component responsible for processing AVI files that does not...

Improve(web)Access ultimate 9 tips-vulnerability warning-the black bar safety net

When we get a webshell when next you want to do is elevate privileges Personal summary as follows: 1: C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\ See if you can jump to this directory, if the line that is the best, and directly under it the CIF file, get the pcAnywhe...

Microsoft Security Bulletin MS09-026 - Important Vulnerability in RPC Could Allow Elevation of Privilege (970238)

Microsoft Security Bulletin MS09-026 - Important Vulnerability in RPC Could Allow Elevation of Privilege 970238 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in the Windows remote procedure call RPC...

Microsoft Excel FormulaValue Field Memory Corruption (MS09-021; CVE-2009-0560)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the Microsoft Excel. The flaw is due to a memory corruption error in Microsoft Excel when loading specially crafted Excel files that include a malformed record object. The...

Microsoft Excel畸形对象远程内存破坏漏洞（MS09-009）

BUGTRAQ ID: 34413 CVECAN ID: CVE-2009-0100 Excel是微软Office套件中的电子表格工具。 如果用户打开带有畸形对象的特制Excel文件，Office Excel中的漏洞可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统，攻击者可随后安装程序；查看、更改或删除数据；或者创建拥有完全用户权限的新帐户。 Microsoft Excel Viewer 2003 SP3 Microsoft Excel Viewer Microsoft Excel 2007 SP1 Microsoft Excel 2003 SP3 Microsoft...

PT-2009-2912

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 Excel Viewer 2003 Gold and SP3 Excel Viewer Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 Microsoft Office 2004 and 2008 for Mac Description ...

Microsoft Security Bulletin MS09-005 - Important Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

Microsoft Security Bulletin MS09-005 - Important Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution 957634 Published: February 10, 2009 Version: 1.0 General Information Executive Summary This security update resolves three privately reported vulnerabilities in Microsoft...

Microsoft Windows GDI WMF File HeaderSize Buffer Overflow (MS08-071; CVE-2008-2249)

The Microsoft Windows graphics device interface GDI enables applications to use graphics and formatted text on the video display and on the printer. A remote code execution vulnerability has been discovered in the way GDI handles integer calculations. The vulnerability is due to a buffer overflow...

Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075)

A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save...

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)

Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 954066 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately reported vulnerabilities in Microsoft Office Excel...

Microsoft Color Management System Path Name Buffer Overflow (MS08-046; CVE-2008-2245)

Image Color Management ICM is a color management system that parses and uses data in International Color Consortium ICC profiles to perform color translation operations. A remote code execution vulnerability was reported in the Microsoft Color Management System. The vulnerability is due to a flaw...

Microsoft Windows WINS service local elevation of privilege vulnerability-vulnerability warning-the black bar safety net

Source: IT Lab Microsoft Windows is Microsoft released the very popularoperating system. In Windows, the WINS service does not adequately validate specially crafted WINS network packets within the data structure, may allow a local attacker to use elevated permissions to run the code. Release date...

MS Windows NetDDE Remote Buffer Overflow Exploit (MS04-031)

No description provided by source. / HOD-ms04031-netdde-expl.c: 2004-12-30: PUBLIC v.0.2 Copyright c 2004 houseofdabus. MS04-031 NetDDE buffer overflow vulnerability PoC .:: houseofdabus ::. special unstable version --------------------------------------------------------------------- Description...

Update Protection against Trend Micro OfficeScan CGI Password Decryption Buffer Overflow Vulnerability

A buffer overflow vulnerability exists in Trend Micro OfficeScan. Trend Micro OfficeScan is a centralized virus and security scan management system. A remote attacker may exploit this vulnerability to execute arbitrary code on a vulnerable system. Successful exploitation may allow the attacker to...

Windows kernel vulnerability ms08025 analysis-vulnerability warning-the black bar safety net

Source:security focus Author: Polymorphours Email: [email protected] Homepage:http://www.whitecell.org Date: 2008-04-10 After internal discussion, it was decided to publish the analysis results. 4 on No. 8, microsoft again released a kernel patchKB941693, Microsoft the vulnerability is...

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)

Microsoft Security Bulletin MS08-021 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution 948590 Published: April 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in GDI. Exploitation of either of these...

Microsoft Outlook Mailto URI远程代码执行漏洞（MS08-015）

BUGTRAQ ID: 28147 CVECAN ID: CVE-2008-0110 Microsoft Outlook是Office套件所捆绑的邮件客户端。 Outlook没有正确地验证传送给客户端的mailto URI，成功利用这个漏洞的攻击者可以访问敏感信息或完全控制受影响的系统。 如果用户受骗跟随了特制的mailto URI的话，就可能导致Web浏览器向Outlook传送额外的命令行开关，而这些开关可以修改Outlook的帐号配置。 Microsoft Outlook 2007 Microsoft Outlook 2003 SP3 Microsoft Outlook 2003 S...

Microsoft Office .WPS File Stack Overflow Exploit (MS08-011)

Exploit for unknown platform in category local exploits ============================================================ Microsoft Office .WPS File Stack Overflow Exploit MS08-011 ============================================================ / Copyright c 2008 chujwamwdupe - pumpernikiel.c one day in...

Update Protection against Microsoft Windows Message Queuing Remote Code Execution Vulnerability (MS07-065)

A buffer overflow vulnerability exists in Microsoft Windows Message Queuing Service. Microsoft Message Queuing MSMQ is a component of Microsoft Windows designed to act as a message portal between a set of applications requiring message exchange functionality. MSMQ enables applications that are...

CVE-2007-6360

Unspecified vulnerability in the Sun eXtended System Control Facility XSCF Control Package XCP firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service reboot via 1 telnet, 2 ssh, or 3 http network traffic that triggers...