HP Online Support Services ActiveX StartApp() arbitrary code execution

Overview The HP Online Support Services ActiveX control contains a method called StartApp. This may allow a remote, unauthenticated attacker to execute local files on a vulnerable system in the context of the local user. Description HP Services provides online product support services including H...

Mozilla Firefox JavaScript engine fails to properly handle garbage collection

Overview Mozilla Firefox JavaScript engine fails to properly handle garbage collection. This vulnerability result in memory corruption, which in some cases may be exploitable to execute arbitrary code. Description Per Mozilla Foundation Security Advisory 2008-20:Fixes for security problems in the...

Yahoo! Music Jukebox YMP Datagrid ActiveX control stack buffer overflows

Overview The Yahoo! Music Jukebox YMP Datagrid ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes...

Liferay Portal Forgot Password User-Agent HTTP header XSS

Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to inject content into "Forgot Password" emails. Description Liferay Portal is an enterprise portal solution that uses Java...

Microsoft DirectX remote code execution

Overview Microsoft DirectX is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming multimedia...

Apple Mac OS X CoreText uninitialized pointer vulnerability

Overview Apple Mac OS X CoreText contains an uninitialized pointer vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple Mac OS X CoreText is a framework for handling text on Mac OS X Tiger 10.4 and later. Mac OS X...

Microsoft Windows DNS Server vulnerable to cache poisoning

Overview The Microsoft Windows DNS Server is vulnerable to cache poisoning, which may allow a remote, unauthenticated attacker to cause a Windows DNS server to provide incorrect responses to DNS queries. Description Microsoft Windows DNS Server is a service that provides DNS serving capabilities...

Intuit QuickBooks Online Edition ActiveX control stack buffer overflows

Overview The Intuit QuickBooks Online Edition ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that functions withi...

MIT Kerberos 5 kadmind buffer overflow vulnerability

Overview An unspecified vulnerability in MIT Kerberos kadmind server may allow an attacker to execute arbitrary code. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong...

Microsoft Windows URI protocol handling vulnerability

Overview Microsoft Windows fails to properly handle protocols specified in a URI, which could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a...

Apple QuickTime movie heap buffer overflow vulnerability

Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description Apple QuickTime contains a heap buffer overflow vulnerability. This vulnerability may allow an...

Apple iChat fails to properly handle crafted TXT key hashes

Overview A vulnerability in the way Apple iChat handles specially crafted TXT key hashes could lead to denial of service. Description Apple iChat is an instant message client for Apple Mac OS X. Apple iChat Agent is a back-end process that manages iChat sessions and available contacts. Apple...

Microsoft Excel memory access vulnerability

Overview An unspecified vulnerability in Microsoft Excel may allow a remote attacker to execute arbitrary code. Description Microsoft Excel contains a vulnerability. According to Microsoft Security Bulletin MS07-015 The vulnerability is caused when Excel opens a specially crafted Excel file which...

Cisco IOS fails to properly handle Session Initiated Protocol packets

Overview Cisco devices that run IOS and support voice traffic fail to properly handle Session Initiated Protocol packets. Exploitation of this vulnerability may result in a denial-of-service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. According t...

Microsoft Outlook fails to properly parse Office Saved Searches (.oss) files

Overview A vulnerability exists in the way Microsoft Outlook handles Office Saved Searches .oss. This vulnerability may allow a remote attacker to execute arbitrary code. Description Office Saved Searches .oss contain views of e-mail items that satisfy previous search criteria.Microsoft Outlook...

Microsoft Excel fails to properly parse malformed Palette records

Overview A vulnerability in the way that Microsoft Excel handles malformed Palette records could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly handle Palette records embedded in Excel documents. When a file containing a malformed...

Citrix ICA Client ActiveX control buffer overflow

Overview A vulnerability in an ActiveX control provided with the Citrix Presentation Server Client could allow a remote attacker to execute arbitrary code on an affected system. Description The Citrix Presentation Server Client software provides an ActiveX control that can be used to integrate th...

Symantec Veritas NetBackup bpcd.exe CONNECT_OPTIONS buffer overflow

Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...

Mozilla products allow execution of arbitrary JavaScript

Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...

Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...

Apple kernel exception handling vulnerability

Overview Apple Mac OS X may be vulnerable to privilege escalation via the Mach exception ports in the kernel. This vulnerability may allow a local user to execute arbitrary code with elevated privileges. Description Mach 3.0 is an open source microkernel used by Mac OS X that provides memory...

Apple QuickTime fails to properly handle FLC movies

Overview Apple QuickTime fails to properly handle FLC movies. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote audio, vide...

Microsoft Publisher does not adequately validate Publisher documents

Overview Microsoft Publisher does not adequately validate Publisher documents. This results in a buffer overflow vulnerability that could allow an attacker to execute arbitrary code with the privileges of the user running Publisher. Description Microsoft Publisher does not adequately validate...

BIND vulnerable to an INSIST failure via sending of multiple recursive queries

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

Microsoft Internet Explorer HTML layout rendering vulnerability

Overview Microsoft Internet Explorer fails to properly render certain HTML layout combinations. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the rendering of certain HTML layout combinations...

Apple Mac OS X Image RAW vulnerable to buffer overflow via specially crafted Canon RAW image

Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description RAW image files provide access to image information directly from a camera's sensor prior to in-camera processing, retaining the...

Mozilla contains multiple memory corruption vulnerabilities

Overview Mozilla products contain multiple vulnerabilities that can cause memory corruption. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products contain multiple bugs that cause the application to crash. In some cases, a crash may be...

Mozilla JavaScript engine contains multiple integer overflows

Overview The Mozilla JavaScript engine contains multiple integer overflows. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products that use the Mozilla JavaScript engine are vulnerable to integer overflows. Specifically, the...

Mozilla fails to properly handle garbage collection

Overview The Mozilla JavaScript engine fails to properly perform garbage collection, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Garbage collection According to Mozilla: Garbage collection is generally used to refer to algorithms that 1 determin...

Mozilla fails to properly handle simultaneous XPCOM events

Overview Mozilla products are vulnerable to memory corruption via simultaneous XPCOM events. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description XPCOMXPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides the...

Microsoft Windows ART image handling buffer overflow

Overview Microsoft Windows ART image handling routines are vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ART Images According to Microsoft Security Bulletin MS06-022: ART is...

Apple QuickTime FlashPix integer overflow

Overview Apple QuickTime fails to properly handle FlashPix images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remo...

Mozilla DHTML memory corruption vulnerabilities

Overview Mozilla products contain multiple unspecified vulnerabilities in the way they handle DHTML. These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Mozilla products fail to properly handle DHTML. This may allow memor...

Microsoft Internet Explorer fails to properly handle double-byte characters in specially crafted URLs

Overview Microsoft Internet Explorer IE fails to properly handle double-byte characters in URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description IE fails to properly handle double-byte characters in URLs. When a specially crafted HTML file is opened in IE...

Adobe Flash products contain multiple vulnerabilities

Overview Several vulnerabilities in Adobe Macromedia Flash products may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web...

Apple Safari automatically executes arbitrary shell commands or code

Overview Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Explicit binding Mac OS X supports a feature called...

Microsoft PowerPoint may disclose information in the Temporary Internet Files Folder

Overview Microsoft PowerPoint contains an information disclosure vulnerability. As a result, sensitive information may be exposed to untrusted parties. Description Microsoft PowerPoint fails to properly restrict access to objects in the Temporary Internet Files Folder TIFF. This vulnerability is...

Oracle Database Data Pump Metadata API SQL injection vulnerability

Overview Oracle Database Data Pump Metadata API is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description The Oracle Database Data Pump Metadata API fails to properly filter user-supplied input. This may...

Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability

Overview Microsoft Windows Graphics Rendering Engine contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF and...

Microsoft DDS Library Shape Control (msdds.dll) COM object contains an unspecified vulnerability

Overview Microsoft DDS Library Shape Control COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components...

Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files

Overview Apple Mac OS X WebKit and Safari security controls may be bypassed, possibly allowing remote command execution. Description Mac OS X includes the Safari web browser, which can display Portable Document Format PDF files directly. This functionality is part of the WebKit system framework...

GNOME gedit contains format string vulnerability

Overview gedit has a format string vulnerability in some error dialogs that can occur when a file is opened for editing. Description gedit is the official text editor of the GNOME desktop environment. gedit 2.10.2 has a format string error in some some error dialogs that can occur when a file is...

Adobe Acrobat and Acrobat Reader vulnerable to information disclosure via "LoadFile()" method in ActiveX control

Overview Adobe Acrobat Reader and Acrobat web control contain a flaw that allows the existence of local files to be discovered. Description The Adobe Acrobat Internet Explorer ActiveX web control may disclose the existence of local files if the LoadFile method is called with the complete file nam...

Apple Terminal fails to properly sanitize input for "x-man-page" URI

Overview Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. Description Mac OS X 10.3 includes a URI handler called x-man-page. It causes Apple Terminal to display a man page by using a URI of this form: x-man-page://command...

Mozilla may execute JavaScript with elevated privileges when defined in site icon tag

Overview Mozilla may execute JavaScript contained within a site icon tag with elevated privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPCOMXPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides t...

Microsoft font processing buffer overflow vulnerability

Overview A privilege elevation vulnerability exists in the way that Microsoft Windows processes certain fonts. This vulnerability could allow a logged on user to take complete control of the system. Description Due to an unchecked buffer in the processing of malicious fonts, a locally authenticat...

Mozilla status elements can be disabled via JavaScript

Overview Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL. Description Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using...

Microsoft Excel parameter validation error

Overview Microsoft has released a bulletin describing a remotely exploitable vulnerability in its Excel spreadsheet program. The vulnerability affects versions of Excel on Windows, MacOS 9, and MacOS X operating systems. Description There is a remotely exploitable vulnerability in Microsoft Excel...

GdkPixbuf XPM parser contains a stack overflow vulnerability

Overview A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

Mozilla fails to validate the DN of X.509 certificates

Overview Mozilla fails to verify that the Distinguished Name DN of an X.509 certificate is unique when importing it. A denial of service occurs when Mozilla imports a specially crafted, self-signed certificate that has the same DN as an existing Certificate Authority CA root certificate...