Microsoft Word malformed data structure vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word fails to properly handle malformed data structures allowing memory corruption to occur. This vulnerability can be triggered by opening a specially crafte...

Cisco Security Agent Management Center vulnerable to authentication bypass

Overview Cisco Security Agent Management Center CSAMC may be vulnerable to authentication bypass when configured to use an external Lightweight Directory Access Protocol LDAP server for authentication. Description Cisco Security Agent Management Center CSAMC is a component of the CiscoWorks VPN...

Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles

Overview Windows Media Player does not properly handle malformed Windows Media Metafiles. This vulnerability may allow a remote attacker to execute arbitrary code or crash Windows Media Player. Description Windows Media Player WMP is a multimedia application that comes with Microsoft Windows...

Madwifi wireless driver buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the Madwifi wireless driver. If successfully exploited, an attacker may be able to execute arbitrary code, or cause a denial-of-service condition. Description The Madwifi driver is a Linux kernel device driver for Atheros-based 802.11 a/b/g...

Adobe Download Manager buffer overflow

Overview Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition. Description Adobe Download Manager ADM ADM is a utility that Adobe...

The Ipswitch IMail Server is vulnerable to a buffer overflow

Overview The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Ipswitch Security Advisory 20061101:A vulnerability that allowed remote...

Microsoft Word malformed string vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. It is possible that the vulnerability can be exploited by...

Microsoft Windows Print Spooler service fails to properly handle RPC requests

Overview The Microsoft Windows Print Spooler fails to properly handle malformed RPC requests. This vulnerability may allow a remote attacker to cause a denial-of-service condition. Description The Microsoft Print Spooler service manages printing operations on a system. The Print Spooler service...

Google Mini and Google Search Appliance vulnerable to cross-site scripting

Overview Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs. This vulnerability may allow a remote attacker to read or modify data in web pages. Description Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs, possibly allowing a remo...

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...

Autonomy Ultraseek default configuration does not adequately restrict in-document highlighting

Overview A vulnerability exists in the Ultraseek /highlight/index.html script. Successful exploitation of this vulnerability may allow an attacker to enumerate and access content from non-public servers or execute cross-site scripting attacks. Description Ultraseek is a search engine used on...

Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available

Overview Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available. This vulnerability may allow traffic to be weakly encrypted. Description Secure Transport refers to Apple’s implementation of SSL and TLS that is used by Mac OS X to create secure connections...

Apple Mac OS X ftpd may allow arbitrary users to determine account name validity

Overview Apple Mac OS X ftpd may allow arbitrary users to determine account name validity. This vulnerability may reveal protected information or allow an attacker to cause a denial-of-service condition. Description According to Apple Security Update 2006-007:When attempting to authenticate a val...

Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI

Overview Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Description According to Apple Security Update 2006-007:By enticing a user to access a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands ...

Apple AirPort driver fails to properly handle probe response frames

Overview A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Description Apple Airport products are 802.11b and 802.11g compatible wireless devices that are produced by Apple. Airport...

Wireshark contains an unspecified vulnerability in the XOT dissector

Overview Wireshark contains a vulnerability in the XOT dissector that may cause the application to crash. Description Wireshark contains a vulnerability in the XOT dissector that may allow the application to allocate a large amount of memory and cause the application to crash. This vulnerability...

Apple Mac OS X Apple Type Services server fails to securely create error log files

Overview The Apple Mac OS X Apple Type Services server insecurely creates error log files, which may allow a local attacker to overwrite or create files with system privileges. Description Apple Mac OS X Apple Type Services server fails to securely create error log files. A local attacker may be...

Apple Mac OS X Apple Type Services server contains multiple buffer overflows

Overview The Apple Mac OS X Apple Type Services server contains multiple buffer overflow vulnerabilities. These vulnerabilities may allow a local attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X Apple Type Services server fails to properly validate service...

Newtone ImageKit ActiveX buffer overflow vulnerabilities

Overview The Newtone ImageKit ActiveX controls contain several buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Newtone ImageKit is a set of ActiveX controls that provide image processing, scanning, a...

Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input

Overview The Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input to its methods. This could allow an attacker to cause the application using the ActiveX control to crash. Description Adobe Acrobat and Adobe Reader provide an ActiveX control to allow applications such as...

Apple Mac OS X WebKit deallocated object access vulnerability

Overview Apple Safari WebKit fails to properly deallocate objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X fo...

Apple Mac OS X PPP driver fails to properly validate PADI packets

Overview The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation PADI packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing...

Apple Mac OS X Finder fails to properly handle malformed .DS_Store files

Overview Apple Finder fails to properly handle malformed .DSStore files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description .DSStore files are hidden files used by Apple Finder to control the display of a folder and its contents.According to App...

Apple Type Services server font processing buffer overflow

Overview A stack-based buffer overflow in Apple Type Services server may allow attackers to execute arbitrary code. Description The Apple Type Services server fails to properly handle malformed font files possibly allowing a stack-based buffer overflow to occur. Note that according to Apple, font...

GNU gv buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the GNU gv viewer application. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description From the GNU gv website:GNU gv allows to view and navigate through...

NetGear wireless driver fails to properly process specially-crafted 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear WG311ND5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG311ND5.SYS driver is a wireless 802.11g device driv...

Computer Associates BrightStor ARCserve Backup Tape Engine fails to properly handle RPC requests

Overview A vulnerability exists in the Computer Associates BrightStor ARCserve Backup Tape Engine. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with...

Apple Mac OS X fails to properly handle corrupted DMG image structures

Overview Apple Mac OS X fails to properly handle corrupted DMG image structures. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. Description A vulnerability in the way Mac OS X com.apple.AppleDiskImageController handles...

NaviCOPA Web Server fails to properly handle certain HTTP requests

Overview A vulnerability exists in the NaviCOPA Web Server. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description NaviCOPA Web Server is an HTTP server that is available for multiple versions of Microsoft Windows including Windows 98, NT, 2000,...

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The MA521nd5.SYS driver is a wireless 802.11b device driv...

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability has been reported in the Netgear WG111v2.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG111v2.SYS driver is a wireless 802.11...

Sky Software FileView ActiveX control buffer overflow vulnerability

Overview The Sky Software FileView ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several...

Sky Software FileView ActiveX control allows arbitrary command execution via unsafe methods

Overview The Sky Software FileView ActiveX control contains unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several applications, such as...

Microsoft Workstation Service fails to properly parse malformed network messages

Overview A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code. Description Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted...

Microsoft Internet Explorer fails to properly interpret HTML with certain layout combinations

Overview A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages...

Microsoft DirectAnimation Path ActiveX control Spline method integer overflow

Overview A vulnerability in the Microsoft DirectAnimation ActiveX controls may allow a remote attacker to execute arbitrary code on an affected system. Description Microsoft's DirectAnimation is a suite of development functionality, predating Microsoft DirectX, that provides animation support for...

Broadcom wireless driver fails to properly process 802.11 probe response frames

Overview A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The BCMWL5.SYS driver is a wireless 802.11 device driver...

Microsoft Agent fails to properly handle specially crafted .ACF files

Overview Microsoft Agent fails to properly handle specially crafted .ACF files and may allow a remote attacker to execute arbitrary code. Description Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easie...

Citrix Access Gateway LDAP authentication bypass

Overview An error with LDAP authentication in Citrix Access Gateway appliances may allow an attacker to successfully authenticate without providing correct login credentials. Description Citrix Access Gateway appliances use SSL VPN technology to give remote users secure access shared resources...

Mozilla products contain several unspecified errors in the layout engine

Overview The Mozilla layout engine contains several unspecified vulnerabilities that may allow an attacker to execute arbitrary code or crash the vulnerable application. Description The Mozilla layout engine, also known as Gecko, is responsible for parsing HTML, XML, CSS, layout, and rendering...

Symantec Automated Support Assistant ActiveX control buffer overflow

Overview The Symantec Automated Support Assistant ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Symantec Automated Support Assistant control is an ActiveX control that comes with...

Mozilla products allow execution of arbitrary JavaScript

Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...

The Mozilla Network Security Services library fails to properly verify RSA signatures

Overview The Mozilla Network Security Services library fails to properly verify RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are...

Mozilla XML.prototype.hasOwnProperty() method memory corruption vulnerability

Overview Mozilla products fail to properly handle the XML.prototype.hasOwnProperty method. This vulnerability may allow a remote attacker execute arbitrary code. Description The ECMAScript for XML E4X Specification defines the XML.prototype.hasOwnProperty as a JavaScript method used to determine ...

Mozilla products vulnerable to memory corruption

Overview A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird...

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files

Overview A vulnerability in the way Clam AntiVirus processes Portable Executable PE files may lead to execution of arbitrary code. Description Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory:...

The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory

Overview The Red Hat Enterprise Linux 3 SMP Kernel may allow an authenticated attacker to cause a denial-of-service condition with specially crafted IPC shared-memory functions. Description Inter-Process Communication IPC shared-memory is a method of passing data between programs used by the Red...

Microsoft XML Core Services XMLHTTP ActiveX control vulnerability

Overview The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use applications such as...

Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities

Overview Multiple vulnerabilities exist in Computer Associates backup products. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...