Microsoft Collaboration Data Objects buffer overflow

Overview A buffer overflow in Microsoft Collaboration Data Objects may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Collaboration Data Objects CDO is a scripting library used to develop applications that handle email. Note that C...

VulnCheck KEV: CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...

security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface...

security flaw

Integer overflow in the Binary File Descriptor BFD library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer...

CVE-2005-2704

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface...

pwnzilla.txt

/ SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all. FireFox optimized iSY iS; .sS Exploit for IDN host name heap buffer overrun in .SSSSSSS .sS Mozilla browsers FireFox, Mozilla and Netscape iS; .sS Copyright C 2003-2005 by Berend-Jan Wever. .SS sSSSSSSP Official release:...

security flaw

Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface...

Mozilla Browsers 0xAD (HOST:) Remote Heap Buffer Overrun Exploit (v2)

No description provided by source. HTMLSCRIPT / SSSSSSS, SSSSSSS' PwnZilla 5 - One sploit fits all. FireFox optimized iSY iS; .sS Exploit for IDN host name heap buffer overrun in .SSSSSSS .sS Mozilla browsers FireFox, Mozilla and Netscape iS; .sS Copyright C 2003-2005 by Berend-Jan Wever. .SS...

CVE-2005-3008

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes...

CVE-2005-3008

Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes...

CVE-2005-3008

CVE-2005-3008 affects Tofu 0.2, where remote attackers can cause arbitrary Python code execution by sending crafted pickled objects that Tofu unpickles and executes. Root cause is untrusted unpickling of serialized data. The provided documents describe the vulnerability and its impact as remote c...

CVE-2005-2875

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes...

CVE-2005-2875

Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes...

CVE-2005-2875

CVE-2005-2875 affects Py2Play, where remote untrusted pickled objects can be unpicked and executed, enabling arbitrary code execution. Multiple sources (Debian DSA-856-1, GLSA 200509-09, Gentoo/OpenVAS advisories, and the GHSA entry) describe py2play as a remote-execution risk via untrusted data ...

DEBIAN-CVE-2005-2656

Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service disk consumption and possibly perform other unauthorized activities...

CVE-2005-2656

Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service disk consumption and possibly perform other unauthorized activities...

Debian DSA-794-1 : polygen - programming error

Justin Rye noticed that polygen generates precompiled grammar objects world-writable, which can be exploited by a local attacker to at least fill up the filesystem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debi...

CVE-2005-2127

CVE-2005-2127 is a remote code-execution vulnerability in Internet Explorer 5.01/5.5/6 related to memory corruption when instantiating certain COM objects not designed for IE. The issue, documented as COM Object Instantiation Memory Corruption, affects multiple CLSIDs (e.g., Msdds.dll, Blnmgrps.d...

CVE-2005-2127

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally...

[Full-disclosure] COM objects and MSIE vulnerabilities recap + additional fix

Disclaimer: The information in this email is distributed WITHOUT ANY WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE LAW; without even the implied warranty of CORRECTNESS or FITNESS FOR A PARTICULAR PURPOSE. You know the drill... Affected products: Various COM objects when loaded in Microsoft...