[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: This release contains security fixes and improvements. For more information, see:...

CVE-2012-1849

Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading...

RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way...

Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the Java OpenAL JOAL...

CVE-2012-1819

Untrusted search path vulnerability in WellinTech KingView 6.53 allows local users to gain privileges via a Trojan horse DLL in the current working directory...

AZL-41033 CVE-2012-0883 affecting package httpd for versions less than 2.4.2-1

envvars aka envvars-std in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl...

Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg...

Design/Logic Flaw

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan...

Oracle Java Web Start java-vm-args Command Argument Injection Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstar...

Design/Logic Flaw

Untrusted search path vulnerability in 7-Technologies 7T AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223...

ImageMagick: configuration files read from $CWD may allow arbitrary code execution

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCOREINSTALLEDSUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory...

[slackware-security] glibc

New glibc packages are available for Slackware 13.1, 13.37, and -current to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/glibc-2.13-i486-5slack13.37.txz: Rebuilt. Patched an overflow in tzfile. This was evidently first reported in 2009, but is on...

ghostscript: CWD included in the default library search path

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

ghostscript: gs_init.ps searched in current directory despite -P-

Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gsinit.ps, a different...

ghostscript: CWD included in the default library search path

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability

This host is installed with Interactive Graphical SCADA System and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbigssdllcodeexecutionvuln.nasl 5940 2017-04-12 09:02:05Z teissa $ Interactive Graphical SCADA System DLL Loading Arbitrary Code Execution Vulnerability...

Coalfire in the News

Its been quite a season in the world of IT security as we move into 2012. As experts in our field, we are often asked to comment on current trends and recent stories. Take some time to check out what we have had to say recently:...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."...

Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within atdl2006.dll...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...