Microsoft Help and Support Center contains buffer overflow in code used to handle HCP protocol

Overview There is a buffer overflow in the Microsoft Help and Support Center that could permit an attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Help and Support Center is a facility within WIndows to provide product help and documentation. Among other things...

Microsoft Windows ListBox and ComboBox controls vulnerable to buffer overflow when supplied crafted Windows message

Overview There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls that could allow an attacker to execute arbitrary code with privileges of the process hosting the controls. Description Processes that run on Windows use messages in order to interact...

Buffer overflow in Microsoft Messenger Service

Overview There is a buffer overflow in the Microsoft Windows Messenger service that could allow an attacker to execute arbitrary code on most recent versions of Microsoft Windows. Description There is a buffer overflow vulnerability in the Microsoft Windows Messenger service. This could allow an...

Microsoft Exchange Server fails to properly handle specially crafted SMTP extended verb requests

Overview Microsoft Exchange fails to handle certain SMTP extended verbs correctly. In Exchange 5.5, this can lead to a denial-of-service condition. In Exchange 2000, this could permit an attacker to run arbitrary code. Description Microsoft Exchange is a popular collaboration product which includ...

Microsoft Authenticode mechanism installs ActiveX controls without prompting user

Overview A vulnerability in Microsoft's Authenticode could allow a remote attacker to install an untrusted ActiveX control on the victim's system. Description According to Microsoft Security Bulletin MS03-041:ActiveX is a technology that allows programmers to develop self-contained software modul...

Microsoft Outlook Web Access (OWA) contains cross-site scripting vulnerability in the "Compose New Message" form

Overview There is a cross-site scripting vulnerability in Microsoft Outlook Web Access. Description The "Compose New Message" form of the Outlook Web Access OWA component of Microsoft Exchange 5.5 contains a cross-site scripting vulnerability. For more information about cross-site scripting...

Microsoft Windows DCOM/RPC vulnerability

Overview A vulnerability exists in Microsoft Windows DCOM/RPC that can be exploited to cause a denial of service. It may be possible for an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows Remote Procedure Call RPC "... is a powerful, robust, efficient, and...

Microsoft Windows fails to properly validate buffer size of incoming SMB packets

Overview Microsoft's implementation of Server Message Block SMB contains a buffer overflow vulnerability that could permit a remote attacker to execute arbitrary code or cause a denial of service. Description SMB and the Common Internet File System CIFS are closely related protocols used sharing...

Hummingbird CyberDOCS vulnerable to SQL injection

Overview Hummingbird CyberDOCS contains an SQL injection vulnerability that could allow a remote attacker to execute SQL commands. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on Windows NT/2000 using SQL database technology. Th...

Hummingbird CyberDOCS sets insecure permissions on script source code files

Overview Hummingbird CyberDOCS running on Microsoft Internet Information Services IIS sets insecure permissions on script source code files. A remote attacker could read the contents of unprotected files. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document manageme...

Hummingbird CyberDOCS error page discloses web server installation path

Overview Hummingbird CyberDOCS contains a vulnerability that could allow a remote attacker to learn the installation path of the web server. This information could be used to support further attacks. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management...

Hummingbird CyberDOCS contains multiple cross-site scripting vulnerabilities

Overview Hummingbird CyberDOCS contains cross site scripting vulnerabilities that could allow an attacker to obtain sensitive information and possibly impersonate legitimate users. Description Hummingbird CyberDOCS Hummingbird DM is a web-based enterprise document management solution that runs on...

CGI.pm vulnerable to Cross-site Scripting

Overview A vulnerability in the Common Gateway Interface CGI Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system. Description The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers su...

Microsoft Internet Explorer fails to properly handle Dynamic HTML (DHTML) behaviors in restricted zones

Overview Microsoft Internet Explorer contains a logic error in the way that it handles DHTML. This error makes it possible to move content from the less trusted Restricted zone into the Internet zone. This vulnerability permits an attacker to execute arbitrary code in the context of the Internet...

Microsoft Windows Media Player fails to properly launch URLs based on Dynamic HTML (DHTML) behaviors

Overview Microsoft Windows Media Player WMP permits the embedding of URLs into media files. When launching an embedded URL, a logic error in the WMP URL handling makes it possible to move from a less trusted domain zone into the local computer zone. This vulnerability permits an attacker to execu...

SSH Communications Secure Shell vulnerable to DoS via malformed BER/DER packet

Overview SSH Communications' Secure Shell contains vulnerabilities in ASN.1 libraries that may allow remote attackers to cause a denial-of-service situation, or potentially execute arbitrary code on the server. Description SSH Communications' Secure Shell contains a vulnerability in the decoding ...

Multiple vulnerabilities in SSL/TLS implementations

Overview Multiple vulnerabilities exist in different vendors' SSL/TLS implementations. The impacts of these vulnerabilities include remote execution of arbitrary code, denial of service, and disclosure of sensitive information. Description The U.K. National Infrastructure Security Co-ordination...

OpenSSL accepts unsolicited client certificate messages

Overview OpenSSL accepts unsolicited client certificate messages. This could allow an attacker to exploit underlying vulnerabilities in client certificate handling. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general-purpos...

OpenSSL contains integer overflow handling ASN.1 tags (2)

Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...

OpenSSL contains integer overflow handling ASN.1 tags (1)

Overview A vulnerability in the way OpenSSL handles ASN.1 tags could allow a remote attacker to cause a denial of service. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general purpose cryptographic library. SSL and TLS are...

OpenSSL does not securely handle invalid public key when configured to ignore errors

Overview A vulnerability in the way OpenSSL handles invalid public keys in client certificate messages could allow a remote attacker to cause a denial of service. This vulnerability requires as a precondition that an application is configured to ignore public key decoding errors, which is typical...

OpenSSL ASN.1 parser insecure memory deallocation

Overview A vulnerability in the way OpenSSL deallocates memory used to store ASN.1 structures could allow a remote attacker to execute arbitrary code with the privileges of the process using the OpenSSL library. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer...

Solaris libc getopt(3) contains buffer overflow

Overview Solaris libc getopt3 contains a buffer overflow vulnerability. Please note the date of this report: 1/27/1997. This does not affect current versions of Solaris. Description From :A buffer overflow condition exists in the getopt3 routine in Solaris libc. By supplying an invalid option and...

Portable OpenSSH server PAM conversion stack corruption

Overview There is a vulnerability in the Portable OpenSSH server that may corrupt the PAM conversion stack. Description The Portable OpenSSH server contains a vulnerability that may permit an attacker to corrupt the PAM conversion stack. Versions 3.7p1 and 3.7.1p1 are affected. Note that the...

OpenSSH PAM challenge authentication failure

Overview There is a vulnerability in the challenge authentication code of the Portable OpenSSH server when using the SSHv1 protocol and Pluggable Authentication Modules PAM. This vulnerability could permit a remote attacker to log in to the system as any user, including potentially root, without...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "APPE" command

Overview It has been reported that a vulnerability exists in the processing of a "APPE" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command

Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

Sun Solstice AdminSuite ships with insecure default configuration

Overview The sadmind service provided on many Solaris and SunOS systems ships with an insecure default configuration that allows remote users to execute arbitrary commands with superuser root privileges. Description The Sun Microsystems Solstice AdminSuite is a graphical tool that allows Solaris...

Sendmail contains buffer overflow in ruleset parsing

Overview Sendmail contains a buffer overflow vulnerability in the code that parses rulesets. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system.This vulnerability does not affect the default configuration. Description...

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...

Sendmail prescan() buffer overflow vulnerability

Overview Sendmail contains a buffer overflow vulnerability in code that parses email addresses. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Sendmail is a widely used mail transfer agent MTA. There is a...

OpenSSH contains buffer management errors

Overview Versions of the OpenSSH server prior to 3.7.1 contain buffer management errors. While the full impact of these vulnerabilities are unclear, they may lead to memory corruption and a denial-of-service situation. Description Versions of OpenSSH prior to 3.7.1 contain errors in the general...

Microsoft Visual Basic for Applications (VBA) does not adequately validate document properties

Overview Microsoft Visual Basic for Applications VBA contains a buffer overflow when validating document properties. This vulnerability could allow an attacker to execute arbitrary code with the privileges of the user running VBA. Description From Microsoft Security Bulletin MS03-037:Microsoft VB...

MySQL fails to validate length of password field

Overview A vulnerability in MySQL could permit a malicious user to execute arbitrary code on the system. Description MySQL is a database system. MySQL contains a buffer overflow vulnerability in the processing of the password field of the MySQL database, specifically "SET PASSWORD". A malicious...

Microsoft Windows RPCSS Service contains heap overflow in DCOM request filename handling

Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...

Microsoft Windows RPCSS Service contains heap overflow in DCOM activation routines

Overview There is a remote buffer overflow in many versions of Microsoft Windows that allows attackers to execute arbitrary code with system privileges. Description The Microsoft RPCSS Service is responsible for managing Remote Procedure Call RPC messages and is enabled by default on many version...

Microsoft Access Snapshot Viewer vulnerable to buffer overflow when validating parameters

Overview A remotely exploitable vulnerability exists in the Microsoft Access Snapshot Viewer ActiveX control. Exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the local system with the privileges of the current user. Description According to Microsoft'...

RealNetworks media server RTSP protocol parser buffer overflow

Overview RealNetworks Helix Universal Server 9 media servers contain a buffer overflow in a RTSP protocol parser. Earlier versions of their media servers are also affected: RealSystem Server 7, 8, and RealServer G2. Description RealNetworks Helix Universal Server 9 media server is software which...

pam_smb module contains remote buffer overflow

Overview The pamsmb module contains a remotely exploitable buffer overflow vulnerability. This module is used to authenticate users using an external Server Message Block SMB server. A remote attacker may be able to exploit this vulnerability to run arbitrary commands on the system. Description T...

Microsoft Windows BR549.DLL ActiveX control contains vulnerability

Overview The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. Description Microsoft Security Bulletin MS03-032 briefly describes a vulnerability in the BR549.DLL...

Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems

Overview Certain versions of Microsoft Internet Explorer IE that support double-byte character sets DBCS contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. Description...

Microsoft Internet Explorer does not properly render input type tag

Overview Microsoft Internet Explorer IE does not properly render an input type tag, allowing a remote attacker to cause a denial of service. Description Microsoft Security Bulletin MS03-032 briefly describes ...a flaw in the way Internet Explorer renders Web pages that could cause the browser or...

Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element

Overview Microsoft Internet Explorer IE will execute an HTML Application HTA referenced by the DATA attribute of an OBJECT element if the Content-Type header returned by the web server is set to "application/hta". An attacker could exploit this vulnerability to execute arbitrary code with the...

Sendmail fails to appropriately initialize data structures for DNS maps

Overview There is an uninitialized data structure in sendmail 8.12.x rrdomain = smstrduphost; \t\tif rr-rrdomain == NULL \t\t A fix for this condition was made in sendmail 8.12.9 in March 2003, but it was not known to be a security issue at that time. --- Impact A remote attacker may be able to...

Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers

Overview A cross-domain scripting vulnerability exists in the way Microsoft Internet Explorer IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different...

Cisco Secure PIX Firewall TCP Reset Vulnerability

Overview A vulnerability in Cisco's Secure PIX Firewall may allow a remote attacker to reset arbitrary TCP sessions. Description Cisco describes the Secure PIX Firewall as, "an easy-to-install, integrated hardware/software firewall appliance". A vulnerability in the Secure PIX Firewall may allow ...

SGI IRIX contains buffer overflow vulnerability in "cpr" program

Overview A vulnerability in cpr may allow a local attacker execute arbitrary code. Description SGI describes cpr as follows:IRIX Checkpoint and Restart CPR offers a set of user-transparent software management tools, allowing system administrators, operators, and users with suitable privileges to...

Nokia Gateway GPRS support node vulnerable to DoS

Overview A vulnerability in the Nokia Gateway GPRS support node GGSN may allow a remote attacker to cause a denial of service. Description A vulnerability in the GGSN may allow a remote attacker to restart the device. For technical details, please see the @stake Security Advisory Nokia GGSN IP650...

HP-UX "passwd" utility may corrupt password file

Overview The HP-UX "passwd" utility contains a denial-of-service vulnerability. Description The HP-UX "passwd" utility is used to make changes to a user's authentication credentials. A vulnerability in "passwd" may allow a local attacker to corrupt the password file. --- Impact An attacker may be...

Sun ONE/iPlanet Web Server vulnerable to DoS

Overview A vulnerability in the SunOne/iPlanet Web Server may allow a remote attacker to cause a denial of service. Description The SunOne/iPlanet Web Server contains a vulnerability which may allow a remote attacker to disrupt the normal operation of the web server. This vulnerability is only...