Microsoft Hyperlink Object Library stack buffer overflow

Overview The Microsoft Windows system library for handling hyperlinks contains a buffer overflow. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Description Microsoft Hyperlink Object Library HLINK.DLL The Hyperlink Object Library provides interfaces for...

Mozilla contains a buffer overflow vulnerability in crypto.signText()

Overview Mozilla products contain a buffer overflow in the crypto.signText method. This may allow a remote attacker to execute arbitrary code. Description crypto.SignText JavaScript contains a crypto.signText method, which allows the user to digitally sign a text string. The problem The Mozilla...

Mozilla may process content-defined setters on object prototypes with elevated privileges

Overview Mozilla allows content-defined setters on object prototypes to execute with elevated privileges. This may allow a remote attacker to execute arbitrary code. Description Setters A setter is a method in JavaScript that sets the value of a property. The problem The setters in Mozilla are...

Apple Safari fails to properly handle archive files containing symbolic links

Overview Apple Safari fails to properly handle archive files that contain symbolic links, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. Symbolic links Symbolic links are...

Mozilla JavaScript security bypass vulnerability

Overview Mozilla products fail to properly enforce security restrictions in JavaScript. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Mozilla Foundation Security Advisory 2006-28:The security check in jsValueToFunctionObject ca...

Apple Safari vulnerable to buffer overflow

Overview Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Safari Apple Safari is a web browser that comes with the Mac OS X operating system. The Problem Apple Safari contains a stack-based...

IBM Lotus Notes ZIP file handling buffer overflow

Overview IBM Lotus Notes contains a buffer overflow when handling a ZIP file with a large file name. This could allow a remote attacker to execute arbitrary code on a vulnerable system. Description IBM Lotus Notes is an integrated client application that provides functionality including email,...

Apple QuickTime fails to properly handle corrupt TGA images

Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa TGA image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Several types of overflow...

Perl contains an integer sign error in format string processing

Overview The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl. Description Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes...

Apple Safari fails to perform security checks on links in rich text content

Overview Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Description Mac OS X includes the Safari web browser, which can display rich text RTF files directly. When Safari opens a ri...

WebEOC contains multiple SQL injection vulnerabilities

Overview WebEOC contains multiple SQL injection vulnerabilities that may allow attackers to execute sql queries, potentially viewing or modifying data, or executing database commands. Description WebEOC is a web-based crisis information management application that provides functions to gather,...

Groove Mobile Workspace vulnerable to script injection via SharePoint lists containing picture columns

Overview A vulnerability in the way that Groove Mobile Workspace handles picture columns embedded within SharePoint lists may allow attackers to execute an arbitrary script. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases,...

Apple Mac OS X chpass/chfn/chsh utilities do not properly validate external programs

Overview Apple Mac OS X Directory Service utilities use external programs insecurely, potentially allowing an attacker to execute arbitrary code. Description The OS X Directory Services have three utilities chpass, chfn, and chsh to update information in the user database, such as user name,...

Microsoft Word contains a buffer overflow vulnerability

Overview Microsoft Word contains a vulnerability that may result in the execution of code on the system with the privileges of the current user. Description Microsoft Word contains a vulnerability that may be exploited by opening a maliciously-crafted word document. Successful exploitation would...

OpenConnect Webconnect read-only directory traversal vulnerability in jretest.html

Overview OpenConnect Webconnect contains a read-only directory traversal vulnerability in the file jretest.html. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running o...

Apple Mac OS X vulnerable to buffer overflow in ColorSync ICC color profile handling

Overview Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. Description The Apple Mac OS X operating system contains support for ICC color profiles in the ColorSync component. This...

XFree86 vulnerable to buffer overflow via error in 'ReadFontAlias()' function

Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...

GdkPixbuf ICO parser contains an integer overflow vulnerability

Overview An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user...

libXpm image library vulnerable to buffer overflow

Overview libXpm image parsing code contains a buffer overflow vulnerability that may allow an attacker to cause a denial-of-service condition or execute arbitrary code. Description X PixMap XPM is a format for encoding and decoding images on the X Windows System 11 X11. libXpm is a library of...

CVS "history" command may disclose sensitive information

Overview A vulnerability exists in the history command of Concurrent Versions System CVS. If exploited, this vulnerability could disclose sensitive information about files and directories on an affected system to a remote, authenticated CVS user. Description Concurrent Versions System CVS is a...

Cisco 6000/6500/7600 series systems fail to properly process layer 2 frames

Overview Cisco 6000/6500/7600 series systems with Multilayer Switch Feature Card 2 MSFC2 fail to properly process layer 2 frames. Description Cisco 6000/6500/7600 series systems with MSFC2 contain a vulnerability in the way layer 2 frames are processed in software. By sending a specially crafted...

Microsoft Exchange Server 2003 fails to assign user credentials to proper mailbox

Overview A flaw in the authentication mechanism that Microsoft Exchange Server 2003 uses for Outlook Web Access users in some configurations could expose another user's mailbox. Description Outlook Web Access OWA is a feature of Microsoft Exchange Server 2003. By using OWA, a server that is runni...

tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c

Overview tcpdump contains a vulnerability in the way it parses Remote Authentication Dial In User Service RADIUS packets. Description tcpdump is a widely used network sniffer that is capable of decoding RADIUS packets. A vulnerability exists in the way the tcpdump printattrstring function in...

Multiple vulnerabilities in S/MIME implementations

Overview Multiple vulnerabilities exist in different vendors' S/MIME Secure/Multipurpose Internet Mail Extensions implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National...

IRISconsole allows login to the "iceadmin" account with incorrect password

Overview SGI IRIS console contains a vulnerability which may allow a local attacker to gain elevated privileges. Description SGI describes IRISconsole as a "central control point that manages and monitors servers and logs their activity." A vulnerability in IRISconsole may allow a local attacker ...

Cisco VPN 3000 Concentrator may allow access to internal hosts when IPsec over TCP is enabled

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to access systems that should not be accessible. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed...

Mac OS X LDAP plugins transmit user credentials in clear text

Overview Versions 10.2 and later of Apple's MacOS X operating system include support for the Lightweight Directory Access Protocol LDAP. A vulnerability in the way some of these versions of MacOS X handle authentication in certain environments could expose user's passwords in plaintext as they're...

Buffer Overflow in mod_ssl

Overview A buffer overflow exists in modssl. Description modssl is an Apache module that allows secure connections over X.509 authenticated channels. A buffer overflow exists in the sslcompatdirective function. For more detailed information, please see the original vulnerability report. --- Impac...

IBM AIX "secldapclntd" daemon authentication vulnerability

Overview A vulnerability in the secldapclntd daemon in IBM's AIX operating system could allow unauthorized remote users to modify accounts on the system. Description According to the IBM bulletin for this issue:"The secldapclntd daemon accepts requests from the LDAP load module, forwards requests...

Microsoft Windows RPC service vulnerable to DoS via NULL pointer dereference

Overview The RPC service in Microsoft Windows NT 4.0, 2000, and XP can be terminated by a specially crafted RPC message. A remote attacker could cause a denial of service. Description According to Microsoft Security Bulletin MS03-010, "Remote Procedure Call RPC is a protocol used by the Windows...

The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic.

Overview ISS RealSecure Network Sensor "informational signatures" fail to properly process certain types of DHCP traffic, thereby causing the sensor to crash. Description The ISS RealSecure Network Sensor fails to properly process certain types of DHCP traffic. If the sensor processes certain typ...

Lotus Domino web server vulnerable to buffer overflow via long HTTP authentication header containing non-ASCII characters

Overview A remotely exploitable buffer overflow exists in versions of IBM's Lotus Domino web server prior to R5.0.10. Description A remotely exploitable buffer overflow exists in the Lotus Domino web server. The overflow can occur as the result of an overly long HTTP Authenticate header containin...

Microsoft Windows XMLHTTP component allows remote access to local data sources

Overview The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked. Description Description from MS02-008:Microsoft XML Core Services MSXML includes the XMLHTTP ActiveX control, which...

X11 vulnerable to buffer overflow in handling of -xrm option

Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...

FreeBSD privilege elevation vulnerability

Overview A locally exploitable privilege elevation vulnerability exists in FreeBSD. Description A locally exploitable privilege elevation vulnerability exists in FreeBSD. For more information, please see the Pine Internet Security Advisory. --- Impact A local user can gain root privileges. ---...

Microsoft ASP.NET contains buffer overflow

Overview Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode. Description ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.A remotely exploitable buffer...

Oracle TNS Listener Control Utility (LSNRCTL) contains format string vulnerability

Overview The Oracle Listener Control Utility LSNRCTL contains a format string vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code or commands or cause a denial of service. Description Oracle Transparent Network Substrate TNS Listeners are processes that...

ISC BIND 9 fails to process additional data chains in responses correctly thereby causing the server to fail an internal consistency check

Overview A denial-of-service vulnerability exists in version 9 of the Internet Software Consortium's ISC Berkeley Internet Name Domain BIND server. ISC BIND versions 8 and 4 are not affected. Exploiting this vulnerability will cause vulnerable BIND servers to shut down. Description BIND is an...

OpenBSD kernel fails to properly check closed file descriptors "0-2" when running setuid program

Overview The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. Other OS kernels may be vulnerable as well. Description The OpenBSD kernel does not adequately check file descriptors 0-2 prior to execing setuid binaries. As a result, an attacker may be...

AOL Instant Messenger vulnerable to denial of service via crafted file name

Overview AOL Instant Messenger AIM 4.1 and prior are vulnerable to a denial of service vulnerability. A denial of service occurs when filenames that contain a "%s" are sent to a victim. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM...

Microsoft Internet Explorer Permits Remote Command Execution Through <OBJECT> Tag

Overview Microsoft Internet Explorer IE permits the remote execution of arbitrary commands via the tag. Description A vulnerability exists in the way that Microsoft Internet Explorer IE handles tags. If the CLASSID CLSID is unrecognized, then Internet Explorer will execute arbitrary commands...

PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution

Overview Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server. Description PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium,...

ICQ contains a buffer overflow while processing Voice Video & Games feature requests

Overview There is a remotely exploitable buffer overflow in ICQ. Attackers that are able to exploit the vulnerability may be able to execute arbitrary code with the privileges of the victim user. Description ICQ is a program for communicating with other users over the Internet. ICQ is widely used...

Digital Unix msgchk vulnerable to file contents disclosure via symlink redirection of profile

Overview msgchk, a part of the MH mail system, reads the user's .mhprofile in order to obtain configuration options. If the .mhprofile is linked to another file with illegal format, the first line of that file will be displayed in an error message by msgchk. Description msgchk is the portion of t...

Netscape vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview During installation, Netscape 6.0.1 creates a temporary file with insecure options and a predictable name in a world-writable location. By using a symbolic link attack, an attacker could cause overwrite of arbitrary files. Description The installation script for Netscape 6.0.1 creates a...

Tripwire vulnerable to arbitrary file overwriting via symlink redirection of temporary file

Overview Tripwire is a file integrity verification utility for Unix and Linux operating systems. In some implementations, tripwire opens insecure temporary files with predictable names in publically-writable directories. Using a symbolic link attack, a local intruder may overwrite or create...

Syskey reuses keystream

Overview Versions of SYSKEY in use prior to December, 1999 leave the SAM database vulnerable to cryptanalytic attacks. Description SYSKEY is a utility introduced in Microsoft Windows NT 4.0 service pack 3 to provide strong cryptographic protection to the SAM password database. The protection SYSK...

Cisco IOS vulnerable to deferred DoS via SYN scan to certain TCP port ranges

Overview Cisco Internetwork Operating System IOS may reload unexpectedly after being scanned on certain ports. Description Certain versions of Cisco IOS contain a vulnerability that allows the router to enter an unstable state after receiving a connection attempt on any TCP port in the following...

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...

IBM AIX line printer daemon contains a buffer overflow in chk_fhost()

Overview The Line Printer daemon lpd shipped with AIX systems contains a buffer overflow in chkfhost that potentially allow a malicious remote user to gain root privileges. Description A buffer overflow exists in the chkfhost function of the line printer daemon lpd on AIX systems. An intruder cou...