Mozilla Foundation Security Advisory 2010-30

Mozilla Foundation Security Advisory 2010-30 Title: Integer Overflow in XSLT Node Sorting Impact: Critical Announced: June 22, 2010 Reporter: Martin Barbella Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.4 Firefox 3.5.10 Thunderbird 3.0.5 SeaMonkey 2.0.5 Description Security...

Integer Overflow in XSLT Node Sorting — Mozilla

Security researcher Martin Barbella reported via TippingPoint's Zero Day Initiative that an XSLT node sorting routine contained an integer overflow vulnerability. In cases where one of the nodes to be sorted contained a very large text value, the integer used to allocate a memory buffer to store...

Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal — Mozilla

Security researcher Nils of MWR InfoSecurity reported that the routine for setting the text value for certain types of DOM nodes contained an integer overflow vulnerability. When a very long string was passed to this routine, the integer value used in creating a new memory buffer to hold the stri...

Mozilla Fast-Tracks Fix For Critical Firefox Flaw

Mozilla has fast-tracked a patch for a critical vulnerability affecting its flagship Firefox browser. The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks. The flaw was originally released into the VulnDisco exploit...

WOFF heap corruption due to integer overflow — Mozilla

Security researcher Evgeny Legerov of Intevydis reported that the WOFF decoder contains an integer overflow in a font decompression routine. This flaw could result in too small a memory buffer being allocated to store a downloadable font. An attacker could use this vulnerability to crash a victim...

Touch22 Image22 ActiveX Control Buffer Overflow

Touch22 Image22 ActiveX is an application to create images for Microsoft Windows. A buffer overflow vulnerability has been discovered in Touch22 Image22 ActiveX. The vulnerability is due to an error in the application that fails to properly bounds check user-supplied data before copying it into a...

Mercury/32 <= v4.01b PH Server Module Buffer Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Mercury/32 %...

Omni-NFS Multiple Stack Buffer Overflow Vulnerabilities

Omni-NFS is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied network data before copying it into an insufficiently sized memory buffer. The issues affect both server and client. Exploiting these issues allows...

Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability

Description Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine...

Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability

Description Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in...

Ubuntu Update for libsndfile vulnerability USN-525-1

Ubuntu Update for Linux kernel vulnerabilities USN-525-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5251.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for libsndfile vulnerability USN-525-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Ghostscript &lt; 8.64 'gdevpdtb.c' Buffer Overflow Vulnerability

No description provided by source. Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with...

ghostscript -- buffer overflow vulnerability

SecurityFocus reports: Ghostscript is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into a finite-sized buffer. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary dat...

MS09-0 0 1 Analysis-vulnerability warning-the black bar safety net

HD Moore moves really fast, the analysis has come out. The effect is only a DOS, not use. This update contains three vulnerabilities, the first one in the last 9 months out, only DOS, after two rather special, is not utilized, the reason is more complex, he is so described: The next two bugs CVE-...

VeryPDF PDFView OCX ActiveX OpenPDF Heap Overflow

The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected...

Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw...

VeryPDF PDFView - ActiveX Component Heap Buffer Overflow

VeryPDF PDFView - ActiveX Component Heap Buffer Overflow source: https://www.securityfocus.com/bid/32313/info The VeryPDF PDFView ActiveX control is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently...

FreeBSD Security Advisory (FreeBSD-SA-06:18.ppp.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:18.ppp.asc ADV FreeBSD-SA-06:18.ppp.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

Google Android Web Browser - .GIF File Heap Buffer Overflow

Google Android Web Browser - .GIF File Heap Buffer Overflow source: https://www.securityfocus.com/bid/28005/info Android Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized...

GlobalLink 2.6.1.2 - HanGamePlugincn18.dll ActiveX Control Multiple Buffer Overflow Vulnerabilities

GlobalLink 2.6.1.2 - HanGamePlugincn18.dll ActiveX Control Multiple Buffer Overflow Vulnerabilities source: https://www.securityfocus.com/bid/27626/info GlobalLink is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it...