Consona (formerly SupportSoft) Intelligent Assistance Suite (IAS) cross-site scripting, ActiveX, and Repair Service vulnerabilities

Overview Consona formerly SupportSoft Intelligent Assistance Suite IAS contains a set of vulnerabilities that collectively could allow an attacker to execute arbitrary code on a remote system. Description In 2009, Consona acquired SupportSoft's enterprise software assets, including web-based...

GE Fanuc Proficy HMI/SCADA iFIX uses insecure authentication techniques

Overview Vulnerabilities in the way GE Fanuc iFIX handles authentication could allow a remote attacker to log on to the system with elevated privileges. Description GE Fanuc iFIX is SCADA client/server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows CE...

RIM BlackBerry Application Web Loader ActiveX stack buffer overflow

Overview The RIM BlackBerry Application Web Loader ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RIM BlackBerry Application Web Loader is an ActiveX control that is used to loa...

Trend Micro HouseCall ActiveX control notifyOnLoadNative() uses previously free'd memory

Overview The Trend Micro HouseCall ActiveX control contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Trend Micro HouseCall ActiveX control HousecallActiveX.dll contains a "use-after-free" vulnerability. Usi...

Microsoft WordPad Text Converter vulnerable to remote code execution

Overview The WordPad Text Converter for Word 97 files included in some versions of Windows contains an unspecified error which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft WordPad is a text editor included by default with the...

Linksys WVC54GC wireless video camera vulnerable to information disclosure

Overview The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a...

Trend Micro ServerProtect contains multiple vulnerabilities

Overview Trend Micro ServerProtect contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description Trend Micro ServerProtect is designed to detect and remove viruses from files...

HP Online Support Services ActiveX DownloadFile() arbitrary file download

Overview The HP Online Support Services ActiveX control contains a method called DownloadFile. This may allow a remote, unauthenticated attacker to download files to the location of the ActiveX control. Description HP Services provides online product support services including HP Instant Support...

Microsoft Office Project vulnerable to remote code execution via specially crafted Project file

Overview A vulnerability in the way Microsoft Office Project parses files may lead to execution of arbitrary code. Description Microsoft Office Project contains a vulnerability that could be exploited when Project attempts to parse specially crafted files. According to Microsoft Security Bulletin...

libarchive does not properly terminate loop

Overview libarchive contains a vulnerability that may allow an attacker to cause a denial of service. Description The libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an...

Canon digital multifunction copiers FTP bounce vulnerability

Overview Some models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack. Description From the Problems With The FTP PORT Command document:The FTP Bounce Attack To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destinati...

Liferay Portal Enterprise Admin User-Agent HTTP header XSS

Overview Liferay Portal contains a cross-site scripting vulnerability in the handling of the User-Agent HTTP header, which can allow a remote, authenticated attacker to gain administrative access. Description Liferay Portal is an enterprise portal solution that uses Java technologies. The...

Jetty fails to properly process URLs that contain double / characters

Overview The Jetty web server contains a vulnerability that may allow an attacker to access private files or directories. Description Jetty is a web server that is implemented in Java. Jetty contains a vulnerability in the way it processes URLs with multiple "/" slash characters. See the Jetty...

Squid remote denial-of-service vulnerability

Overview The Squid Proxy server contains a vulnerability that may allow an attacker to create a denial-of-service condition that affects the Squid server and systems that rely on it. Description Squid Proxy Cache is a caching proxy that supports the HTTP, HTTPS, and FTP protocols. Squid can also ...

SonicWall NetExtender NELaunchCtrl ActiveX control stack buffer overflow

Overview The SonicWall NetExtender NELaunchCtrl ActiveX control contains a stack buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX...

Microsoft Kodak Image Viewer code execution vulnerability

Overview The Kodak Image Viewer which is included in Windows 2000 contains a code execution vulnerability. Description The Kodak Image Viewer is included in Windows 2000. It may also be present on other versions of Windows that were upgraded from Windows 2000.Per Microsoft Security Bulletin...

VUPlayer malformed playlist buffer overflow

Overview VUPlayer fails to properly handle malformed playlists. This vulnerability may allow a remote attacker to execute arbitrary code. Description VUPlayer is a freeware audio player for the Microsoft Windows platform. It can play various types of media files, such as MP3s. A Playlist .PLS or...

Broderbund Expressit 3DGreetings Player ActiveX control buffer overflows

Overview The Broderbund Expressit 3DGreetings Player ActiveX control contains multiple buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The 3DGreetings Player is an ActiveX control that displays 3D greeting cards...

Microsoft Windows Vista Weather Gadget vulnerability

Overview The Windows Vista Weather gadget contains a vulnerability that may allow and attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to t...

IBM and Lenovo Access Support acpRunner ActiveX control format string vulnerability

Overview The IBM Lenovo Access Support acpRunner ActiveX control contains a format string vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

InterActual Player IAKey ActiveX control stack buffer overflow

Overview The InterActual Player IAKey ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...

VLC Media Player format string vulnerability

Overview VLC contains a format string vulnerability that may allow an attacker to execute code. Description VideoLAN VLC is a streaming media player that runs on multiple platforms. From VideoLAN Security Advisory 0702: VLC media player Ogg/Vorbis, Ogg/Theora, CDDA CD Digital Audio and SAP Servic...

Trend Micro ServerProtect SpntSvc buffer overflow vulnerability

Overview Trend Micro ServerProtect contains a buffer overflow vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Windows-based servers. The...

Microsoft Windows Agent fails to properly process crafted URLs

Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...

Apple CrashDump privilege escalation

Overview CrashReporter contains a privilege escalation vulnerability that may allow authenticated users to run commands as root. Description CrashReporter is a debugging facility in Apple OS X that logs information program crashes.CrashReporter contains a privilege escalation vulnerability. This...

Apple QuickTime QTIF stack buffer overflow

Overview A vulnerabilty in the way Apple QuickTime processes QTIF files may allow execution of arbitrary code. Description A vulnerability exists in the way Apple QuickTime handles specially crafted QuickTime Image QTIF files. According to Apple QuickTime 7.1.5 security document 305149:A stack...

Microsoft Step-by-Step Interactive Training contains a buffer overflow

Overview Microsoft Step-by-Step Interactive Training contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description Microsoft Step-by-Step Interactive Training is a training program developed by MIcrosoft. It is...

Intel network drivers privilege escalation vulnerability

Overview A buffer overflow vulnerability in Intel PRO Ethernet drivers may allow local attackers to execute code with elevated privileges. Description Intel network adapter drivers are developed and maintained by Intel for Windows and Linux operating systems. A buffer overflow vulnerability exist...

Microsoft Internet Explorer 7 may allow address bar spoofing

Overview Internet Explorer 7 may allow address bar spoofing in pop-up windows. This could let an attacker spoof the address of a web site. Description Internet Explorer 7 includes a new feature called "Address bar protection." This makes sure that every window, including pop-ups, will present an...

Oracle ENABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle ENABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle ENABLEHIERARCHYINTERNAL procedure fails to proper...

Apple Mac OS X may allow network accounts to bypass service access controls

Overview Apple Mac OS X may allow network accounts to bypass service access controls. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Description Remote access to a system can be restricted by service access controls via...

Apple AirPort wireless drivers fails to properly handle scan cache updates

Overview An heap buffer overflow exists in the Apple AirPort wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description Apple AirPort drivers contain a heap buffer overflow in the code that...

Symantec Veritas Backup Exec for Windows Server vulnerable to heap-based buffer overflow

Overview Symantec Veritas Backup Exec for Windows Server contains multiple heap-based buffer overflow vulnerabilities which can allow a remote, authenticated attacker to cause a denial of service or execute arbitrary code. Description VERITAS Backup Exec for Windows Server is a data backup and...

Apple Mac OS X AFP server vulnerable to an integer overflow when file sharing is enabled

Overview A vulnerability in Apple Mac OS X AFP server may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition on an affected system. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files from a server. Apple's M...

Microsoft Internet Explorer vulnerable to heap overflow via the HTML Help Control "Image" property

Overview The HTML Help ActiveX control contains a heap overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software components that can be...

WinSCP URI handlers fails to properly parse command line switches

Overview A vulnerability has been found in WinSCP, which can be exploited by an attacker to overwrite or add files to the victim's computer. Description WinSCP is an open source SFTP client for Microsoft windows. It supports a file-manager user interface, and uses the SSH protocol to transfer fil...

Microsoft DXImageTransform Light filter fails to validate input

Overview The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...

Secure Elements Class 5 AVR client fails to properly validate the size of EM_SET_CE_PARAMETER messages

Overview The Secure Elements Class 5 AVR client fails to properly handle the size of EMSETCEPARAMETER messages. This may allow an attacker to cause a buffer overflow and reveal process memory. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security...

Microsoft Word object pointer memory corruption vulnerability

Overview A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word. Description Microsoft Word contains a memory corruption vulnerability. According to Microsoft Security Bulletin MS06-027:When a user...

Mozilla CSS integer overflow vulnerability

Overview Mozilla products contain an integer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code. Description Cascading Style SheetsCSS is a mechanism for adding style to web documents. The problem Mozilla products contain an integer overflow in the CSS letter...

Microsoft Windows fails to properly handle COM objects

Overview Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft COM Microsoft COM is a technology that allows programmers to create reusable software components...

Research in Motion (RIM) BlackBerry Attachment Service does not properly handle PNG image files

Overview The Research in Motion RIM BlackBerry Attachment Service contains a vulnerability in the way the service handles PNG files. By causing the service to render a specially crafted PNG file and convincing a user to view the file on a BlackBerry Handheld device, an attacker could execute...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...

Symantec AntiVirus Scan Engine administrative interface contains a buffer overflow vulnerability

Overview Symantec AntiVirus Scan Engine administrative interface contains a remotely exploitatble buffer overflow that may allow an attacker to execute arbitrary code. Description The Symantec AntiVirus Scan Engine provides a programming interface to Symantec content scanning and virus detection...

Mozilla-based browsers contain a buffer overflow in handling URIs containing a malformed IDN hostname

Overview A vulnerability in the way Mozilla products and derivative programs handle certain malformed URIs could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products, including the Mozilla Suite, and Mozilla Firefox are vulnerable to a buffer...

Microsoft Windows Remote Desktop Protocol service input validation vulnerability

Overview An input validation error in the Microsoft Remote Desktop Protocol RDP service may allow a remote attacker to cause a denial-of-service condition. Description Microsoft describes the Remote Desktop Protocol RDP as follows.RDP is based on, and is an extension of, the T.120 protocol family...

RSA Authentication Agent for Web fails to properly validate input

Overview The RSA Authentication Agent for Web running on Microsoft Internet Information Services IIS does not properly validate input that is passed to the "postdata" parameter in "/WebID/IISWebAgentIF.dll" and may allow an attacker to execute code in a user's browser. Description RSA...

Apple Mac OS X with Bluetooth enabled may allow file exchange without prompting users

Overview Apple Mac OS X with Bluetooth support may unintentionally allow files to be exchanged with other systems by default. Description Mac OS X includes support for the Bluetooth networking protocol suite. Bluetooth is a communication technology that enables short-range communication between...

NotifyLink contains multiple SQL injection vulnerabilities

Overview There are multiple vulnerabilities in NotifyLink that allow unauthenticated remote users to view or modify the contents of the NotifyLink SQL database. Possible modifications include the addition of unauthorized user and administrator accounts. Description Notify Technology NotifyLink...

Microsoft Office XP contains buffer overflow vulnerability

Overview A buffer overflow in Microsoft Office XP may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office XP is vulnerable to a buffer overflow. According to MS05-005, the buffer overflow exists in the process that passes URL file locations to...