Microsoft Internet Explorer execCommand() method SaveAs command uses misleading "Save HTML Document" dialog

Overview Microsoft Internet Explorer contains a vulnerability in the way that it presents a Save As dialog. By invoking the SaveAs command with execCommand, an attacker could display a dialog that could trick a user into saving arbitrary content. Description Microsoft Internet Explorer IE support...

Linux Kernel 2.4.272.6.8 - binfmt_elf Executable File Read

Linux Kernel 2.4.272.6.8 - binfmtelf Executable File Read / binfmtelf executable file read vulnerability gcc -O3 -fomit-frame-pointer elfdump.c -o elfdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT...

Linux Kernel (<= 2.4.27 2.6.8) binfmt_elf Executable File Read Exploit

No description provided by source. / binfmtelf executable file read vulnerability gcc -O3 -fomit-frame-pointer elfdump.c -o elfdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING,...

Linux Kernel (<= 2.4.27 , 2.6.8) binfmt_elf Executable File Read Exploit

Exploit for linux platform in category local exploits ======================================================================== Linux Kernel include include include include include include include include define BADNAME "/tmp/elfdump" void usagechar s printf"\nUsage: %s executable\n\n", s; exit0; ...

Linux Kernel 2.4.27/2.6.8 - &#039;binfmt_elf&#039; Executable File Read

/ binfmtelf executable file read vulnerability gcc -O3 -fomit-frame-pointer elfdump.c -o elfdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED "AS IS" AND WITHOUT ANY WARRANTY. COPYING, PRINTING, DISTRIBUTION, MODIFICATI...

linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes

linux/x86 cp /bin/sh /tmp/katy ; chmod 4555 katy 126 bytes. Shellcode exploit for linx86 platform / Linux/x86 /bin/cp /bin/sh /tmp/katy ; chmod 4555 /tmp/sh using fork / include char shellcode = "\xeb\x5e\x5f\x31\xc0\x88\x47\x07\x88\x47\x0f\x88\x47\x19\x89\x7f"...

Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations

Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...

CVE-2002-1139

The CVE-2002-1139 issue affects Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP under the Compressed Folders feature. The root cause is that the destination folder is not properly validated during ZIP decompression, allowing an attacker to place an executable in a known location ...

OpenBSD DoS and buffer overflow

NULL pointer is possible on executable file parsing. In case patches against this vulnerability are installed there is a new vulnerability with kernel mode buffer overflow...

POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III

Wednesday, November 5, 2003 In our never-ending quest for entertainment, we commece from this date forward to end-2004 our POS series of findings. That is the 'perfect operating system'. Today we debut and regurgitate new and not so new for fun as follows. A warm up for the New Year if you will !...

linux execve&#40;&#41; unauthorized executable file access

During new application invocation through execve there is a race condition than parent application can access new discriptor for executable file...

Linux Kernel 2.4 - SUID execve() System Call Race Condition Executable File Read

Linux Kernel 2.4 - SUID execve System Call Race Condition Executable File Read / source: https://www.securityfocus.com/bid/8042/info A race condition vulnerability has been discovered in the Linux execve system call, affecting the 2.4 kernel tree. The problem lies in the atomicity of placing a...

ICQLite executable trojaning

bugtraq@, Title: ICQ Lite executable trojaning Affected: ICQLite 2003a Vendor: ICQ Inc Vendor URL: http://www.icq.com Risk: Average Exploitable: Yes Remote: No Date: May, 29 2003 Advisory URL: http://www.security.nnov.ru/advisories/icqlite.asp I. Intro: ICQ Lite is popular internet messenger...

Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass

source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper...

Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II

Tuesday, February 25, 2003 We are delighted to learn that the original self-executing html file, from June 1 2002 is now fixed with the most current of the many patches for the Internet Explorer series of browsers. See: http://online.securityfocus.com/archive/1/275126 Regrettably. The following...

Microsoft Internet Explorer (MSIE) Content-Disposition vulnerabilities

Overview Microsoft Internet Explorer IE may handle executable content automatically, opening it with another application on the client host that may, in turn, instruct the operating system to execute the file. Description IE does not properly verify the Content-Disposition and Content-Type header...

PT-2001-1854 · Microsoft · Internet Explorer +2

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 6 and earlier Description: The issue allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later...

CVE-1999-1440

Win32 ICQ 98a 1.30, and possibly other versions, does not display the entire portion of long filenames, which could allow attackers to send an executable file with a long name that contains so many spaces that the .exe extension is not displayed, which could make the user believe that the file is...

Крупные дырки в Internet Explorer &#40;vnd.ms.radio, MSScriptControl.ScriptControl&#41;

Объект с URL типа vnd.ms.radio позволяет выполнить исполняемый файл указав его в качестве codebase. Объект MSScriptControl.ScriptControl позволяет обращение к локальным и удаленным файлам с привелегиями пользователя...

Microsoft IIS 4.05.0 - Executable File Parsing

Microsoft IIS 4.05.0 - Executable File Parsing source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a special...