Debian: Security Advisory (DSA-1328-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Unicon-imc2环境变量本地缓冲区溢出漏洞

BUGTRAQ ID: 24719 CVECAN ID: CVE-2007-2835 unicon-imc2是Debian操作系统中所使用的中文输入法库。 unicon-imc2在使用环境变量数据时存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 unicon-imc2库没有安全地使用HOME环境变量，如果用户使用了链接到该函数库的应用程序的话就可能触发缓冲区溢出，导致以root用户权限执行任意指令。漏洞代码位于/unicon/ImmModules/cce/CCEpinyin.c文件中： static int IMMFlush char name256;...

Debian DSA-1328-1 : unicon-imc2 - buffer overflow

Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

DSA-1328-1 unicon - buffer overflow

Bulletin has no description...

Pole five-stroke input method of a vulnerability-vulnerability warning-the black bar safety net

Find pole five-stroke input method an exploit With this vulnerability you can bypass the system login password, thereby entering the system. Test system: vista Test keyboard version: compiled version: 2007.2.26.0.98 Specific process is this: the elect of this input method, right-click the input...

极点五笔输入法(2007.2.26.0.98)漏洞

这个漏洞和以前微软的智能ABC曾经有过的漏洞是一样的。没测试其他的输入法，可能第三方开发的输入法在这个安全方面都没有注意到。 用此漏洞可以绕过系统登录密码，从而进入系统。 测试系统： vista 测试输入法版本：编译版本：2007.2.26.0.98 具体过程是这样的：选出此输入法后，右击输入法浮动图标，弹出输入法设置、管理工具、手工造词...、切换皮肤、使用说明、版本信息。这些条目中第一个输入法设置可以另存就可以进入系统目录，进入目录后就可以慢慢的操作了......... 2007.2.26.0.98 删掉此输入法。 官方暂时没有被丁...

Hack tips of the hands to teach you to easily crack the cafe! - Vulnerability warning-the black bar safety net

Crack Vientiane secrets A with Alt+Ctrl+Del key combination（Vientiane） After the boot, when appears the blue background, immediately press the key combination, pop-up“close Program”dialog box, if inside there is“client”after the immediately closed, when the discovery of“ | --- Unknown”program is...

Windows Vista输入法状态判断错误绕过认证漏洞

Microsoft Windows Vista是一款微软公司新开发的操作系统。 Microsoft Windows Vista提供的输入法机制存在设计问题，远程攻击者可以利用漏洞未授权访问应用系统。 一个输入法被安装到Vista系统，默认会出现在登录界面或锁屏状态中，操作系统默认应该根据自身运行状态提供不同的功能。不过Windows Vista没有正确检查当前系统登录状态，会不正确的把特权功能提供给未登录进系统的用户。在恶意用户可以接触物理终端或者通过终端服务会话访问有此漏洞系统，通过执行输入法提供的某些帮助功能可绕过访问机制，获得对系统的控制。...

Windows Vista reproduction IME privilege elevation vulnerability-vulnerability warning-the black bar safety net

Today saw the news, reports the Google keyboard there is privilege elevation vulnerability. Immediately in the Vista under the test a little, found the problem really very serious, and the vulnerability is not only present in the Google keyboard, I use the pole of the Chinese input method also...

Hack tips of the hands to teach you to easily crack the cafe! - Vulnerability warning-the black bar safety net

Crack Vientiane secrets A with Alt+Ctrl+Del key combination（Vientiane） After the boot, when appears the blue background, immediately press the key combination, pop-up“close Program”dialog box, if inside a“client”after the immediately closed, when the discovery of the“unknown”program is also close...

Microsoft Windows韩语输入法编辑器权限提升漏洞（MS06-009）

Microsoft Windows是微软发布的非常流行的操作系统。 Windows和Office韩语输入法编辑器（IME）中存在权限提升漏洞，可能允许恶意用户完全控制受影响的系统。 攻击者可以通过终端服务连接到服务器或在控制台，在登录界面上，调出韩文输入法，点击查看授权许可的链接，这时Winlogon进程会以系统权限执行显示授权信息的notepad程序。此时用户以普通用户登录进系统，即可以利用这个高权限的notepad进程提升自己的访问能力。 Microsoft Office 2003 Microsoft Windows XP SP2 Microsoft Windows XP SP1...

Microsoft Security Bulletin MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)

Microsoft Security Bulletin MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege 901190 Published: February 14, 2006 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows or Microsoft Office 2003 Impact of Vulnerability:...

Input validation

The ShellAbout API call in Korean Input Method Editor IME in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, whi...

CVE-2006-0008

The ShellAbout API call in Korean Input Method Editor IME in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, whi...

CVE-2006-0008

The ShellAbout API call in Korean Input Method Editor IME in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, whi...

CVE-2006-0008

The CVE-2006-0008 issue affects the Korean Input Method Editor (IME) on Windows XP SP1/SP2, Windows Server 2003 up to SP1, and Office 2003. A privilege-elevation flaw exists in the Korean IME; an attacker who can log on (locally or via Remote Desktop/Terminal Services) could exploit the ShellAbou...

MS06-009: Vulnerability in Korean Input Method Could Allow Elevation of Privilege (901190)

The remote version of Windows contains a flaw in the Korean input method that may allow a local attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need credentials to log into the remote host. C Tenable Network Security, Inc. include"compat.inc"; if...

Microsoft Windows Korean Input Method Editor Privilege Escalation Vulnerability

Description Microsoft Windows Korean Input Method Editor is prone to a local privilege-escalation vulnerability. Successful exploitation can allow local attackers to completely compromise a vulnerable computer. Technologies Affected Microsoft Office 2003 Microsoft Office 2003 SP1 Microsoft Office...

Microsoft Windows Korean Input Method Editor vulnerability

Overview The Microsoft Windows Korean Input Method Editor IME contains a privilege escalation vulnerability. Description According to Microsoft: An IME is a program that allows computer users to enter complex characters and symbols, such as Japanese characters, using a standard keyboard. The...

CVE-2005-4210

Opera before 8.51, when running on Windows with Input Method Editor IME installed, allows remote attackers to cause a denial of service persistent application crash by bookmarking a site with a long title...