JVN#58019849: GTK+ may insecurely load dynamic libraries

GTK+ is a toolkit for developing applications with GUIs. GTK+ contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries. Impact In an application that uses GTK+, arbitrary code may be executed with the privilege of that application. Solution Solution for...

ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-08-18-2 ------------------------------------------------------------------------- ASPR 2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird...

ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-08-18-1 ------------------------------------------------------------------------- ASPR 2011-08-18-1: Remote Binary Planting in Mozilla Firefox...

Fedora Update for gdk-pixbuf2 FEDORA-2011-8667

Check for the Version of gdk-pixbuf2 OpenVAS Vulnerability Test Fedora Update for gdk-pixbuf2 FEDORA-2011-8667 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

[SECURITY] Fedora 14 Update: gdk-pixbuf2-2.22.0-2.fc14

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

Internet Explorer Telnet URI Insecure Loading

Added: 08/16/2011 CVE: CVE-2011-1961 BID: 49027 OSVDB: 74494 Background A Uniform Resource Identifier URI allows a user to identify a name or a resource on the Internet while specifying the delivery protocol. Problem Unpatched versions of Internet Explorer versions 6 through 9 do not specify the...

Internet Explorer Telnet URI Insecure Loading

Added: 08/16/2011 CVE: CVE-2011-1961 BID: 49027 OSVDB: 74494 Background A Uniform Resource Identifier URI allows a user to identify a name or a resource on the Internet while specifying the delivery protocol. Problem Unpatched versions of Internet Explorer versions 6 through 9 do not specify the...

Internet Explorer Telnet URI Insecure Loading

Added: 08/16/2011 CVE: CVE-2011-1961 BID: 49027 OSVDB: 74494 Background A Uniform Resource Identifier URI allows a user to identify a name or a resource on the Internet while specifying the delivery protocol. Problem Unpatched versions of Internet Explorer versions 6 through 9 do not specify the...

Internet Explorer Telnet URI Insecure Loading

Added: 08/16/2011 CVE: CVE-2011-1961 BID: 49027 OSVDB: 74494 Background A Uniform Resource Identifier URI allows a user to identify a name or a resource on the Internet while specifying the delivery protocol. Problem Unpatched versions of Internet Explorer versions 6 through 9 do not specify the...

Cross site scripting

Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...

Microsoft Windows Insecure Library Loading Vulnerability (2269637)

This host is missing a critical security update according to Microsoft Security Advisory 2269637. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902792. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2011-1975

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

Design/Logic Flaw

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

CVE-2011-1975

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components Windows DAC 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as...

Windows URL Protocol Handler may insecurely load executable files

Overview Windows URL Protocol Handler may use unsafe methods for determining how to load executable .exe files. Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executab...

JVN#80404511: Windows URL Protocol Handler may insecurely load executable files

Windows URL Protocol Handler loads a specified executable for each protocol. Windows URL Protocol Handler contains an issue with the file search path, which may insecurely load executable files. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution...

Microsoft Data Access Components (MDAC) Insecure Library Loading (MS11-059; CVE-2011-1975)

This is a remote code execution vulnerability. The vulnerability is due to the improper way in which the MDAC handles the loading of library files DLL. A remote attacker could trigger this vulnerability by enticing a victim to accept and open an excel related file on a remote folder SMB or Webdav...

Microsoft Windows Data Access Component DLL Loading Arbitrary Code Execution Vulnerability

Description Microsoft Windows is prone to an arbitrary-code-execution vulnerability that affects the Data Access Component. Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application. Technologies Affected Avaya Aura Conferenci...

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

OpenTTD -- Buffer overflows in savegame loading

The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame...