117 matches found
Microsoft Windows Media ASF和ASX解析缓冲区溢出漏洞
Windows Media Player是Microsoft开发的流行的媒体播放程序。 Windows Media Format Runtime处理特殊的ASF和ASX文件存在问题,远程攻击者可利用漏洞以应用程序进程权限执行任意指令。 攻击者可以构建包含特殊Windows Media Player的内容恶意页面,诱使用户访问,可以以应用程序进程权限执行任意指令。目前没有详细漏洞细节提供。 Microsoft Windows Media Format 7.1 through 9.5 Series Runtime -Microsoft Windows 2000 Service Pack 4...
Microsoft Internet Explorer IMSKDIC.DLL拒绝服务漏洞
Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer实例化IMSKDIC.DLL COM对象存在问题,远程攻击者可以利用漏洞进行内存破坏攻击,可能以进程权限执行任意指令。 当Microsoft Internet Explorer尝试以ActiveX控件实例化IMSKDIC.DLLMicrosoft IME COM对象,可能破坏系统内存造成拒绝服务,可能导致任意代码执行。 Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0...
Microsoft Internet Explorer无效HTML解析代码执行漏洞(MS06-013)
Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer处理特制的无效HTML时存在漏洞。攻击者可以创建恶意的Web页面,如果用户访问了该页面的话就会导致内存破坏。成功利用这个漏洞的攻击者可以完全控制受影响的系统。 Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 6.0 - Microsoft Windows XP SP2 - Microsoft Windows Server 2003 SP1...
Microsoft Internet Explorer CreateTextRange远程代码执行漏洞(MS06-013)
Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer的createTextRange函数实现上存在漏洞,远程攻击者可能利用此漏洞在客户机器上执行任意指令。 Internet Explorer使用createTextRange时在某些环境下可能导致无需的列表指针引用,这样在试图调用引用的32位地址时就会出现错误,如下所示: 0x7D53C15D MOV ECX, DWORD PTR DS:EDI .. 0x7D53C166 CALL DWORD PTR ECX...
Microsoft Windows TCP/IP协议驱动远程溢出漏洞(MS06-032)
Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows的TCP/IP协议驱动处理特定畸形的IP源路由报文时存在缓冲区溢出漏洞,远程攻击者可以通过发送有Loose Source and Record Route选项的特制ICMP报文触发这个漏洞,导致tcpip.sys或ntoskrnl.exe中出现错误而造成拒绝服务或执行任意指令。 默认情况下,Windows系统的路由及远程访问服务是关闭的,也就是说默认情况下系统不受此漏洞影响。 Microsoft Windows XP SP2 Microsoft Windows XP SP1...
Microsoft Windows XML核心服务XSLT缓冲区溢出漏洞(MS06-061)
Microsoft Windows是微软发布的非常流行的操作系统。 Windows的XML核心服务在处理MSXML中可扩展样式表语言转换(XSLT)控件时存在字符串缓冲区溢出漏洞,成功利用此漏洞的攻击者可以完全控制受影响的系统。 攻击者可以通过建立恶意网页来利用此漏洞,如果用户访问该页面,即有可能允许远程执行指令。 Microsoft Office 2003 Service Pack 2 Microsoft Office 2003 Service Pack 1 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft...
Microsoft Windows Server 2003 - NetpIsRemote() Remote Overflow (MS06-040) (Metasploit)
Microsoft Windows Server 2003 - NetpIsRemote Remote Overflow MS06-040 Metasploit netapiwin2003.pm MS06-040 Exploit for Windows Server 2003 SP0 Author: Trirat Puttaraksa Kira http://sf-freedom.blogspot.com For educational purpose only Note: This exploit is developed because of my question "Is it...
Heap overflow
Heap-based buffer overflow in the Server Service SRV.SYS driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size...
Microsoft Windows XP2003 - IGMP v3 Denial of Service (MS06-007) (1)
Microsoft Windows XP2003 - IGMP v3 Denial of Service MS06-007 1 / IGMP v3 DoS Exploit ref: http://www.juniper.net/security/auto/vulnerabilities/vuln2866.html ref: http://www.microsoft.com/technet/security/Bulletin/MS06-007.mspx by Alexey Sintsov [email protected] Req: Administrator rights on system...
Microsoft Windows HSC DVD Driver Upgrade Code Execution Vulnerability
Description A security vulnerability has been reported in Microsoft Windows XP and Server 2003 operating systems. This issue exists in the Help and Support Center HSC and is due to how the feature handles HCP invocation URIs for DVD driver upgrades. This issue could be exploited from a malicious...
Microsoft Windows Help And Support Center URI Validation Code Execution Vulnerability
Description Microsoft has reported a vulnerability in the Help and Support Center that is related to how HCP URIs are validated. This issue could reportedly be exploited via a malicious web page or HTML e-mail to execute arbitrary code on a client system. The issue may permit an attacker to injec...
CVE-2003-0839
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. dot dot sequences in a "shell:" link...
CVE-2003-0839
CVE-2003-0839 is a directory traversal vulnerability in the Shell Folders capability of Microsoft Windows Server 2003. Remote attackers could read arbitrary files by using .. sequences in a shell: link. The vulnerability impacts the confidentiality of affected systems (CVSS v2 Base Score 5.0, MED...
Security Update for Outlook Express for Windows Server 2003 (KB897715)
A security issue has been identified that could allow an attacker to compromise a computer running Microsoft Outlook Express and gain control over it. User interaction is required to exploit this vulnerability. You can help protect your computer by installing this update from Microsoft. After you...
Security Update for Windows Server 2003 (KB3012168)
A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...
Security Update for Windows Server 2003 for Itanium-based Systems (KB979309)
A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...
Security Update for Windows Server 2003 (KB970238)
A security issue has been identified that could allow an authenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...