Memory corruption

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary co...

CVE-2009-3072

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary co...

CVE-2009-3072

CVE-2009-3072 affects Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19. The vulnerability arises from the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, with memory corruption and potential arbitrary code executio...

CVE-2009-3072

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary co...

Firefox 3.5.3 3.0.14 browser engine crashes

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary co...

Firefox 3.5.3 3.0.14 browser engine crashes

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary co...

Firefox 3.5.3 3.0.14 browser engine crashes

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary co...

[oCERT-2009-013] yTNEF/Evolution TNEF attachment decoder input sanitization errors

2009-013 yTNEF/Evolution TNEF attachment decoder input sanitization errors Description: yTNEF, an open source filter program that decodes Transport Neutral Encapsulation Format TNEF e-mail attachments, and the Evolution TNEF attachment decoder plugin suffer from directory traversal and buffer...

yTNEF и Evolution TNEF attachment decoder

Buffer overflow, directory traversal...

Memory corruption

The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows does not properly handle certain small heights in video...

Heap overflow

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attacke...

CVE-2009-0199

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attacke...

CVE-2009-2628

The CVE-2009-2628 issue affects VMware VMnc codec (vmnc.dll) used by VMware Movie Decoder and related products. The root cause is heap memory corruption triggered by AVI files with certain small heights, enabling remote code execution on Windows when processed by vulnerable VMnc-based components ...

CVE-2009-0199

Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attacke...

VMSA-2009-0012:VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.

VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0012 VMware Security Advisory Synopsis: VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE...

Examples teach you to understand the net horse-vulnerability warning-the black bar safety net

The main code is as follows: SCRIPT language=”JavaScript” window. status=”completed”; evalfunctionp,a,c,k,e,de=functioncreturn c. toString3 6;if!”. replace/^/,Stringwhilec–dc. toStringa=kc||c. toStringak=functionereturn de;e=functionreturn’\\w+’;c=1;whilec–ifkcp=p. replacenew...

openSUSE Security Update : swfdec (swfdec-524)

The free Flash decoder engine 'swfdec' was updated to version 0.6.8 to fix lots of crashers which are likely security relevant and could be exploited to remotely execute code. CVE-2008-3796 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

openSUSE Security Update : ghostscript-devel (ghostscript-devel-877)

Specially crafted file could cause a heap-overflow in JBIG2 decoder CVE-2009-0196, an integer overflow in ICC library CVE-2009-0792, a buffer overflow in BaseFont writer module CVE-2008-6679 or crash the CCITTFax decoder CVE-2007-6725. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

openSUSE Security Update : acroread (acroread-689)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files. CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062...

openSUSE Security Update : java-1_6_0-openjdk (java-1_6_0-openjdk-578)

OpenJDK Java 1.6.0 was upgraded to build b14, fixing quite a lot of security issues. It fixes at least: 4486841 UTF8 decoder should adhere to corrigendum to Unicode 3.0.1 CVE-2008-5351 6484091 FileSystemView leaks directory info CVE-2008-5350 aka SUN SOLVE 246266 6497740 Limit the size of RSA...