Microsoft Internet Explorer data binding memory corruption vulnerability

Overview Microsoft Internet Explorer contains an invalid pointer vulnerability in its data binding code, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains an invalid pointer vulnerability in its da...

Microsoft WordPad Text Converter vulnerable to remote code execution

Overview The WordPad Text Converter for Word 97 files included in some versions of Windows contains an unspecified error which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft WordPad is a text editor included by default with the...

Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search

Overview Microsoft Windows Vista and Server 2008 contain a memory corruption vulnerability when saving a specially crafted search file. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description In Windows Vista and Server 2008,...

Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow

Overview The Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Linksys WVC54GC wireless video camera provides an ActiveX control called...

Linksys WVC54GC wireless video camera vulnerable to information disclosure

Overview The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a...

RealFlex RealWin buffer overflow

Overview RealFlex RealWin demo version contains a vulnerability in the way "FCINFOTAG/SETCONTROL" packets are processed. Description RealFlex RealWin is SCADA server software that includes a Human Machine Interface HMI componant and runs on Microsoft Windows 2000 or XP. The demo version of RealWi...

SSH CBC vulnerability

Overview A vulnerability exists in SSH messages that employ CBC mode that may allow an attacker to recover plaintext from a block of ciphertext. Description The Secure Shell SSH is a network protocol that creates a secure channel between two networked devices in order to allow data to be exchange...

PHPCow file inclusion vulnerability

Overview Older versions of PHPCow contain a file inclusion vulnerability that could allow an attacker to take control of a vulnerable application. Description PHPCow is a content management system that uses PHP. Older versions of PHP contain a file inclusion vulnerability. We are aware of reports...

Trend Micro ServerProtect contains multiple vulnerabilities

Overview Trend Micro ServerProtect contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description Trend Micro ServerProtect is designed to detect and remove viruses from files...

SAP AG SAPgui MDrmSap ActiveX control code execution vulnerability

Overview The MDrmSap ActiveX control, which is provide with the SAP AG SAPgui software, contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SAPgui is a graphical user interface client for SAP software. One of the...

Adobe Reader and Acrobat util.printf() JavaScript function stack buffer overflow

Overview Adobe Reader and Acrobat contain a stack buffer overflow in the util.printf JavaScript function, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Adobe Reader is software designed to view Portable Document Format PDF files...

Automated Solutions Modbus TCP Slave ActiveX Control Vulnerability

Overview Automated Solutions Modbus TCP Slave ActiveX Control contains a vulnerability that may allow a remote attacker to execute arbitrary code or cause a denial-of-service. Description Automated Solutions Modbus TCP Slave ActiveX Control fails to properly process malformed "Modbus" requests to...

libspf2 DNS TXT record parsing buffer overflow

Overview libspf2 contains a buffer overflow vulnerability in code that parses DNS TXT records. Description libspf2 is a widely-deployed implementation of the Sender Policy Framework. According to RFC 4408: An SPF record is a DNS Resource Record RR that declares which hosts are, and are not,...

Microsoft Server service RPC stack buffer overflow vulnerability

Overview A stack buffer overflow vulnerability in the Microsoft Windows Server service may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description MS08-067 includes the following information about the Microsoft Server service:The Server service...

Microsoft Windows Internet Printing Protocol service integer overflow

Overview The Microsoft Windows Internet Printing Protocol IPP service contains an integer overflow vulnerability, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Description IPP is an IP-based network protocol that allows remote printing and printer management...

Husdawg, LLC Systems Requirements Lab ActiveX control and Java applet vulnerable to arbitrary code download and execution

Overview The Husdawg, LLC. System Requirements Lab ActiveX control and Java applet allow an unauthenticated remote attacker to download and execute arbitrary code. Description Husdawg, LLC. provides an ActiveX control and signed Java Applet that are used for benchmarking the capabilities of a PC...

Gear Software CD DVD Filter driver privilege escalation vulnerability

Overview The Gear Software CD DVD Filter driver contains a privilege escalation vulnerability, which can allow an attacker to gain SYSTEM privileges. Description Gear Software provides a driver called CD DVD Filter, which is provided by GEARAspiWDM.sys. This driver is used by multiple CD/DVD...

iseemedia / Roxio / MGI Software LPViewer ActiveX control stack buffer overflows

Overview The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The iseemedia LPViewer ActiveX control, which is provided by the file LPControl.dll, is a...

libpng off-by-one vulnerability

Overview A vulnerability exists in libpng that may allow a remote attacker to cause a denial of service. Description A vulnerability in the way libpng handles files that contain multiple zTXt chunks may cause a denial of service. This vulnerability is due to an off-by-one error introduced in the...

IPv6 implementations insecurely update Forwarding Information Base

Overview A vulnerability in some implementations of the IPv6 Neighbor Discovery Protocol may allow a nearby attacker to intercept traffic or cause congested links to become overloaded. Description IPv6 networks use the Neighbor Discovery Protocol NDP to detect and locate routers and other on-link...

ABB PCU400 vulnerable to buffer overflow

Overview ABB PCU400 contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The ABB PCU400 application serves as a communication gateway between RTUs that use the IEC-870-5-104 protocol and the SCADA server. The...

InstallShield Update Service Agent ActiveX control memory corruption

Overview The InstallShield Update Service ActiveX control contains a memory corruption vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The InstallShield Update Service contains an ActiveX control called Update Service...

LANDesk QIP service buffer overflow vulnerability

Overview The LANDesk Management Suite Intel QIP service contains a buffer overflow vulnerability. Description The LANDesk Intel QIP Server Service is used to configure policy management. The Intel QIP service allows LANDesk Agents to report status and make certain software requests. A buffer...

Apple Mac OS X file sharing allows authenticated remote access to files and directories

Overview Apple Mac OS X Leopard does not accurately reflect which files and directories are available via sharing. Description Apple Mac OS X Leopard 10.5.x allows files and directories to be shared via a "Shared Folders" feature. OS X lists the folders that are shared using this feature, however...

InstallShield / Macrovision / Acresso FLEXnet Connect insecurely retrieves and executes scripts

Overview Acresso FLEXnet Connect executes scripts that are insecurely retrieved from a remote web server, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Acresso FLEXnet Connect is a software package that allows vendors to provide...

TWiki command execution vulnerability

Overview The TWiki wiki software fails to validate input passed to certain URLs. By accessing a URL containing the TWiki configuration script, an attacker may be able to read arbitrary files. Description TWiki is a wiki that is runs in the context of the Apache web server. TWiki is installed by...

Windows Media Encoder WMEX.DLL ActiveX Control buffer overflow

Overview The WMEX.DLL ActiveX control, which is installed by Windows Media Encoder 9 Series, contains a buffer overflow vulnerability. Description According to Microsoft, the Windows Media Encoder is a tool used to capture audio and video content using Windows Media. The WMEX.DLL ActiveX control...

NetBSD malformed ICMPv6 MLD-QUERY denial of service

Overview NetBSD fails to properly handle ICMPv6 MLD query packets, which can allow a remote, unauthenticated attacker to cause a denial of service. Description ICMPv6, which is defined in RFC 4443, is a version of the ICMP protocol for IPv6. Multicast Listener Discovery MLD for IPv6, which is...

Google SAML Single Sign on vulnerability

Overview The SAML Single Sign-On SSO Service for Google Apps contained a vulnerability that could have allowed an attacker to gain access to a user's Google account. Description The Security Assertion Markup Language SAML is a standard for transmitting authentication data between two or more...

SoftArtisans XFile FileManager ActiveX control stack buffer overflows

Overview The SoftArtisans XFile FileManager ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SoftArtisans XFile is an ActiveX file transfer application. The XFile FileManager...

Apache Tomcat UTF8 Directory Traversal Vulnerability

Overview Apache Tomcat contains a vulnerability that may allow directory traversal. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat contains a vulnerability in the way malformed requests are handled. According to the Apache...

Postfix local privilege escalation

Overview The Postfix MTA contains a local privilege escalation vulnerability. Description Postfix is an mail transport agent MTA that is used by several Unix-like operating systems. Symbolic links and hard links are types of files that reference other files. Unlike hard links, symbolic links can...

Intrinsic Swimage Encore does not securely manage login credentials

Overview Intrinsic Swimage Encore has an unencrypted, hardcoded, default password that could allow an attacker access to protected data. Description Intrinsic Swimage Encore automates remote desktop, server, and device deployment. This product includes both a server and a client solution. The...

Cisco WebEx Meeting Manager WebexUCFObject ActiveX Control stack buffer overflow

Overview The WebexUCFObject ActiveX control, which comes with Cisco WebEx Meeting Manager, contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Cisco WebEx is an online meeting and collaboration software...

Microsoft Color Management System (MSCMS) module remote code execution

Overview The Microsoft Color Management System MSCMS module for the Microsoft ICM component is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to Microsoft, the Microsoft...

Apache mod_proxy_ftp XSS vulnerability

Overview The Apache web server modproxyftp module contains a cross-site scripting XSS vulnerability. Description The Apache modproxyftp module allows the Apache web server to act as a proxy for FTP sites. Filename globbing is the process of using wildcards to match filenames. The modproxyftp modu...

Oracle Weblogic Apache connector vulnerable to buffer overflow

Overview Oracle Weblogic formerly BEA Weblogic contains a vulnerability which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle Weblogic Server and Weblogic Express applicaiton servers can be integrated with the Apache webserver usin...

RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability

Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...

RealPlayer file deletion overflow vulnerability

Overview RealPlayer contains a buffer overflow vulnerability that may allow an attacker to execute code on a vulnerable system. Description RealPlayer media player that is distributed by RealNetworks. RealPlayer supports streaming and local media. Per the Zero Day Initiative advisory ZDI-08-046:...

NetApp Data ONTAP contains multiple vulnerabilities

Overview NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Description NetApp Data ONTAP contains multiple undisclosed vulnerabilities. --- Impact A remote,...

BlackBerry Attachment Service PDF distiller vulnerable to arbitrary code execution

Overview The PDF Distiller service that is provided with BlackBerry Enterprise Server contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The BlackBerry Attachment Service is a component of the BlackBerry...

Mozilla Firefox command line URI handling vulnerability

Overview Mozilla Firefox contains a vulnerability that may allow an attacker to bypass security restrictions by opening specially crafted URIs using the Firefox command line interface. Description Mozilla Firefox can process URIs from its command line interface that can be accessed by users or...

Multiple DNS implementations vulnerable to cache poisoning

Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Description The Domain Name System DNS is responsible for translating host names to IP addresses and vice versa and is critical for the normal operation of internet-connected systems...

Microsoft Office Snapshot Viewer ActiveX control race condition

Overview The Microsoft Office Snapshot Viewer ActiveX control contains a race condition, which can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations. Description Microsoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. Snapshot...

Mozilla Firefox code execution vulnerability

Overview Mozilla Firefox versions prior to 2.0.0.15 contain a vulnerability that may allow an attacker to execute code. Description Versions of Mozilla Firefox prior to 2.0.0.15 contain a buffer overflow vulnerability. Browsers such as SeaMonkey and Epiphany that use Mozilla's rendering engine ma...

Apple Safari contains a memory corruption issue in the handling of JavaScript arrays by WebKit

Overview The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple Security Update 2008-004:A memory corruption issue exists in WebKit's handling of JavaScript arrays...

Microsoft Internet Explorer fails to properly restrict access to frames

Overview Microsoft Internet Explorer fails to properly restrict access to a document's frames, which may allow an attacker to modify the contents of frames in a different domain. Description Frames in HTML documents are subdivisions of the current window. The most common use of frames in web page...

Microsoft Internet Explorer 6 contains a cross-domain vulnerability

Overview Microsoft Internet Explorer 6 is vulnerable to a cross-domain scripting violation, which can allow a remote, unauthenticated attacker to access the content of a web page in a different domain. Description IE uses a cross-domain security model to maintain separation between browser frames...

Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"

Overview The "viewfile" command provided by Caucho Resin contains a cross-site scripting XSS vulnerability in the "file" parameter. Description Caucho Resin is a Java-based application server. The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file"...

Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method

Overview Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes...