1165 matches found
Microsoft Visual Studio ATL COM对象远程代码执行漏洞
Bugraq ID: 35828 CVE ID:CVE-2009-2493 Microsoft Visual Studio是一款微软公司的开发工具套件系列产品。 Microsoft活动模版库ATL处理数据流对象实例化时ATL头存在错误,远程攻击者可以利用漏洞绕过IE等Kill-bits安全策略,并导致任意代码执行。 此漏洞只影响安装了使用Visual Studio ATL的组件和控件的系统。如果组件或控件使用ATL,不安全使用OleLoadFromStream允许任意对象实例化,可绕过相关的安全策略,如 Internet Explorer的Kill...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Microsoft Office Web Components OWC.Spreadsheet Evaluate method vulnerability
Added: 07/14/2009 CVE: CVE-2009-1136 BID: 35642 OSVDB: 55806 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A memory corruption vulnerability allows command execution when a web page passes a specially crafted parameter to the...
Microsoft Security Bulletin MS09-032 - Critical Cumulative Security Update of ActiveX Kill Bits (973346)
Microsoft Security Bulletin MS09-032 - Critical Cumulative Security Update of ActiveX Kill Bits 973346 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability that is currently being exploited. The vulnerability ...
Winds3D Viewer GetURL()函数远程代码执行漏洞
BUGTRAQ ID: 35595 CVECAN ID: CVE-2009-2386 Awakening是一个功能强大的实时3D解决方案,Winds3D Viewer是Awakening的浏览器插件。 Winds3D Viewer以不安全的方式实现了GetURL函数: /----------- GetURLstring URL Description: Open browser to visit assigned URL returns: None - -----------/ 调用GetURL最终会执行相当于“ShellExecuteNULL, "open", URL, 0, 0,...
How to Protect Against the MSVidCtl Vulnerability
The ongoing exploitation of the vulnerability in an ActiveX control used by Internet Explorer has created a dangerous situation, as there is no patch yet for the MSVidCtl.dll vulnerability. However, there are several steps you can take to protect yourself against attacks. Microsoft has released a...
MS09-032: Cumulative Security Update of ActiveX Kill Bits (973346)
The remote host is missing a list of kill bits for ActiveX controls that are known to contain vulnerabilities. If these ActiveX controls are ever installed on the remote host, either now or in the future, they would expose it to various security issues. %NASLMINLEVEL 70300 C Tenable Network...
NetBSD x86 Kill All Processes Shellcode
/ netbsd/x86 kill all processes shellcode author REMOVED AT REQUEST OF AUTHOR contact REMOVED AT REQUEST OF AUTHOR this shellcode is using syscall number 37 or 0x25 37 STD int syskillint pid, int signum; here is assembler code using intel syntaxe and NASM --------------begin----------- section...
netbsd/x86 kill all processes shellcode 23 bytes
No description provided by source. / netbsd/x86 kill all processes shellcode this shellcode is using syscall number 37 or 0x25 37 STD int syskillint pid, int signum; here is assembler code using intel syntaxe and NASM --------------begin----------- section .note.netbsd.ident dd 0x07,0x04,0x01 db...
IBM AIX rpc.ttdbserver远程溢出漏洞
BUGTRAQ ID: 35419 IBM AIX是一款商业性质的UNIX操作系统。 AIX的ToolTalk库libtt.a中存在缓冲区溢出漏洞。如果/etc/inetd.conf中启用了rpc.ttdbserver的话,远程攻击者就可以通过提交恶意RPC请求触发这个溢出,导致以root用户权限执行任意指令。 IBM AIX 6.1 IBM AIX 5.3 IBM AIX 5.2 临时解决方法: 从/etc/inetd.conf中删除rpc.ttdbserver项并刷新inetd: chsubserver -r inetd -C /etc/inetd.conf -d -v...
netbsd/x86 kill all processes shellcode 23 bytes
Exploit for netbsd/x86 platform in category shellcode ================================================ netbsd/x86 kill all processes shellcode 23 bytes ================================================ / netbsd/x86 kill all processes shellcode this shellcode is using syscall number 37 or 0x25 37 S...
netbsd/x86 kill all processes shellcode 23 bytes
netbsd/x86 kill all processes shellcode 23 bytes. Shellcode exploit for netbsdx86 platform / netbsd/x86 kill all processes shellcode author Anonymous this shellcode is using syscall number 37 or 0x25 37 STD int syskillint pid, int signum; here is assembler code using intel syntaxe and NASM...
McAfee 3.6.0.608 naPolicyManager.dll ActiveX Arbitrary Data Write Vuln
No description provided by source. GOODFELLAS Security Research TEAM http://goodfellas.shellcode.com.ar Greetings to str0ke McAfee, Inc. 3.6.0.608 Policy Manager naPolicyManager.dll Arbitrary Data Write ============================================================================== Internal ID:...
McAfee 3.6.0.608 Active-X Data Write
GOODFELLAS Security Research TEAM http://goodfellas.shellcode.com.ar Greetings to str0ke McAfee, Inc. 3.6.0.608 Policy Manager naPolicyManager.dll Arbitrary Data Write ============================================================================== Internal ID: VULWAR20090616. -----------...
McAfee 3.6.0.608 - naPolicyManager.dll ActiveX Arbitrary Data Write
McAfee 3.6.0.608 - naPolicyManager.dll ActiveX Arbitrary Data Write GOODFELLAS Security Research TEAM http://goodfellas.shellcode.com.ar Greetings to str0ke McAfee, Inc. 3.6.0.608 Policy Manager naPolicyManager.dll Arbitrary Data Write...
McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write
GOODFELLAS Security Research TEAM http://goodfellas.shellcode.com.ar Greetings to str0ke McAfee, Inc. 3.6.0.608 Policy Manager naPolicyManager.dll Arbitrary Data Write ============================================================================== Internal ID: VULWAR20090616. -----------...
kernel: 'kill sig -1' must only apply to caller's pid namespace
The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...
kernel: exit_notify: kill the wrong capable(CAP_KILL) check
The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...