Symantec RAR decompression library contains multiple heap overflows

Overview The Symantec RAR decompression library Dec2RAR.dll contains multiple heap buffer overflows. Using a specially crafted RAR archive, a remote attacker could execute arbitrary code or cause a denial of service. Description Symantec AntiVirus and other security products use a library to...

VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands

Overview The VMware NAT Service used in multiple VMware products contains a buffer overflow in the way it handles FTP PORT and EPRT commands. An attacker could execute arbitrary code with the privileges of the NAT service or cause a denial of service. Description VMware virtualization software...

MediaWiki fails to properly verify input passed to the user language option

Overview A vulnerability in some versions of MediaWiki may allow a remote attacker to execute code on a vulnerable wiki server. Description MediaWiki is a PHP-based software package that is used to run a wiki, a collaborative website that can be edited by any user or visitor. Some versions of the...

Perl contains an integer sign error in format string processing

Overview The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl. Description Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes...

Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities

Overview Programs written in Perl may contain many of the same types of format string vulnerabilities as programs written in C. Description Perl is a programming language used in many applications and commonly used for web applications. It provides many of the same functions for formatted I/O as ...

Sun Java Runtime Environment "reflection" API privilege elevation vulnerabilities

Overview Multiple vulnerabilities in the Sun Java Reflection API may allow an untrusted Java applet to bypass security restrictions and execute arbitrary code. Description The Sun Java Reflection API allows Java classes to determine information about other Java classes, such as public methods...

Sun Java Management Extensions privilege escalation vulnerability

Overview A vulnerability in the Sun Java Management Extensions API may allow a remote attacker to execute arbitrary code. Description According to Sun Microsystems:Java Management Extensions JMX technology provides the tools for building distributed, Web-based, modular and dynamic solutions for...

Sun Java Runtime Environment applet privilege escalation vulnerability

Overview The Sun Java Runtime Environment JRE may allow an untrusted Java applet to bypass Java security settings and execute arbitrary code. Description The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified...

Cisco PIX fails to verify TCP checksum

Overview Versions of Cisco PIX firewalls do not validate the checksum of transiting TCP packets. Attackers may be able to use this problem to create a sustained denial-of-service under certain conditions. Description Cisco PIX firewall systems are used to enforce site-specific network security...

Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects

Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...

IBM Tivoli Directory Server may allow unauthorized access

Overview IBM Tivoli Directory Server may allow unauthorized access to change, modify, and/or delete directory data under certain circumstances. Description The IBM Tivoli Directory Server product is described as:IBM Tivoli Directory Server provides a powerful Lightweight Directory Access Protocol...

Multiple vulnerabilities in Internet Key Exchange (IKE) version 1 implementations

Overview Numerous vulnerabilities have been reported in various Internet Key Exchange version 1 IKEv1 implementations. The impacts of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or cause an IKEv1 implementation to behave in an...

First4Internet CodeSupport ActiveX controls incorrectly marked 'safe for scripting'

Overview An ActiveX control used to uninstall XCP Digital Rights Management DRM software made by First 4 Internet and distributed on some Sony BMG audio CDs is marked "Safe for scripting" Description XCP Digital Rights Management DRM software by First 4 Internet, which is distributed by some Sony...

VERITAS NetBackup library buffer overflow vulnerability

Overview A buffer overflow in VERITAS NetBackup may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description According to Symantec/VERITAS:A vulnerability has been confirmed in the NetBackup Volume Manager daemon vmd. By sending a specially crafted...

Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file

Overview A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system. Description The Macromedia Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed...

Optimistic TCP acknowledgements can cause denial of service

Overview A vulnerability in the TCP congestion control mechanism could be leveraged by an attacker to cause a denial of service. Description The Transmission Control Protocol TCP is described in RFC 793 as a means to provide reliable host-to-host transmission in a packet-switched computer network...

Microsoft PKINIT smart card logon vulnerable to information disclosure and spoofing

Overview Microsoft PKINIT smart card authentication is vulnerable to an information disclosure flaw that may allow an attacker to spoof a trusted server. Description From the Microsoft PKINIT description: PKINIT is an Internet Engineering Task Force IETF Internet Draft for "Public Key Cryptograph...

Microsoft Windows buffer overflow in Enhanced Metafile rendering API

Overview Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition. Description Microsoft describes the Enhanced Metafile Format EMF as the following:An EMF image is a 32-bit format that can...

Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability

Overview Microsoft Windows Graphics Rendering Engine contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Graphics Rendering Engine supports a number of image formats including Windows Metafile WMF and...

Apple QuickTime PictureViewer PICT data decompression buffer overflow

Overview Apple QuickTime PictureViewer contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Apple's QuickTime Player is multimedia software that allows users to view local and remote audio/video content. PictureViewer is a...

Microsoft Windows vulnerable to buffer overflow via specially crafted WMF file

Overview Microsoft Windows may be vulnerable to remote code execution via a buffer overflow in the Windows Metafile image format handling. Description Windows Metafile WMF format images are metafiles that can contain both vector and bitmap-based information. Microsoft Windows contains routines fo...

Cisco IOS heap integrity checks are insufficient

Overview Cisco Internetwork Operating System IOS may allow a heap-based buffer overflow vulnerability to execute arbitrary code after bypassing heap integrity checks. Description Cisco IOS contains functionality for checking the integrity of the heap, which is a specific region in memory where da...

Cisco IPS MC Malformed Configuration Download Vulnerability

Overview Cisco Management Center for IPS Sensors IPS MC contains a vulnerability that may cause some IPS signatures to become unintentionally disabled. Description Cisco IOS IPSCisco IOS IPS Intrusion Prevention System is a feature for Cisco IOS devices that provides in-line intrusion prevention...

Skype URI handling routine contains a buffer overflow

Overview A buffer overflow in Skype may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. There is a buffer overflow in the routines that handle Skype-specific URIs callto:// or skype://. The buffer overflow may...

Skype VCARD handling routine contains a buffer overflow

Overview A buffer overflow in the way Skype handles imported VCARDs may allow a remote attacker to execute code on a vulnerable system. Description Skype software provides telephone service over IP networks. Skype fails to properly validate imported VCARDs, allowing a buffer overflow to occur. Th...

Skype vulnerable to heap-based buffer overflow

Overview A heap-based buffer overflow in Skype may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Skype software provides telephone service over IP networks. Skype contains a buffer overflow in a routine that parses incoming network traffic...

Oracle Application Server Web Cache vulnerability

Overview Oracle Applications Server Web Cache contains an unspecified information disclosure vulnerability. Description Oracle Applications Server Web Cache contains a vulnerability. The details of this vulnerability are not clear. However, Oracle states this issue can allow an attacker to easily...

Oracle Application Server SQL*ReportWriter vulnerability

Overview An unspecified vulnerability in the Oracle SQLReportWriter may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle SQLReportWriter is a component of the Oracle Application Server. There is an vulnerability in the Oracle...

Oracle Application Server Internet Directory vulnerability

Overview An unspecified vulnerability in the Oracle Internet Directory may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Internet Directory provides directory services, such as LDAP support, for the Oracle Application Server. There...

Oracle HTTP Server vulnerability

Overview An unspecified vulnerability in Oracle's HTTP Server Apache may allow a remote, unauthenticated attacker to compromise system confidentiality, integrity, and availability. Description Oracle Application Server and Database Server includes Apache as an HTTP server. There is an vulnerabili...

Oracle Human Resource Management System vulnerability

Overview An unspecified vulnerability in the Oracle Human Resource Management System HRMS may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description According to Oracle:The Oracle E-Business Suite Human Resources Management family of applications...

Oracle Database Server buffer overflow in Security Component

Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...

Oracle E-Business Suite Applications Utilities vulnerability

Overview An unspecified vulnerability in the Oracle Applications Utilities may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Utilities is a component of the Oracle E-Business Suite. There is an vulnerability in the...

Oracle E-Business Suite Applications Technology Stack vulnerability

Overview An unspecified vulnerability in the Oracle Applications Technology Stack may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Applications Technology Stack is a collection of Oracle products bundled with the Oracle E-Business...

Oracle Enterprise Manager Oracle Agent contains a buffer overflow

Overview Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description The Oracle Agent provides remote management services for Oracle Enterprise...

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The severity and impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the disclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exi...

Snort Back Orifice preprocessor buffer overflow

Overview A buffer overflow exists in the Snort Back Orifice preprocessor that may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description Snort is an open-source intrusion detection system IDS. A lack of validation on attacker-controlled...

UW-IMAP vulnerable to a buffer overflow

Overview UW-IMAP contains a buffer overflow vulnerability that may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system. Description The University of Washington IMAP Server UW-IMAP is an email server that uses the Internet Message Access Protocol lMAP. A lack o...

Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods

Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...

Microsoft Windows FTP client does not properly validate received file names

Overview An input validation error in the Microsoft Windows FTP Client may allow a remote attacker to write files to arbitrary locations and may allow the execution of arbitrary code. Description The Microsoft Windows FTP Client does not properly validate the names of received files. If a remote...

VERITAS NetBackup Java Administration Console contains a format string vulnerability in "bpjava-msvc"

Overview The VERITAS NetBackup Java Administration Console contains a format string vulnerability, which may allow an unauthenticated, remote attacker to execute arbitrary code with root or SYSTEM privileges. Description The Java Administration Console is an alternative administrative interface f...

Microsoft Distributed Transaction Coordinator vulnerable to buffer overflow via specially crafted network message

Overview Microsoft Distributed Transaction Coordinator MSDTC may be vulnerable to a flaw that allows remote unauthenticated attackers to execute arbitrary code. Description The Microsoft Distributed Transaction Coordinator MSDTC is described by Microsoft as "distributed transaction facility for...

Microsoft COM+ contains a memory management flaw

Overview Microsoft COM+ contains a vulnerability due to a memory management flaw that may allow an attacker to take complete control of an affected system. Description Microsoft gives the following definition of COM+: COM+ is the next step in the evolution of the Microsoft Component Object Model...

Microsoft Collaboration Data Objects buffer overflow

Overview A buffer overflow in Microsoft Collaboration Data Objects may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Collaboration Data Objects CDO is a scripting library used to develop applications that handle email. Note that C...

Microsoft DirectShow buffer overflow

Overview A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in...

Microsoft Plug and Play fails to properly validate user supplied data

Overview Microsoft Plug and Play contains a flaw in message buffer handling that may result in local or remote arbitrary code execution or a denial-of-service condition. Description The following is from the Microsoft Plug and Play description: Plug and Play PnP allows the operating system to...

Microsoft Windows Shell fails to handle shortcut files properly

Overview Microsoft Windows Shell does not properly handle some shortcut files and may permit arbitrary code execution when a specially-crafted file is opened. Description Microsoft Windows supports files that point to another file, called "shortcut" files. These files have the .lnk extension, and...

Symantec AntiVirus Scan Engine administrative interface contains a buffer overflow vulnerability

Overview Symantec AntiVirus Scan Engine administrative interface contains a remotely exploitatble buffer overflow that may allow an attacker to execute arbitrary code. Description The Symantec AntiVirus Scan Engine provides a programming interface to Symantec content scanning and virus detection...

Ruby safe-level security model bypass

Overview Ruby contains a vulnerability that may allow arbitrary code to be run without the intended safe-level checks being applied. Description Ruby is a object-oriented scripting language that supports execution of untrusted code with two mechanisms: taint flagging and safe levels. Safe levels...

Microsoft Jet Database Engine fails to properly validate Access database files

Overview A vulnerability in the Microsoft Jet database engine could allow a remote attacker to execute code of their choice on a vulnerable system. Description The Microsoft Jet Database Engine Jet provides data access functionality to a number of other Microsoft and many third party applications...