CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a...

CVE-2006-5758

CVE-2006-5758 is a local elevation of privilege vulnerability in the Windows Graphics Rendering Engine (GDI) across Windows 2000 SP4 and Windows XP SP2. The underlying issue is how GDI Kernel structures are mapped into a global shared memory section created with insecure permissions: the section ...

NVidia Linux二进制图形驱动缓冲区溢出漏洞

NVidia是世界领先的图形处理芯片和显卡制造商。 NVIDIA的二进制blob驱动在加速渲染glyphs（文本字符数据）时存在缓冲区溢出，允许攻击者向内存中的任意位置写入数据。 XRender扩展提供一个名为XRenderCompositeString8的客户端函数要求X服务器在屏幕上渲染glyphs。服务程序的ProcRenderCompositeGlpyhs函数会处理这个请求，从渲染请求中提取出glyphs，创建一个glyph列表，然后通过注册的回调函数调用图形驱动。...

Debian DSA-973-1 : otrs - several vulnerabilities

Several vulnerabilities have been discovered in otrs, the Open Ticket Request System, that can be exploited remotely. The Common Vulnerabilities and Exposures Project identifies the following problems : - CVE-2005-3893 Multiple SQL injection vulnerabilities allow remote attackers to execute...

Debian DSA-1046-1 : mozilla - several vulnerabilities

Several security related problems have been discovered in Mozilla. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-2353 The 'run-mozilla.sh' script allows local users to create or overwrite arbitrary files when debugging is enabled via a...

Debian DSA-911-1 : gtk+2.0 - several vulnerabilities

Several vulnerabilities have been found in gtk+2.0, the Gtk+ GdkPixBuf XPM image rendering library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2975 Ludwig Nussel discovered an infinite loop when processing XPM images that allows an attacker to...

Microsoft Windows / Internet Explorer 0-day vulnerability

Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation...

CVE-2006-4868

CVE-2006-4868: A stack-based buffer overflow in VGX.dll (VML processing) used by Microsoft Outlook and Internet Explorer on Windows XP SP2 enables remote code execution via a crafted VML rect tag with a long fill parameter. Affected: Internet Explorer/VML handling. Impact per sources: arbitrary c...

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures

phpMyAdmin 2.x - Multiple Script Array Handling Full Path Disclosures source: https://www.securityfocus.com/bid/21137/info phpMyAdmin is prone to multiple input-validation vulnerabilities, including an HTML-injection vulnerability, cross-site scripting vulnerabilities, and information-disclosure...

Sage 1.3.6 - Input Validation

source: https://www.securityfocus.com/bid/19928/info The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of t...

SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-004 Advisory Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Author : Peter Ferrie / [email protected]...

SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID : SYMSA-2006-004 Advisory Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Author : Peter Ferrie / [email protected]...

Buffer overflow

Buffer overflow in the ART Image Rendering component jgdw400.dll in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption...

CVE-2006-2378

CVE-2006-2378 is a heap-based buffer overflow in the ART Image Rendering component (jgdw400.dll) used by AOL ART images in Microsoft Windows XP (SP1/SP2), Windows Server 2003 (SP1), and older/related OSes (including 98/Me). A crafted ART image can cause heap corruption, enabling remote code execu...

Integer overflow

Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile WMF or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based...

CVE-2006-2376

Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile WMF or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based...

CVE-2006-2376

A remote code execution vulnerability exists in Microsoft Windows’ Graphics Rendering Engine due to an integer overflow in the WMF/EMF PolyPolygon handling. The heap-based overflow is triggered when the sum of vertex counts and the number of polygons is added and multiplied without 32-bit overflo...

CVE-2006-2376

Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile WMF or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based...

Microsoft Graphics Rendering Engine fails to properly handle WMF images

Overview Microsoft Windows Graphics Rendering Engine contains a vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF. An...

Microsoft Security Bulletin MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

Microsoft Security Bulletin MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution 918439 Published: June 13, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Ratin...