ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-08-18-1 ------------------------------------------------------------------------- ASPR 2011-08-18-1: Remote Binary Planting in Mozilla Firefox...

ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-08-18-2 ------------------------------------------------------------------------- ASPR 2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird...

Microsoft Windows Insecure Library Loading Vulnerability (2269637)

This host is missing a critical security update according to Microsoft Security Advisory 2269637. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902792. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2011-1975

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

Design/Logic Flaw

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

CVE-2011-1975

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

Microsoft Data Access Components (MDAC) Insecure Library Loading (MS11-059; CVE-2011-1975)

This is a remote code execution vulnerability. The vulnerability is due to the improper way in which the MDAC handles the loading of library files DLL. A remote attacker could trigger this vulnerability by enticing a victim to accept and open an excel related file on a remote folder SMB or Webdav...

PowerZip Insecure Library Loading Vulnerability

PowerZip is prone to insecure library loading vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Foxit Reader ActiveX Control Buffer Overflow and Insecure Library Loading Vulnerabilities

Two vulnerabilities have been discovered in Foxit Reader, which can be exploited by malicious people to compromise a user's system. 1 A boundary error in the FoxitReaderOCX ActiveX control when processing the "OpenFile" method can be exploited to cause a heap-based buffer overflow via an overly...

Foxit Reader Insecure Library Loading

Vulnerability title: Foxit Reader Insecure Library Loading CVSS Risk Rating: 2.9 Low Product: Foxit Reader Application Vendor: Foxit Vendor URL: http://www.foxitsoftware.com Public disclosure date: 7/21/2011 Discovered by: Jose Hernandez and Solutionary Engineering Research Team SERT Solutionary...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

IBM DB2 - DT_RPATH Insecure Library Loading Arbitrary Code Execution

IBM DB2 - DTRPATH Insecure Library Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/48514/info IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code wit...

IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution

// source: https://www.securityfocus.com/bid/48514/info IBM DB2 is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue to gain elevated privileges and execute arbitrary code with root privileges. Successfully exploiting this issue will result in...

PDFill Insecure Library Loading

Vulnerability title: PDFill Insecure Library Loading CVSS Risk Rating: 2.9 Low Product: PDFill PDF Editor 8.0 Application Vendor: PlotSoft Vendor URL: http://www.plotsoft.com Public disclosure date: 6/9/2011 Discovered by: Jose Hernandez and Solutionary Engineering Research Team SERT Solutionary...

Design/Logic Flaw

Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library...

Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability (Windows)

The host is running Google Picasa and is prone to arbitrary code execution vulnerability. OpenVAS Vulnerability Test $Id: gbgooglepicasaarbitrarycodeexecvulnwin.nasl 7019 2017-08-29 11:51:27Z teissa $ Google Picasa Insecure Library Loading Arbitrary Code Execution Vulnerability Windows Authors:...

Microsoft Word .docx Insecure Library Loading (MS11-023; CVE-2011-0107)

Microsoft Word is a popular word processing software. A remote code execution vulnerability has been reported in the way that Microsoft Word handles the loading of DLL files. The vulnerability is caused when Microsoft Office Word incorrectly restricts the path used for loading external libraries...

Google Picasa 3.x 不安全库装载任意代码执行漏洞

CVE ID: CVE-2011-0458 Google Picasa一款可帮助您在计算机上立即找到、修改和共享所有图片的图象浏览器。 Google Picasa在实现上存在不安全库加载漏洞，远程攻击者可利用此漏洞控制用户系统。 此漏洞源于应用程序以不安全的方式加载库。可通过"Locate on Disk"功能诱使用户打开位于远程WebDAV或SMB共享上的某些文件加载任意库。 Google Picasa 3.x 厂商补丁： Google ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.google.com...

Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011 CVE: CVE-2010-3146 BID: 42695 OSVDB: 67484 Background Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location. Problem Microsoft Office Groove has a vulnerability due to...

Microsoft Office Groove Insecure Library Loading

Added: 03/28/2011 CVE: CVE-2010-3146 BID: 42695 OSVDB: 67484 Background Microsoft Office Groove is a collaboration-based software application that allows teams and organizations to work together regardless of physical or network location. Problem Microsoft Office Groove has a vulnerability due to...