16 matches found
CVE-2008-1200
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine msjet40.dll. NOTE: this is probably a different issue than CVE-2007-6026...
Design/Logic Flaw
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...
Integer overflow
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 3GP video file...
CVE-2007-0714
Apple QuickTime UDTA atom integer overflow vulnerability (CVE-2007-0714) exists in parsing of UDTA data in QuickTime files. A crafted MOV file can trigger an integer overflow, leading to a heap overflow and potential remote code execution under the user’s context. Affected products are QuickTime ...
CVE-2007-0913
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876,...
CVE-2007-0644
Format string vulnerability in Apple Safari 2.0.4 419.3 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in filenames that are not properly handled when calling the 1 NSLog and 2 NSBeginAlertSheet Apple AppKit functions...
CVE-2007-0645
Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...
Cross site scripting
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...
CVE-2006-4685
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains...
CVE-2006-4693
CVE-2006-4693 is a remote code execution vulnerability in Microsoft Word for Mac (Word 2004 for Mac and Word v.X for Mac). A crafted Word file can trigger code execution during parsing, and this issue is treated separately from CVE-2006-3647 and CVE-2006-3651. It is addressed by Microsoft Securit...
CVE-2006-3868
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag...
CVE-2006-3493
CVE-2006-3493 (Microsoft Office) involves a buffer overflow in the LsCreateLine function of mso.dll and mso9.dll used by Word and possibly other Office components (Office 2000–2003). The memory corruption could crash the Word client or potentially lead to arbitrary behavior when processing crafte...
CVE-2006-1467
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...
Integer overflow
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...
CVE-2006-2766
CVE-2006-2766 describes a Buffer Overflow in MHTML parsing within Windows components that impacts Microsoft Internet Explorer 6 (up to SP2), Windows Explorer, and Outlook Express 6. The vulnerability is triggered by processing a long MHTML URI value in a URL file, allowing remote user-assisted at...
Design/Logic Flaw
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a MACOSX folder that contains metadata resource fork that invokes the Terminal, which automatically interprets the...