Microsoft Word工作区内存破坏远程代码执行漏洞（MS07-060）

BUGTRAQ ID: 25906 CVECAN ID: CVE-2007-3899 Word是Office办公套件中的文字处理软件。 Word处理特制Word文件的方式中存在一个远程执行代码漏洞，远程攻击者可能利用此漏洞通过诱使用户处理恶意文件控制用户系统。 如果用户打开带有畸形字符串的特制Word文件，该漏洞就可能允许远程执行指令。那些帐户被配置为拥有较少系统用户权限的用户比具有管理用户权限的用户受到的影响要小。 Microsoft Office 2004 for Mac Microsoft Word 2002 SP3 Microsoft Word 2000 SP3 临时解决方法：...

Mac OS X 2007-007更新修复多个安全漏洞

CVECAN ID:...

Apple iPhone多个安全漏洞

CVECAN ID: CVE-2007-2399,CVE-2007-2400,CVE-2007-2401,CVE-2007-3742,CVE-2007-3944 iPhone是蒴果公司开发的智能手机。 iPhone的实现上存在多个安全漏洞，可导致恶意操作浏览器或信息泄露。 具体漏洞条目如下： CVE-2007-2400 Safari处理JavsScript的实现上存在漏洞，远程攻击者可能利用此漏洞绕过同源策略非授权操作其他网页。 CVE-2007-3944...

linux-flashplugin -- critical vulnerabilities

Adobe reports: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit...

Microsoft Visio文档封装远程代码执行漏洞（MS07-030）

Microsoft Visio是Office套件中用于绘制流程图的软件。 Microsoft Visio解析Visio文件格式中的打包对象的方式存在内存破坏漏洞，成功利用此漏洞的攻击者可能完全控制受影响的系统。 攻击者可能通过创建恶意Visio（.VSD、.VSS或.VST）文件诱使用户打开处理来利用此漏洞，如果用户访问恶意网站或打开电子邮件中包含的特制Visio附件，则这些文件可能允许远程执行指令。 Microsoft Visio 2003 Microsoft Visio 2002 临时解决方法： 不要打开或保存从不受信任来源或从受信任来源意外收到的Microsoft Visio文件。...

Monalbum 0.8.7 - Remote Code Execution

Monalbum 0.8.7 - Remote Code Execution "; if isset$mod //submit $fichier = "../conf/config.inc.php"; $fd = fopen$fichier, "w"; $gcfgBase = $POST'gcfgBase'; $gcfgUser = $POST'gcfgUser'; $gcfgPass = $POST'gcfgPass'; $gcfgHote = $POST'gcfgHote'; $gpage = $POST'gpage'; $grepertoire =...

Microsoft Word fails to properly process crafted array data

Overview Microsoft Word contains a remote code execution vulnerability that could enable an attacker to execute arbitrary code and gain complete control of the vulnerable system. Description Microsoft Word fails to properly handle malformed data within an array. When a Word file is opened, Word...

Microsoft Office drawing object vulnerability

Overview Microsoft Office fails to properly handle malformed drawing objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Office fails to properly handle malformed drawing objects embedded within Office documents. By convincing ...

Hack advanced skills Linux back door technology and practice-vulnerability warning-the black bar safety net

The back door introduction The intruder complete control of the system, to facilitate the next time you enter and use a technology. Generally by modifying system configuration files and installation of third-party back-door tool to achieve. Has a hidden, can bypass the system log, not easy to be...

Microsoft Windows Kernel vulnerable to privilege escalation

Overview The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system. Description The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted applicatio...

PT-2007-2635 · Microsoft · Windows 2000 Sp4 +1

Name of the Vulnerable Software and Affected Versions: Microsoft Windows 2000 SP4 Description: A local elevation of privilege issue exists in the TrueType Fonts rasterizer due to its handling of defective or modified font types. This could allow a logged-on user to gain privileges via crafted...

So it is to bypass the NTFS permissions limit-vulnerability warning-the black bar safety net

This machine is loaded with Windows 2 0 0 0, because the working relationship will be important information to put in the C:\studio, theC drive to NTFS formatand set the following permissions: Lostarthat's me full control The Everyone read-only After one day, and found where the file being...

Windows Shell 中的漏洞可能允许特权提升(MS07-006)

在 Windows Shell 操作系统执行新硬件的检测和登记的方式中存在特权提升漏洞。 授权用户可通过利用此漏洞完全控制系统。 Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 和 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003（用于基于 Itanium 的系统）和 Microsoft Windows Server...

Overtaking Google Desktop

Hello, A new research from Watchfire has revealed a serious vulnerability in Google Desktop. The attack, which is fully presented in a new Watchfire research paper released today available at http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf, can allow a malicious individual to...

Internet Explorer IMJPCKSI COM对象实例化内存破坏漏洞（MS07-016）

Internet Explorer是微软发表的非常流行的WEB浏览器。 Internet Explorer使用某些Imjpcksid.dll的COM对象作为ActiveX控件。攻击者可能通过构建特制网页来利用此漏洞，如果用户查看了该网页，则可能允许远程执行代码。成功利用此漏洞的攻击者可以完全控制受影响的系统。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4...

Microsoft Word fails to properly handle malformed strings

Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...

Update Protection against Multiple Adobe Acrobat Vulnerabilities

Adobe Acrobat Reader is a popular product that allows the viewing, searching, digitally signing, verifying and printing of Adobe Portable Document Format PDF files. Adobe Acrobat Reader is prone to multiple vulnerabilities. An attacker can exploit these vulnerabilities to cause denial of service,...

Microsoft Excel fails to properly process a malformed Column record

Overview Microsoft Excel contains a memory corruption vulnerability that could enable an attacker to exectue arbitrary code and gain complete control of the vulnerable system. Description Microsoft Excel fails to properly handle malformed Column records. When an Excel file is opened, Excel does n...

QuickCam Linux设备驱动QCAMVC_Video_Init函数缓冲区溢出漏洞

QuickCam是Logitech罗技公司的摄像头产品。 QuickCam的Linux驱动的初始化函数qcamvcvideoinit中存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞造成拒绝服务或控制系统。 qcamvcvideoinit函数的原型如下： static void qcamvcvideoinitstruct qcamvc qcamvc 如果用户使用了特制的QuickCam对象的话，就会触发这个溢出，导致执行任意指令。 De Marchi Daniele QuickCam VC linux driver = 1.0.9...

Symantec NetBackup PureDisk验证绕过漏洞

Symantec Veritas NetBackup PureDisk Remote Office Edition是一款备份解决方案。 Symantec Veritas NetBackup PureDisk Remote Office Edition存在验证绕过问题，远程攻击者可以利用漏洞对系统的管理员访问，导致控制整个系统。 Symantec Veritas NetBackup PureDisk管理接口存在特权提升问题，管理接口只能通过SSL WEB连接，但是能访问网络和运行此管理程序主机的非特权用户，可绕过管理接口验证并提升特权，导致完全控制系统，目前没有详细漏洞细节提供。...