Apple Safari automatically executes downloaded files based on Internet Explorer zone settings

Overview Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple Safari is a web browser that is available for OS X and Microsoft Windows platforms. Apple...

GnuTLS Client Hello repeat Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages...

Citrix Presentation Server heap based buffer overflow

Overview A heap-based buffer overflow in Citrix Presentation Server may allow a remote attacker to execute arbitrary code on an vulnerable system in the context of the system user. Description Citrix Presentation Server is an application delivery system providing access to users accross a network...

Microsoft DirectX SAMI parsing buffer overflow

Overview Microsoft DirectX is vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming...

Microsoft Windows Vista privilege escalation vulnerability

Overview Microsoft Windows Vista contains a local privilege escalation vulnerability. Description The Windows Advanced Local Procedure Call ALPC does not properly evaluate certain conditions in legacy reply paths.Per Microsoft Security Bulletin MS07-066: An elevation of privilege vulnerability...

Apple QuickTime heap buffer overflow vulnerability

Overview Apple QuickTime contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple QuickTime is a media player that includes a browser plugin. Color table atoms can set a list of preferred colors for displaying movieson...

Mozilla-based browsers jar: URI cross-site scripting vulnerability

Overview Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks. Description The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar...

Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to methods

Overview The Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to dangerous methods, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented a...

GIMP integer overflow vulnerability

Overview GIMP contains a vulnerability that may allow a remote attacker to execute code, or create a denial-of-service condition. Description The Photoshop Document PSD format is the native file format used by Adobe Photoshop. The GNU Image Manipulation Program GIMP can open and manipulate .psd...

Apple QuickTime fails to properly handle malformed movie files

Overview Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote...

Apple WebKit frame rendering memory corruption vulnerability

Overview The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X...

Microsoft Windows Secure Channel integer underflow

Overview A vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code. Description Microsoft Windows Secure Channel Schannel security package implements standard network authentication protocols Secure Sockets Layer SSL and Transport Layer Security...

Research In Motion TeamOn Import Object ActiveX control buffer overflow

Overview The Research In Motion TeamOn Import Object ActiveX control contains a buffer overflow, which could allow an attacker to execute arbitrary code on a vulnerable system. Description The Research In Motion TeamOn Import Object is an ActiveX control, which is provided by the file TOImport.dl...

Apple AFP Client privilege escalation vulnerability

Overview The Apple File Protocol AFP Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges. Description The Apple File Protocol service allows Apple Mac OS clients to access files remotely...

The Wizz RSS Reader chrome access vulnerability

Overview The Wizz RSS Reader contains a vulnerability that may allow an attacker to take any action that Mozlla Firefox can. Description The Mozilla Firefox user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window...

Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk images

Overview A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service. Description Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file...

Microsoft Word fails to properly handle malformed strings

Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...

Microsoft Word 2000 stack buffer overflow

Overview A stack-based buffer overflow in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word 2000 fails to properly handle malformed documents allowing a stack-based buffer overflow to occur. It is possible that this vulnerability c...

Apple Mac OS X AFP server may disclose file and folder information in search results

Overview A vulnerability in the Apple Mac OS X AFP server may disclose file and folder items to unauthorized users. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files stored on a server. When file sharing is enabled, Apple's Mac OS X AFP server...

Citrix Access Gateway appliances vulnerable to information disclosure

Overview A vulnerability exists in Citrix Access Gateway appliances that may allow an attacker to access data and compromise the system. Description Citrix Access Gateway products are universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's...

Mozilla products vulnerable to heap overflow via miscalculated size during conversion of an image

Overview A vulnerability exists in Mozilla products that may allow a remote attacker to execute arbitrary code or cause a denial of service. Description Mozilla products contain a vulnerability in the CSS cursor property on Microsoft Windows that may result in a crash when handling malicious...

Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI

Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...

Apple Mac OS X UFS filesystem integer overflow vulnerability

Overview There is an integer overflow in the ffsmountfs function, which is used by Apple's OS X operating system to handle UFS disc images. Description Unix File System UFS is a file system used by Unix and other similar operating systems. Apple OS X supports UFS, partitions, and images. There is...

Microsoft Excel fails to properly process a malformed Column record

Overview Microsoft Excel contains a memory corruption vulnerability that could enable an attacker to exectue arbitrary code and gain complete control of the vulnerable system. Description Microsoft Excel fails to properly handle malformed Column records. When an Excel file is opened, Excel does n...

Apple QuickTime RTSP buffer overflow

Overview Apple QuickTime may allow remote arbitrary code to be executed via a long src parameter in RTSP URL strings. Description A vulnerability exists in the way Apple QuickTime handles specially crafted Real Time Streaming Protocol RTSP URL strings. An attacker may be able to craft a QTL file ...

Microsoft Remote Installation Service Writable Path Vulnerability

Overview A vulnerability in the way Microsoft Remote Installation Service handles TFTP may allow a remote, unauthorized attacker to create or overwrite arbitrary operating system files. Description Microsoft Remote Installation Service contains a vulnerability in the way that it provides TFTP...

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...

Computer Associates BrightStor ARCserve Backup Tape Engine fails to properly handle RPC requests

Overview A vulnerability exists in the Computer Associates BrightStor ARCserve Backup Tape Engine. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with...

Microsoft Workstation Service fails to properly parse malformed network messages

Overview A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code. Description Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted...

Microsoft DirectAnimation Path ActiveX control Spline method integer overflow

Overview A vulnerability in the Microsoft DirectAnimation ActiveX controls may allow a remote attacker to execute arbitrary code on an affected system. Description Microsoft's DirectAnimation is a suite of development functionality, predating Microsoft DirectX, that provides animation support for...

Computer Associates Discovery Service buffer overflow

Overview Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup, BrightStor...

IBM Lotus Notes sets insecure default permissions on program data

Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...

Microsoft XML Core Services contain a buffer overflow in the XSLT component

Overview The XSLT component of the Microsoft XML Core Services contains a buffer overflow. An attacker may be able to use this vulnerability to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...

Trend Micro OfficeScan Management Console ActiveX control format string vulnerability

Overview The Trend Micro OfficeScan Management Console ActiveX control, AtxConsole, contains a format string vulnerability. This vulnerability may be exploited by an attacker to execute arbitrary code, or create a denial-of-service condition. Description Trend Micro's OfficeScan product includes ...

Microsoft Office fails to properly parse malformed chart records

Overview A vulnerability in the way Microsoft Office parses files containing malformed chart records may lead to execution of arbitrary code. Description Microsoft Office fails to properly handle malformed chart records. According to Microsoft Security Bulletin MS06-062:When Office opens a...

Microsoft Excel fails to properly process malformed STYLE records

Overview Microsoft Excel contains a vulnerability in the handling of malformed STYLE records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

Microsoft Excel fails to properly process malformed DATETIME records

Overview Microsoft Excel contains a vulnerability in the handling of malformed DATETIME records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

VMware ESX Server management interface logs passwords in cleartext in a world-readable file

Overview Certain versions of VMware ESX Server store passwords in a cleartext file that all users have read permissions to. Description Per the VMware ESX Server datasheet:ESX Server installs directly on the server hardware, or “bare metal,” and inserts a robust virtualization layer between the...

Apple Mac OS X bootpd vulnerable to stack-based buffer overflow

Overview A buffer overflow vulnerability in the Apple Mac OS X bootp daemon may allow an attacker to execute arbitrary code on an affected system. Description bootpd The bootp daemon bootpd is used to send clients network and IP address configuration settings. It can also work in combination with...

Samba fails to properly handle multiple share connection requests

Overview There is a vulnerability in the smbd process which may allow an attacker to create a denial of service condition. Description Samba Samba is an open-source implementation of SMB/CIFS file and print services. It is frequently included in UNIX and Linux distributions and is typically used...

Microsoft PowerPoint does not properly handle malformed shapes

Overview Microsoft PowerPoint contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens a specially crafted document. Accordin...

Microsoft Office fails to properly handle PNG images

Overview Microsoft Office applications fail to properly handle PNG images. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office applications fail to properly parse PNG images. When an Office document containing a malformed P...

Microsoft Office string parsing vulnerability

Overview Microsoft Office fails to properly parse strings. This vulnerability could allow a remote attacker to execute arbitrary code. Description Microsoft Office applications fail to properly parse strings. When an Office document containing malformed string is opened with an Office application...

Microsoft JScript memory corruption vulnerability

Overview Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft JScript According to Microsoft Security Bulletin MS06-023: JScript is the Microsoft...

Microsoft Internet Explorer UTF-8 decoding vulnerability

Overview Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Unicode The Unicode character set contains more than 96,000 characters. Because of this, Unicode can be...

WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate key exchange algorithm strings

Overview The WeOnlyDo! Software wodSSHServer ActiveX component fails to properly validate the length of key exchange algorithm strings. This may allow a remote, unauthenticated attacker to execute arbitrary code. Description wodSSHServerActiveX component According to the wodSSHServer ActiveX...

Symantec VERITAS NetBackup contains a buffer overflow vulnerability in the Sharepoint Services daemon

Overview The Symantec VERITAS NetBackup Volume Manager daemon contains a buffer overflow vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The Sharepoint Services...

Apple Mail buffer overflow vulnerability

Overview Apple Mail contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple Mail Mac OS X includes the Mail application Mail.app for handling electronic mail. The Problem Apple Mail contains a buffer overflow caused by lack o...

Microsoft Office routing slip buffer overflow

Overview Microsoft Office contains a buffer overflow in the parsing of routing slips, which may allow an attacker to execute arbitrary code on a vulnerable system. Description Routing slips According to Microsoft Security Bulletin MS06-012: Microsoft Office applications have the ability to add a...

Apple QuickTime fails to properly handle corrupt media files

Overview Apple QuickTime contains a heap overflow vulnerability in the handling of media files which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows...