3704 matches found
Apple QuickTime QTIF integer overflow
Overview A vulnerability in Apple QuickTime's handling of files in the QTIF format could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime is a player for files and streaming media in a variety of different formats, including QuickTime Image...
Apple QuickTime PICT heap buffer overflow
Overview The Apple QuickTime player contains a heap buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description PICT is a graphics file format that was used by Apple Macintosh systems prior to OS X as their...
HP Mercury products vulnerable to buffer overflow
Overview Some HP Mercury products are vulnerable to a buffer overflow and may allow an attacker to execute arbitrary code. Description The magentproc.exe service provided with some HP Mercury products fails to properly parse values in the serveripname field. If an overly long value is sent in thi...
Microsoft Internet Explorer fails to properly interpret certain responses from FTP servers
Overview A vulnerability in the way Microsoft Internet Explorer handles responses from FTP servers may lead to execution of arbitrary code. Description Microsoft Internet Explorer contains an unspecified vulnerability that could be exploited when it attempts to interpret responses from FTP server...
Novell NetMail IMAP vulnerable to buffer overflow when processing "SUBSCRIBE" commands
Overview A vulnerability in the way Novell Netmail handles IMAP SUBSCRIBE commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the SUBSCRIBE...
CA BrightStor ARCserve Backup Message Engine RPC buffer overflow
Overview The Computer Associates BrightStor ARCserve Backup Message Engine contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that...
OpenOffice fails to properly process WMF and EMF files
Overview Multiple buffer overflow vulnerabilities exist in the OpenOffice.org office suite. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code on a vulnerable system. Description OpenOffice.org is a free office suite that is available for multiple...
Microsoft Word malformed pointer vulnerability
Overview A vulnerability in Microsoft Word could allow an attacker to compromise a vulnerable system. Description Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a...
Microsoft Word malformed string vulnerability
Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. It is possible that the vulnerability can be exploited by...
Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser
Overview Wireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition. Description Wireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.Thi...
Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection
Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...
Opera Web Browser fails to properly process overly long URLs
Overview The Opera Web Browser fails to properly process overly long URLs. This vulnerability may allow arbitrary code execution. Description Opera is a multi-platform web browser that is available for a range of operating systems and embedded Internet products. Opera contains a heap buffer...
Microsoft Office fails to properly parse malformed strings
Overview A vulnerability in the way Microsoft Office parses files with malformed strings may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted strings. According to Microsoft Security Bulletin...
Microsoft Windows WebViewFolderIcon ActiveX integer overflow
Overview The Microsoft Windows WebViewFolderIcon ActiveX control contains an integer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft WebViewFolderIcon object is an ActiveX control that comes with...
X.Org server fails to properly test for effective user ID
Overview A vulnerability in the X.Org server could allow a local attacker to gain administrative privileges or cause a denial of service on an affected system. Description The X.Org server program provides several command-line options that are meant to be parsed only when the program is running a...
Mozilla products fail to properly validate JavaScript constructors
Overview Mozilla products fail to properly validate references returned by JavaScript constructors. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description According to Mozilla Foundation Security Advisory 2006-51: JavaScript functions have a...
Mozilla contains multiple memory corruption vulnerabilities
Overview Mozilla products contain multiple vulnerabilities that can cause memory corruption. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products contain multiple bugs that cause the application to crash. In some cases, a crash may be...
Microsoft Hyperlink Object Library stack buffer overflow
Overview The Microsoft Windows system library for handling hyperlinks contains a buffer overflow. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Description Microsoft Hyperlink Object Library HLINK.DLL The Hyperlink Object Library provides interfaces for...
Microsoft IP Source Route Vulnerability
Overview A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Source routing is a technique to determine the network route for a packet based on information supplied by the sender in the IP packet. The TCP/IP driver in so...
Apple Safari fails to properly handle archive files containing symbolic links
Overview Apple Safari fails to properly handle archive files that contain symbolic links, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Symbolic links Symbolic links are...
Apple Quicktime JPEG integer overflow
Overview Apple QuickTime fails to properly handle JPEG images. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote...
Microsoft Excel fails to properly perform range validation when parsing document files
Overview Microsoft Excel contains an error in range validation, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate ranges in data files. When a file with a malformed range is opened in Excel,...
Apple Safari vulnerable to buffer overflow
Overview Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. The Problem Apple Safari contains a stack-based...
Snort Back Orifice preprocessor buffer overflow
Overview A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description Snort is an open-source intrusion detection system IDS. A lack of validation on attacker-controlled...
Microsoft Plug and Play contains a buffer overflow vulnerability
Overview Microsoft Plug and Play contains a flaw in the handling of message buffers that may result in local or remote arbitrary code execution or denial-of-service conditions. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system...
Mozilla insecurely clones objects and member functions
Overview Mozilla fails to enforce security restrictions on cloned base objects. This may allow a remote attacker to execute arbitrary code on a vulnerable web browser. Description Mozilla supports the use of JavaScript to perform client side scripting. JavaScript uses prototyping as a way to...
TCP does not adequately validate segments before updating timestamp value
Overview Certain TCP implementations may allow a remote attacker to arbitrarily modify host timestamp values, leading to a denial-of-service condition. Description The Transmission Control Protocol TCP is defined in RFC 793 as a means to provide reliable host-to-host transmission between hosts in...
Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs
Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...
Apple Mac OS X Server Admin fails to properly restrict users from using the proxy service
Overview The Apple Mac OS X Server HTTP proxy service does not restrict access by default and may allow unintended remote users to use the service. Description Mac OS X Server includes a service to provide for HTTP proxying. The HTTP proxy service does not include any access restrictions in the...
Gaim vulnerable to DoS via specially crafted HTML
Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...
Gaim vulnerable to HTML processing denial of service
Overview Gaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition. Description From the Gaim project:Gaim is a multi-protocol instant messaging IM client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ Oscar...
LibTIFF vulnerable to integer overflow via corrupted directory entry count
Overview An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF. A lack of validation on user supplied input may allow buffer overflow to occur. TIFF files contain...
Microsoft Windows Program Group Converter vulnerable to buffer overflow
Overview Microsoft Program Group Converter contains a buffer overflow that may allow an attacker to execute arbitrary code. Description Microsoft describes Program Group Converter grpconv.exe as a application to "convert Program Manager Group files .grp extention that were created in Windows 3.1,...
Microsoft Windows contains buffer overflow in processing of WMF and EMF image files
Overview A vulnerability in the way the Microsoft Windows Graphics Rendering Engine processes certain types of image files could allow an attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats...
Microsoft Windows kernel fails to properly handle invalid opcodes used in DOS emulation
Overview A vulnerability in the way the Microsoft Windows kernel handles invalid opcodes used in DOS emulation could allow a local attacker to gain elevated privileges on a vulnerable system. Description The Virtual DOS Machine VDM provides support for 16-bit legacy operations and applications. F...
Microsoft Windows processing of zip files contains a buffer overflow
Overview A buffer overflow exists in the way Microsoft Windows processes zip files that may allow remote code execution. Description Microsoft Windows XP and Windows Server 2003 feature the ability to natively handle zip files. Microsoft has released bulletin MS04-034 describing a remotely...
ISC DHCP contains C Includes that define vsnprintf() to vsprintf() creating potential buffer overflow conditions
Overview The Internet Systems Consortium's ISC Dynamic Host Configuration Protocol DHCP 3 application contains a vulnerability that introduces several potential buffer overflow conditions. Exploitation of this vulnerability can cause a denial-of-service condition to the DHCP Daemon DHCPD and may...
util-linux login program discloses sensitive information
Overview util-linux login program uses a pointer that was previously freed and reallocated which could allow an attacker to gain access to sensitive information. Description util-linux is shipped with Red Hat and numerous other Linux distributions. It contains a collection of utility programs, su...
Linux kernel do_mremap() call creates virtual memory area of 0 bytes in length
Overview There is a vulnerability in the Linux kernel memory management routines that allows local users to gain superuser privileges. Description The Linux kernel contains a vulnerability in the domremap call that allows software to create a virtual memory area VMA with a length of 0 bytes. This...
NTP service vulnerable to internal overflow if date / time offset is greater than 34 years
Overview NTP Network TIme Protocol contains an integer overflow vulnerability that may lead to clients receiving an incorrect date/time offset. Description NTP Network Time Protocol is a method by which client machines can synchronize the local date and time with a reference server. The server wi...
Apple Mac OS X contains a vulnerability in DiskArbitration when initializing writable removable media
Overview Apple Mac OS X contains a vulnerability in the way DiskArbitration initializes writable removable media. Description The DiskArbitration Server in Apple Mac OS X tracks new disks and provides notifications announcing their availability. There is a non-specific vulnerability identified as...
Check Point ISAKMP vulnerable to buffer overflow via Certificate Request
Overview A buffer overflow vulnerability exists in the Internet Security Association and Key Management Protocol ISAKMP implementation used in Check Point VPN-1, SecuRemote, and SecureClient products. An unauthenticated, remote attacker could execute arbitrary code with the privileges of the ISAK...
HTTP Parsing Vulnerabilities in Check Point Firewall-1
Overview Several versions of Check Point Firewall-1 contain a vulnerability that allows remote attackers to execute arbitrary code with administrative privileges. Description The HTTP Security Servers component of Check Point Firewall-1 contains an HTTP parsing vulnerability that is triggered by...
Apache mod_rewrite vulnerable to buffer overflow via crafted regular expression
Overview A vulnerability in a supplementary module to the Apache HTTP server could allow an attacker to execute arbitrary code on an affected web server under certain circumstances. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional...
Microsoft Windows BR549.DLL ActiveX control contains vulnerability
Overview The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. Description Microsoft Security Bulletin MS03-032 briefly describes a vulnerability in the BR549.DLL...
IRISconsole allows login to the "iceadmin" account with incorrect password
Overview SGI IRIS console contains a vulnerability which may allow a local attacker to gain elevated privileges. Description SGI describes IRISconsole as a "central control point that manages and monitors servers and logs their activity." A vulnerability in IRISconsole may allow a local attacker ...
Sun Java Runtime Environment allows untrusted applets to access information within trusted applets
Overview The Sun Java Runtime Environment JRE contains a vulnerability that may lead to sensitive information being leaked. Description Sun Microsystems describes the Sun JRE as follows:The Java RE provides the libraries, Java virtual machine, and other components necessary for you to run applets...
ScriptLogic sets insecure permissions on "LOGS$" share
Overview Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging. Description The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain...
TCP/IP implementations handle unusual flag combinations inconsistently
Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...
ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure
Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...