WMI Object Broker ActiveX Control bypasses ActiveX security model

Overview The Microsoft WMI Object Broker ActiveX control bypasses the ActiveX security model, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software...

Computer Associates Discovery Service buffer overflow

Overview Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup, BrightStor...

AOL Nullsoft Winamp Lyrics3 heap buffer overflow

Overview AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description Lyrics3 is a system for embedding the lyrics inside an MP3 song file...

ADODB.Connection ActiveX control memory corruption vulnerability

Overview The Execute function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. Description Microsoft ADO ActiveX Data Objects are "...

Novell GroupWise Messenger fails to properly handle HTTP POST requests.

Overview Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition. Description Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sendin...

Microsoft Internet Explorer 7 may allow address bar spoofing

Overview Internet Explorer 7 may allow address bar spoofing in pop-up windows. This could let an attacker spoof the address of a web site. Description Internet Explorer 7 includes a new feature called "Address bar protection." This makes sure that every window, including pop-ups, will present an...

Wireshark contains an unspecified vulnerability in the SCSI dissector

Overview Wireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition. Description The SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.Wireshark states that Wireshark version...

X.Org fails to check for setuid failure on Linux systems

Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...

Wireshark SSCOP dissector fails to properly handle malformed packets

Overview Wireshark contains a vulnerability in the SSCOP dissector that may cause a denial of service condition. Description Wireshark contains a vulnerability in the Service-Specific Connection Oriented Protocol SSCOP dissector.Wireshark states that: If the SSCOP dissector has a port range...

Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser

Overview Wireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition. Description Wireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.Thi...

Opera Web Browser fails to properly process overly long URLs

Overview The Opera Web Browser fails to properly process overly long URLs. This vulnerability may allow arbitrary code execution. Description Opera is a multi-platform web browser that is available for a range of operating systems and embedded Internet products. Opera contains a heap buffer...

Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones

Overview Asterisk contains an integer overflow vulnerability. This vulnerability may allow an attacker to run arbitrary code. Description Asterisk is an open-source PBX software package that provides voicemail, three-way calling, and other features. Skinny Client Control Protocol SCCP is a...

Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection

Overview The Oracle CREATECHANGETABLE procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle CREATECHANGETABLE procedure fails to properly filter us...

Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...

IBM Lotus Notes sets insecure default permissions on program data

Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...

Oracle ENABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle ENABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle ENABLEHIERARCHYINTERNAL procedure fails to proper...

Oracle PREPARE_UNBOUNDED_VIEW procedure vulnerable to PL/SQL injection

Overview The Oracle PREPAREUNBOUNDEDVIEW procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle PREPAREUNBOUNDEDVIEW procedure fails to properly...

NVIDIA Display Driver for Unix systems vulnerable to buffer overflow

Overview A vulnerability in the NVIDIA Display Driver for Unix systems may allow a remote attacker to execute code on a vulnerable system. Description The NVIDIA Display Driver for Unix systems provides access to the display adapter's accelerated features on supported systems, and includes a modu...

Cisco products contain hard-coded SNMP values

Overview Certain versions of the Cisco IOS software have a hard-coded SNMP read-write community string that cannot be changed by an administrator. Description Some versions of the Cisco IOS have a hardcoded SNMP read-write community string. This community string is designed to ensure that...

Wireshark contains an unspecified vulnerability in the DHCP dissector

Overview Wireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. Description Wireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the...

Microsoft Word vulnerable to remote code execution

Overview A remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file. Description Microsoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file ...

Microsoft XML Core Services contain a buffer overflow in the XSLT component

Overview The XSLT component of the Microsoft XML Core Services contains a buffer overflow. An attacker may be able to use this vulnerability to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...

Trend Micro OfficeScan Management Console ActiveX control format string vulnerability

Overview The Trend Micro OfficeScan Management Console ActiveX control, AtxConsole, contains a format string vulnerability. This vulnerability may be exploited by an attacker to execute arbitrary code, or create a denial-of-service condition. Description Trend Micro's OfficeScan product includes ...

Microsoft Office fails to properly parse malformed Smart Tags

Overview A vulnerability in the way Microsoft Office parses files containing malformed Smart Tags may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted Smart Tags. According to Microsoft Security...

Microsoft Server Service fails to properly handle network messages

Overview A vulnerability in the way Microsoft Server Service handles network messages may lead to execution of arbitrary code. Description Microsoft Server Service provides support for Remote Proceedure Call RPC, resource sharing, and named pipe communication over the network. Microsoft Server...

Microsoft Office fails to properly parse malformed strings

Overview A vulnerability in the way Microsoft Office parses files with malformed strings may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted strings. According to Microsoft Security Bulletin...

Microsoft Office fails to properly parse malformed records

Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...

Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations

Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...

Microsoft Office fails to properly parse malformed chart records

Overview A vulnerability in the way Microsoft Office parses files containing malformed chart records may lead to execution of arbitrary code. Description Microsoft Office fails to properly handle malformed chart records. According to Microsoft Security Bulletin MS06-062:When Office opens a...

Symantec products fail to properly limit device driver access to kernel memory

Overview Certain device drivers included with Symantec products fail to properly verify address space within the "IOCTL" handlers. Description Symantec provides Anti-Virus and Internet Security products that are designed to protect users. According to Symantec Security Response SYM06-020:A...

Microsoft PowerPoint fails to properly handle malformed data records

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed data records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint...

Microsoft Excel fails to properly process malformed STYLE records

Overview Microsoft Excel contains a vulnerability in the handling of malformed STYLE records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

Microsoft Excel fails to properly process malformed DATETIME records

Overview Microsoft Excel contains a vulnerability in the handling of malformed DATETIME records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

Microsoft PowerPoint malformed record memory corruption

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...

Microsoft Excel fails to properly handle Lotus 1-2-3 files

Overview Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains an unspecified vulnerability that could be exploited when Exc...

Microsoft Excel fails to properly process malformed COLINFO records

Overview Microsoft Excel contains a vulnerability in the handling of malformed COLINFO records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

Microsoft Object Packager fails to properly display file types

Overview The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description According to Microsoft: Object Packager is a tool you can use to create a package that you ca...

Microsoft .NET Framework contains a cross-site scripting vulnerability

Overview The Microsoft .NET Framework contains a cross-site scripting vulnerability that may allow an attacker to read or modify data in web pages and cookies. Description The Microsoft .NET Framework is a managed code programming model for Microsoft Windows operating systems. Microsoft ASP.NET i...

Microsoft PowerPoint fails to properly handle malformed object pointers

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed object pointers, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoi...

AOL YGP Pic Downloader Plugin ActiveX control buffer overflow

Overview The AOL YGP Pic Downloader ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL YGP You've Got Pictures Pic Downloader ActiveX control is a component that comes...

AOL YGP Screensaver ActiveX control buffer overflow

Overview The AOL YGP Screensaver ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL YGP You've Got Pictures Screensaver ActiveX control is a component that comes with AO...

Skype for Mac contains a format string error in the handling of URI arguments

Overview Skype for Mac contains a format string vulnerability in the handling of URIs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Skype software provides telephone service over IP networks. There is a format string vulnerabilit...

Linksys WRT54G routers do not properly validate user credentials

Overview Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. Description The Linksys WRTG54G is a broadband router that has an integrated wireless access point and ethernet switch. The WRT54G router's configuration settings are controlled by a w...

McAfee HTTP Server vulnerable to buffer overflow

Overview A stack-based buffer overflow exists in the McAfee HTTP server that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The McAfee HTTP server NAISERV.exe is used in McAfee products, such as McAfee ePolicy Orchestrator and Protection Pilot. The McAfee HTTP...

OpenSSH fails to properly handle multiple identical blocks in a SSH packet

Overview OpenSSH fails to properly handle multiple identical blocks in a SSH packet. This vulnerability may cause a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol. OpenSSH includes a cyclic redundancy check CRC...

OpenSSH contains a race condition vulnerability

Overview A race condition vulnerability exists in the OpenSSH daemon. Successful exploitation of this vulnerability may result in a denial-of-service condition. Description OpenSSH is an open source client and server implementation of the Secure Shell SSH protocol.The OpenSSH server includes the...

Apple Mac OS X may allow network accounts to bypass service access controls

Overview Apple Mac OS X may allow network accounts to bypass service access controls. This vulnerability may allow remote users with a valid network account to bypass LoginWindow service access controls. Description Remote access to a system can be restricted by service access controls via...

Apple kernel exception handling vulnerability

Overview Apple Mac OS X may be vulnerable to privilege escalation via the Mach exception ports in the kernel. This vulnerability may allow a local user to execute arbitrary code with elevated privileges. Description Mach 3.0 is an open source microkernel used by Mac OS X that provides memory...