Avaya Communication Manager存在多个安全漏洞

BUGTRAQ ID: 29939 CNCAN ID：CNCAN-2008062702 Avaya Communication Manager是一款IP语音通信解决方案。 Avaya Communication Manager WEB管理接口存在多个安全问题，远程攻击者可以利用漏洞执行任意代码，提升特权，获得敏感信息等攻击。 -配置数据查看或恢复信任凭证时存在问题可导致提升特权。 -配置本地数据查看和恢复参数时可导致以登录用户进程权限执行系统命令。 -配置存在问题可导致系统信息恢复，包括加密密码信息。 -无需验证从对象文件夹中执行脚本。 -无需验证可执行不需要的默认应用程序。...

Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may aid in further attacks. Technologies Affected Avaya Messaging Application Server Avaya S8100 Media Servers Avaya S8100 Media...

Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors. An attacker may exploit this vulnerability to execute arbitrary code in the context of the user running the affected browser...

Microsoft Windows Manifest File Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability because the software fails to properly process and manage file manifests. An attacker may exploit this issue to manipulate file manifests to elevate user privileges. Successful exploits will result in the complet...

Microsoft Agent ActiveX Control Remote Code Execution Vulnerability

Description The Microsoft Agent ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Technologies Affected Avaya S8100 Media Servers Avaya S8100 Media Servers R10 Avaya S8100 Media Servers...

Microsoft Windows GDI的内核本地特权升级漏洞

Microsoft Windows容易局部特权升级,因为数据结构漏洞的GDI绘制的内核可以重新部署为读写其他进程.入侵者可能利用此问题来执行任意机器代码与系统级特权.成功可能造成影响的计算机的完全妥协.失败可能导致拒绝服务. Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft...

Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability

Description Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. A malicious file can cause an...

Microsoft MSDTC COM+ Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability in the COM+ Component Object Model functionality of the MSDTC Microsoft Distribution Transaction Coordinator service. This issue may permit remote and local attackers to execute arbitrary code in the context of the service. This issue may ...

Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability

Description The Microsoft MSDTC Microsoft Distribution Transaction Coordinator service is prone to a vulnerability that may permit denial of service attacks against the service or facilitate distributed denial of service attacks against other computers. The vulnerability exists in the TIP...

Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut .lnk file. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and...