43 matches found
Edraw PDF Viewer Component < 3.2.0.126 ActiveX Insecure Method Vuln
No description provided by source. Edraw PDF Viewer Component ActiveX Remote code execution vulnerability By Jambalaya of Nevis Labs Date: 2009.06.16 Vender: EdrawSoft Affected: Edraw PDF Viewer Component 3.2.0.126 other version may also be affected Overview: Edraw PDF Viewer Component is a light...
Honeywell ScanServer ActiveX Control (Update A)
Overview --------- Begin Update A Part 1 of 3 ---------- This ICS-CERT Advisory is an update to ICSA-11-103-01 – Honeywell ScanServer ActiveX Control, which was originally released on April 13, 2011. A security research company, Secunia, has released a report of a use-after-free...
Assessing risk for the November 2013 security updates
Today we released eight security bulletins addressing 19 CVE’s. Three bulletins have a maximum severity rating of Critical while the other five have a maximum severity rating of Important. We hope that the table below helps you prioritize the deployment of the updates appropriately for your...
MSCOMCTL.OCX Killbit: 996BF5E0-8044-4650-ADEB-0B013914E99C (MS12-027; CVE-2012-0158)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
MSCOMCTL.OCX Killbit: bdd1f04b-858b-11d1-b16a-00c0f0283628 (MS12-027; CVE-2012-0158)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in an ActiveX control. To trigger this issue, an attacker can create a malicious web page that initiates the vulnerable ActiveX control. Successful exploitation of this...
MSCOMCTL.OCX Killbit: 9181DC5F-E07D-418A-ACA6-8EEA1ECB8E9E (MS12-027; CVE-2012-0158)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in an ActiveX control. To trigger this issue, an attacker can create a malicious web page that initiates the vulnerable ActiveX control. Successful exploitation of this...
IBM SPSS SamplePower 'VsVIEW6' ActiveX Control Multiple Code Execution Vulnerabilities - Windows
IBM SPSS SamplePower is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
支付宝ptpusb.dll远程指令执行漏洞
阿里巴巴支付宝(Alipay)是阿里巴巴站点所提供的电子商务在线支付服务。 阿里巴巴支付宝的口令输入控件实现上存在漏洞,远程攻击者可能利用此漏洞控制用户机器。 支付宝的口令输入控件ptpusb.dll中存在远程代码执行漏洞。ptpusb.dll以如下方式引用Remove函数: InprocServer32: ptpusb.dll ClassID : 66F50F46-70A0-4A05-BD5E-FBCC0F9641EC id0x60030001, helpstring"method Remove" void Removein int idx; Remove函数以如下方式处理idx参数:...
ZDI-11-091: (0day) Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability
ZDI-11-091: 0day Cisco Secure Desktop CSDWebInstaller Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-091 February 23, 2011 -- CVE ID: CVE-2011-0926 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Cisco -- Affected Products: Cisco Secure Desktop ...
ZDI-11-092: (0day) Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability
ZDI-11-092: 0day Cisco Secure Desktop CSDWebInstaller ActiveX Control Cleaner.cab Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-092 February 23, 2011 -- CVE ID: CVE-2011-0925 -- CVSS: 8.3, AV:N/AC:M/Au:N/C:P/I:P/A:C -- Affected Vendors: Cisco -- Affected...
NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute
Vendor: NewV http:// www.newv.com.cn/ Product: NewV smartclient http://demo.newv.com.cn/lds/module/smartclientsetting.exe Vulnerable Version: 1.0.0.18 Status: Not Fixed, Vendor Alerted Risk level: High Credit: Yu Guoyuguo.cngmail.com Description: An input validation issue exists in the NewV Activ...
Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
This host is missing a critical security update according to Microsoft Bulletin MS08-032. OpenVAS Vulnerability Test $Id: gbms08-032.nasl 5362 2017-02-20 12:46:39Z cfi $ Description: Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability 950760 Authors: Madhuri D...
NewV Smartclient 1.0.0.18 Command Execution
Vendor: NewV http:// www.newv.com.cn/ Product: NewV smartclient http://demo.newv.com.cn/lds/module/smartclientsetting.exe Vulnerable Version: 1.0.0.18 Status: Not Fixed, Vendor Alerted Risk level: High Credit: Yu Guoyuguo.cngmail.com Description: An input validation issue exists in the NewV Activ...
Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)
This host is missing a critical security update according to Microsoft Bulletin MS08-032. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
iDefense Security Advisory 08.24.10: Adobe Shockwave Player Memory Corruption Vulnerability
iDefense Security Advisory 08.24.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 24, 2010 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web browser...
WebPlayer ActiveX控件拒绝服务漏洞
WebPlayer 2010是一款网络视频播放软件,它具有三个控件CVGPlayer55,CVGPlayer60,CVGPlayer70,当恶意网页中OBJECT标签的style属性:width=130或height=74时,实例化这三个控件将引起CPU占用率上升,IE崩溃. WebPlayer 20100226 设置下列CLSID的KillBit...
Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities
This host is installed with Hyleos ChemView ActiveX Control and is prone to multiple Buffer Overflow vulnerabilities. OpenVAS Vulnerability Test $Id: secpodhyleoschemviewactivexmultbofvuln.nasl 6532 2017-07-05 07:42:05Z cfischer $ Hyleos ChemView ActiveX Control Multiple Buffer Overflow...
iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
iDefense Security Advisory 02.23.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2010 I. BACKGROUND The getPlus Downloader is an application download and installation manager, distributed in the form of an ActiveX control. This control is used by Adobe Systems Inc. to install...
Microsoft Active Template Library (ATL) multiple security vulnerabilities
Memory corruptions, information leak, initialization problem, leading to killbit protection bypass...
Researcher Shows Killbit is No Defense on MsVidCtl Flaw
Ryan Smith, one of the researchers who found the bug in the Microsoft MsVidCtl DLL that the vendor is rushing to patch this week, has posted a short video demonstration of a technique that bypasses the stop-gap solution of preventing the vulnerable ActiveX control from loading. In the demo, Smith...