Apple Mac OS X UserNotificationCenter privilege escalation vulnerability

Overview Apple's UserNotificationCenter contains a vulnerability that may allow local users to gain elevated privileges. Description The Apple UserNotificationCenter contains a privilege escalation vulnerability. This vulnerability occurs because the Apple UserNotificationCenter runs with elevate...

Microsoft Windows fails to properly handle malformed OLE objects embedded in RTF documents

Overview A vulnerability in the way that Microsoft Windows handles OLE objects embedded within RTF documents may allow an attacker to execute arbitrary code. Description Microsoft Object Linking and Embedding OLE is a technology that allows applications to create and edit compound documents...

Microsoft Internet Explorer fails to properly instantiate COM objects

Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft Intern...

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

Samba AFS ACL mapping VFS plug-in format string vulnerability

Overview Samba AFS ACL mapping VFS plug-in contains a format string vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Samba AFS ACL mapping VFS plug-in fails to properly sanitize user-controlled file names that are used in ...

Mozilla LiveConnect vulnerable to crash finalizing JS objects

Overview A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service. Description Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may...

Acer LunchApp ActiveX Control fails to properly restrict access to methods

Overview The Acer LunchApp ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Description The Acer LunchApp ActiveX control is provided by LunchApp.ocx. It contains a method called Run, which takes three parameters:...

Microsoft Excel vulnerable to arbitrary code execution via malformed record

Overview A vulnerability in Microsoft Excel may allow an attacker to execute arbitrary code on a vulnerable system. Description A vulnerability exists in the way Microsoft Excel handles malformed records.Per Microsoft Security Bulletin MS07-002: A remote code execution vulnerability exists in...

Sun Java JRE vulnerable to arbitrary code execution via an undetermined error

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

Wireshark HTTP dissector vulnerability

Overview Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. Description Wireshark contains a vulnerability in the HTTP dissector that may allow an attacker to cause a denial of service condition. This vulnerability may be...

Microsoft Word malformed data structure vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word fails to properly handle malformed data structures allowing memory corruption to occur. This vulnerability can be triggered by opening a specially crafte...

Apple Mac OS X fails to properly handle corrupted DMG image structures

Overview Apple Mac OS X fails to properly handle corrupted DMG image structures. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. Description A vulnerability in the way Mac OS X com.apple.AppleDiskImageController handles...

Mozilla products contain several unspecified errors in the layout engine

Overview The Mozilla layout engine contains several unspecified vulnerabilities that may allow an attacker to execute arbitrary code or crash the vulnerable application. Description The Mozilla layout engine, also known as Gecko, is responsible for parsing HTML, XML, CSS, layout, and rendering...

Novell GroupWise Messenger fails to properly handle HTTP POST requests.

Overview Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition. Description Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sendin...

Wireshark contains an unspecified vulnerability in the SCSI dissector

Overview Wireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition. Description The SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.Wireshark states that Wireshark version...

Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones

Overview Asterisk contains an integer overflow vulnerability. This vulnerability may allow an attacker to run arbitrary code. Description Asterisk is an open-source PBX software package that provides voicemail, three-way calling, and other features. Skinny Client Control Protocol SCCP is a...

Cisco products contain hard-coded SNMP values

Overview Certain versions of the Cisco IOS software have a hard-coded SNMP read-write community string that cannot be changed by an administrator. Description Some versions of the Cisco IOS have a hardcoded SNMP read-write community string. This community string is designed to ensure that...

FileCOPA FTP server vulnerable to buffer overflow

Overview There is a buffer overflow vulnerability in the FileCOPA FTP server which may allow an attacker to execute arbitrary code. Description FileCOPA is an FTP server for Microsoft Windows that supports anonymous file transfers.There is a buffer overflow vulnerability in the FileCOPA FTP servi...

Apple AirPort wireless vulnerable to buffer overflow

Overview Two buffer overflow vulnerabilities exist in Apple AirPort wireless drivers. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description According to Apple:Two separate stack buffer overflows exist in the AirPort wireless driver's handling of malformed...

Microsoft Word 2000 malformed record vulnerability

Overview Microsoft Word 2000 contains a memory corruption vulnerability. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running Word 2000. Description Microsoft Word 2000 fails to properly handle malformed records leadin...

Apple Mac OS X Bom vulnerable to memory corruption via specially crafted ZIP file

Overview A memory corruption vulnerability in the Mac OS X Bom could allow a remote attacker to execute arbitrary code on an affected system. Description Apple's Bom is the archive file handler in the Mac OS X operating system. It features the ability to handle file archives in a number of...

Mozilla products fail to properly handle frame references

Overview Mozilla products fail to properly handle frame or window references. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description JavaScript references are not properly cleared after an object is deleted. An attacker may be able to use the reference to a...

Adobe Acrobat fails to properly convert files to PDF

Overview A vulnerability exists in Adobe Acrobat that may allow an attacker to execute arbitrary code. Description Adobe Acrobat contains a buffer overflow in the code that converts files to PDF. If an attacker can convince a user to create a PDF using specially-crafted input, that attacker may b...

Gracenote CDDB ActiveX control buffer overflow

Overview The Gracenote CDDB ActiveX control contains a buffer overflow vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description CDDB CDDB CD Data Base is an internet database provided by Gracenote. CDDB contains track lists and other informati...

Microsoft Excel vulnerability

Overview An unspecified vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a specially crafted document. It is possible that the vulnerability can ...

Microsoft Remote Access Connection Manager service vulnerable to buffer overflow

Overview A vulnerability in the Microsoft Remote Access Connection Manager may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft describes the Routing and Remote Access Service RRAS as follows:RRAS makes it possible for a computer to function as a...

Microsoft Exchange fails to properly handle vCal and iCal properties

Overview Microsoft Exchange Server does not properly handle the vCal and iCal properties of email messages. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an Exchange Server. Description Microsoft Exchange Server Microsoft's Exchange...

Microsoft Internet Explorer may automatically execute HTA files

Overview Microsoft Internet Explorer IE fails to properly handle HTA files. This vulnerability may allow a remote attacker to execute arbitrary code. Description HTML Application HTA HTML Applications HTAs are HTML documents that are executed as trusted applications. HTAs can run script, Java, or...

Sendmail signal I/O race condition

Overview A race condition in Sendmail may allow a remote attacker to execute arbitrary code. Description Sendmail Sendmail is a widely used mail transfer agent MTA. Mail Transfer Agents MTA MTAs are responsible for sending an receiving email messages over the internet. They are also referred to a...

Apple QuickTime image handling buffer overflow

Overview Apple QuickTime contains a heap-based buffer overflow that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime fails to properly validate QuickTime Images QTIF, potentially allowing a heap-based buffer overflow to occur. If ...

Research in Motion (RIM) BlackBerry Handheld web browser does not properly handle Java Application Description (JAD) files

Overview The Research in Motion RIM BlackBerry Handheld web browser is vulnerable to a denial of service via a specially crafted Java Application Description JAD file. Description The BlackBerry Handheld web browser does not properly handle malformed JAD files. JAD files in J2ME are used to...

Sun Java Runtime Environment applet privilege escalation vulnerability

Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...

Skype VCARD handling routine contains a buffer overflow

Overview A buffer overflow in the way Skype handles imported VCARDs may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. Skype fails to properly validate imported VCARDs, allowing a buffer overflow to occur. Th...

Apple Mac OS X QuickDraw Manager fails to properly handle corrupt PICT files

Overview Apple Mac OS X QuickDraw Manager contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Apple Mac OS X QuickDraw is a 2D graphics library. It is used by several applications, including Safari, Mail, and Finder. QuickDraw is used to render PICT...

Check Point Firewall rules may improperly handle network traffic

Overview Check Point Firewall CIFS service group may allow unintended traffic to pass through the firewall. Description Check Point Firewall contains a set of predefined service groups designed to handle different types of traffic associated with a service or collection of protocols. For instance...

Computer Associates BrightStor ARCserve Backup Discovery Service SERVICEPC vulnerable to buffer overflow

Overview The Computer Associates BrightStor ARCserve Backup Discovery Service contains a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. The ARCserve Backu...

VERITAS Backup Exec remote registry access validation vulnerability

Overview VERITAS Backup Exec contains a remote registry access validation vulnerability. Description VERITAS Backup Exec is a data backup and recovery solution with support for over the network backup.An access validation vulnerability in Backup Exec for Windows allows remote attackers to access...

Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling

Overview A vulnerability in some versions of Microsoft's Exchange Server may allow a remote attacker to execute arbitrary code on an affected server. Description Microsoft's Exchange Server supports a number of protocols for handling email, including the Simple Mail Transfer Protocol SMTP and SMT...

Microsoft DHTML Drag-and-Drop events insufficiently validated

Overview Microsoft DHTML Drag-and-Drop events can manipulate windows to copy objects from one domain to another, including the Local Machine Zone. This vulnerability could allow an attacker to write arbitrary files to the local file system. Description Microsoft Drag-and-Drop events do not proper...

SquirrelMail vulnerable to command injection because of flawed input checking in S/MIME plug-in

Overview SquirrelMail contains a flaw in its S/MIME plug-in certificate handling routines which may allow arbitrary code to be remotely executed. Description From the SquirrelMail web page:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for...

Apple iTunes fails to properly handle overly long URLs in playlists

Overview A buffer overflow vulnerability in iTunes could allow a remote attacker to execute arbitrary code. Description Apple iTunes is a digital media player available for the Microsoft Windows and Mac OS X operating systems. It supports a variety of playlist formats including .m3u and .pls. A...

LibTIFF vulnerable to denial-of-service condition

Overview An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition. Description LibTIFF is a library used to encode and decode images in Tag Image File Format TIFF format. An integer overflow in the...

Sun Java Plug-in fails to restrict access to private Java packages

Overview There is a vulnerability in the Sun Java Plug-in that could allow a malicious Java applet to bypass restrictions for untrusted applets. Description The Java Plug-in is part of the Java 2 Runtime Environment JRE and establishes a framework for displaying Java applets within a web browser...

FreeBSD syscons fails to properly validate input in "CONS_SCRSHOT" ioctl

Overview The FreeBSD syscons CONSSCRSHOT ioctl does not sufficiently validate input for the function's arguments. This may cause the disclosure of arbitrary portions of kernel memory that may contain sensitive information. Description Syscons is the default console driver for FreeBSD. It provides...

Cisco IOS fails to properly handle malformed OSPF packets

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow remote attackers to conduct denial-of-service attacks on an affected device. Description Open Shortest Path First OSPF is a routing protocol that provides a means for...

Microsoft Windows contains a vulnerability in the way the Windows Shell launches applications

Overview Microsoft Windows contains a remote code execution vulnerability in the way that the Windows Shell launches applications. An remote attacker could exploit this vulnerability to execute arbitrary code if they could trick a user into visiting a malicious website. Description Microsoft...

Microsoft Windows Task Scheduler Buffer Overflow

Overview Microsoft Windows Task Scheduler has a buffer overflow that may allow a remote or local intruder to execute arbitrary code. Description Microsoft Windows Task Scheduler Mstask.dll is a COM-based API ActiveX control that provides a scheduling service for executing arbitrary commands on a...

Apple Mac OS X "disk://" URI handler stores arbitrary files in a known location

Overview A vulnerability has been reported in the default "disk://" protocol handler installed on Apple Mac OS X systems. Remote attackers may potentially use this vulnerability to create files on the local system without explicit user consent. We have not independently verified the scope of this...

Multiple Symantec firewall products contain a buffer overflow in the processing of DNS resource records

Overview There is a buffer overflow vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted Domain Name Service DNS packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symantec offers a...

Microsoft MSN Messenger fails to properly validate file requests

Overview Microsoft MSN Messenger fails to properly validate file requests which could allow an attacker to view the contents of files on the victim's system. Description Microsoft MSN Messenger is an instant messaging application that allows users to collaborate with friends using text messages,...