Microsoft Word fails to properly handle malformed strings

Overview A vulnerability in the way Microsoft Word handles malformed Word Document streams could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a memory corruption vulnerability that could be triggered when Word opens...

Microsoft Internet Explorer vulnerable to remote code execution

Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects, are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft...

Microsoft Step-by-Step Interactive Training contains a buffer overflow

Overview Microsoft Step-by-Step Interactive Training contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description Microsoft Step-by-Step Interactive Training is a training program developed by MIcrosoft. It is...

Microsoft MFC component vulnerable to remote code execution via malformed embedded OLE object

Overview A memory corruption vulnerability exists in the MFC component that is provided with Microsoft Windows and Visual Studio Description The Microsoft Foundation Class Library MFC, is a Microsoft library that wraps parts of the Windows API in C++ classes. MFC is included in Microsoft Visual...

Microsoft Windows fails to properly handle malformed OLE objects embedded in RTF documents

Overview A vulnerability in the way that Microsoft Windows handles OLE objects embedded within RTF documents may allow an attacker to execute arbitrary code. Description Microsoft Object Linking and Embedding OLE is a technology that allows applications to create and edit compound documents...

Microsoft RichEdit vulnerable to remote code execution via malformed embedded OLE object

Overview Microsoft's RichEdit contains a vulnerability that may allow an attacker to execute code. Description From Murray Sargent's MSDN blog:RichEdit 6.0 is a facility for getting plain/rich-text, single/multiline Unicode/ANSI edit controls and combo/list boxes in single world-wide binary that...

Microsoft HTML Help ActiveX control fails to properly validate input

Overview The Microsoft HTML Help ActiveX control fails to properly validate input, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The HTML Help Control HHCtrl Object is a Windows ActiveX control that provides the ability to view...

Aruba Mobility Controller vulnerable to privilege escalation

Overview The Aruba Mobility Controller Management Interface contains a privilege escalation vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in...

Aruba Mobility Controller Management Interface contains a buffer overflow

Overview The Aruba Mobility Controller Management Interface contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Aruba Mobility Controllers are used to process and control network traffic in a wireless network...

Microsoft Internet Explorer fails to properly instantiate COM objects

Overview A vulnerability in the way Microsoft Internet Explorer instantiates COM objects may lead to execution of arbitrary code. Description Component Object Model, or COM objects are used to enable interprocess communication and dynamic object creation within Microsoft Windows. Microsoft Intern...

Sun Solaris telnet authentication bypass vulnerability

Overview A vulnerability in the Sun Solaris telnet daemon in.telnetd could allow a remote attacker to log on to the system with elevated privileges. Description The Sun Solaris telnet daemon may accept authentication information via the USER environment variable. However, the daemon does not...

Trend Micro Anti-Rootkit Common Module fails to properly validate input

Overview A vulnerability exists in Trend Micro Anti-Rootkit Common Module that may allow a local attacker to gain elevated privileges. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro Anti-Rootkit Common Module is included with TrendMicro...

Trend Micro Anti-Rootkit Common Module fails to properly restrict access to the "\\.\TmComm" DOS device interface

Overview A vulnerability exists in Trend Micro's Anti-Rootkit Common Module that may allow a local attacker to gain elevated privileges. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro Anti-Rootkit Common Module is included with Trend Micro...

Trend Micro AntiVirus fails to properly process malformed UPX packed executables

Overview The Trend Micro AntiVirus scanning engine contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro virus scanning...

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

TWiki vulnerable to arbitrary code execution via CGI session files

Overview TWiki fails to protect the CGI session directory, which may allow an attacker to execute arbitrary code with the privileges of the web server. Description TWiki is a web-based collaborative publishing environment. TWiki creates CGI session files in the global /tmp directory, which is...

Samba AFS ACL mapping VFS plug-in format string vulnerability

Overview Samba AFS ACL mapping VFS plug-in contains a format string vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Samba AFS ACL mapping VFS plug-in fails to properly sanitize user-controlled file names that are used in ...

Microsoft Excel memory access vulnerability

Overview An unspecified vulnerability in Microsoft Excel may allow a remote attacker to execute arbitrary code. Description Microsoft Excel contains a vulnerability. According to Microsoft Security Bulletin MS07-015 The vulnerability is caused when Excel opens a specially crafted Excel file which...

IBM Tivoli Storage Manager Server vulnerable to buffer overflow

Overview A buffer overflow condition exists in the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code. Description The IBM Tivoli Storage Manager TSM is a remote backup...

IBM Tivoli Storage Manager vulnerable to a buffer overflow

Overview A buffer overflow condition exists in the IBM Tivoli Storage manager. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code. Description The IBM Tivoli Storage Manager TSM is a remote backup softwar...

IBM Tivoli Storage Manager SmExecuteWdsfSession( ) function vulnerable to buffer overflow

Overview A buffer overflow condition exists in certain login fields on the IBM Tivoli Storage manager server. If successfully exploited, this vulnerability would allow an attacker to cause a denial-of-service condition or possibly execute arbitrary code Description The IBM Tivoli Storage Manager...

Apple Airport Extreme fails to properly process 802.11 frames

Overview A vulnerability exists in the Apple AirPort Extreme wireless driver that may allow an attacker to crash a vulnerable system. Description The Apple AirPort Extreme adapter is an 802.11g compatible wireless adapter used in Apple OS X laptops and desktops. A flaw exists in the way AirPort...

Computer Associates BrightStor ARCserve Backup LGSERVER.EXE stack buffer overflow

Overview Computer Associates BrightStor ARCserve Backup contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EX...

Computer Associates BrightStor ARCserve Backup LGSERVER.EXE heap buffer overflow

Overview Computer Associates BrightStor ARCserve Backup contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Computer Associates BrightStor ARCserve Backup products come with a service called LGSERVER.EXE. Thi...

Sun Solaris fails to properly process ICMP packets

Overview Sun Solaris fails to properly handle ICMP packets, which may allow a remote, unauthenticated attacker to cause a denial of service. Description Sun Solaris 10 contains an unspecified error that can cause a system panic when handling a specially crafted ICMP packet. Note that Solaris 8 an...

PGP Desktop service fails to validate user supplied data

Overview PGP Desktop fails to properly validate objects passed into the PGP Desktop service. This vulnerability may allow a remote, authenticated attacker to execute arbitrary code. Description PGP Desktop versions prior to 9.5.1 fail to properly validate objects passed into the PGP Desktop servi...

Cisco IOS fails to properly handle Session Initiated Protocol packets

Overview Cisco devices that run IOS and support voice traffic fail to properly handle Session Initiated Protocol packets. Exploitation of this vulnerability may result in a denial-of-service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. According t...

Voice mail systems allow administrative access based on Caller ID

Overview Certain voice mail systems trust Calling Number Identification CNID, Caller ID to authenticate administrative access to voice mail accounts. Caller ID can be easily spoofed, allowing an attacker to gain control over a vulnerable voice mailbox. Description Some voice mail systems use Call...

Apple Mac OS X AFP server may disclose file and folder information in search results

Overview A vulnerability in the Apple Mac OS X AFP server may disclose file and folder items to unauthorized users. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files stored on a server. When file sharing is enabled, Apple's Mac OS X AFP server...

Microsoft Word 2000 stack buffer overflow

Overview A stack-based buffer overflow in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word 2000 fails to properly handle malformed documents allowing a stack-based buffer overflow to occur. It is possible that this vulnerability c...

Sun Solaris Kernel SSL Proxy service is vulnerable to a denial of service condition

Overview The Sun Solaris Kernel SSL Proxy service contains a flaw that may allow a remote attacker to cause a denial of service condition. Description Sun Solaris 10 operating system provides a module called the SSL Kernel Proxy to improve the performance of applications that do SSL packet...

Citrix Access Gateway appliances vulnerable to information disclosure

Overview A vulnerability exists in Citrix Access Gateway appliances that may allow an attacker to access data and compromise the system. Description Citrix Access Gateway products are universal SSL VPN appliances providing a secure, always-on, single point-of-access to an organization's...

Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow

Overview The Online Media Technologies NCTsoft NCTAudioFile2 ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies NCTsoft provides an ActiveX control...

Cisco IOS fails to properly process certain packets containing a crafted IP option

Overview Cisco IOS software contains a vulnerablity that may allow an attacker to execute arbitrary code or create a denial of service condition. Description Cisco IOS is an operating system that is used on Cisco network devices. The Internet Control Message Protocol ICMP is a protocol commonly...

Cisco IOS fails to properly process specially crafted IPv6 packets

Overview Cisco IOS fails to properly process IPv6 packets with specially crafted routing headers. Successful exploitation of this vulnerability may allow an attacker to execute code, or create a denial-of-service condition. Description Internet Protocol version 6 IPv6 is a IP standard that is...

Cisco IOS fails to properly process TCP packets

Overview The Cisco IOS Transmission Control Protocol listener contains a memory leak. Description Cisco IOS is an operating system that is used on Cisco network devices. The Cisco IOS software can run Transmission Control Protocol TCP servers that allow administrators to connect to the devices fo...

Adobe Acrobat allows pointer overwrite via specially crafted PDF file

Overview Adobe Acrobat and Adobe Reader fail to properly handle a specially crafted PDF file, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Adobe Acrobat and Adobe Reader are applications designed to create and view Portable Document Format PDF...

SAP Internet Graphics Service buffer overflow

Overview SAP Internet Graphics Service contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to SAP,The Internet Graphics Service IGS constitutes the infrastructure to enable the...

Mozilla products vulnerable to heap overflow via miscalculated size during conversion of an image

Overview A vulnerability exists in Mozilla products that may allow a remote attacker to execute arbitrary code or cause a denial of service. Description Mozilla products contain a vulnerability in the CSS cursor property on Microsoft Windows that may result in a crash when handling malicious...

Mozilla LiveConnect vulnerable to crash finalizing JS objects

Overview A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service. Description Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may...

Novell NetMail IMAP vulnerable to buffer overflow when processing command continuation requests

Overview A vulnerability in the way Novell Netmail handles IMAP command continuation requests may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell Netmail's IMAP server, imapd.exe, fails to properly check user input. A buffer overflow may occur when...

Mozilla JavaScript Engine multiple memory corruption vulnerabilities

Overview Several vulnerabilities exists in the Mozilla JavaScript Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla JavaScript Engine contains multiple vulnerabilities that may result in memory corruption. According to the Mozilla Foundation Securi...

Mozilla products vulnerable to privilege escalation via a JavaScript watch() function

Overview A vulnerability exists in Mozilla products that may allow a remote attacker to gain elevated privileges. Description Mozilla products contain a vulnerability in the way the JavaScript watch function is handled that may result in privilege escalation. According to the Mozilla Foundation...

Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI

Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...

Novell NetMail IMAP vulnerable to DoS when processing "APPEND" commands

Overview A vulnerability in the way Novell Netmail handles IMAP APPEND commands may allow a denial of service. Description Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the APPEND command. An attacker must login to an affected system...

Novell NetMail IMAP vulnerable to buffer overflow when processing "SUBSCRIBE" commands

Overview A vulnerability in the way Novell Netmail handles IMAP SUBSCRIBE commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell Netmail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the SUBSCRIBE...

Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSAQ package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSAQ package fails to properly sanitize user input.This ma...

Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands

Overview A vulnerability in the way Novell NetMail handles NMAP "STOR" commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell NetMail's implementation of the Network Messaging Application Protocol NMAP contains a buffer overflow that may occur...

Novell NetMail IMAP server vulnerable to buffer overflow when processing "APPEND" commands

Overview A vulnerability in the way Novell NetMail handles IMAP "APPEND" commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell NetMail's IMAP server contains a buffer overflow that may occur when processing parameters supplied to the "APPEND"...

Sun Microsystems Java GIF image processing buffer overflow

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...