iTunes m3u Playlist Overflow

Added: 07/03/2012 CVE: CVE-2012-0677 BID: 53933 OSVDB: 82897 Background iTunes is a free media player for multiple platforms. Problem iTunes does not properly validate parameters for EXTINF: directives in m3u files. This results in an exploitable stack overflow. Resolution Upgrade to iTunes 10.6....

Microsoft XML Core Services memory corruption

Added: 06/27/2012 CVE: CVE-2012-1889 BID: 53934 OSVDB: 82873 Background Microsoft XML Core Services allows developers to create XML-based applications. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page, which causes MSXML to access a...

Microsoft .NET Framework Memory Access Vulnerability

Added: 06/18/2012 CVE: CVE-2012-1855 BID: 53861 OSVDB: 82859 Background The .NET Framework is a software framework for Microsoft Windows. It includes a large class library that provides user interface, data access, database connectivity, cryptography, web application development, numeric...

GIMP Script-Fu Server Buffer Overflow

Added: 06/11/2012 CVE: CVE-2012-2763 BID: 53741 OSVDB: 82429 Background The GNU Image Manipulation Program GIMP is free software for tasks such as photo retouching, image composition, and image authoring. Problem The vulnerability is due improper boundary checking within the Script-Fu server...

IBM Lotus Quickr QP2 ActiveX Overflow

Added: 05/31/2012 CVE: CVE-2012-2176 BID: 53678 OSVDB: 82166 Background IBM Lotus Quickr is a team collaboration solution that provides teams with a data repository, and interfaces with Lotus Notes, Sametime, Symphony, and more. Problem The Lotus Quickr client installs several ActiveX controls on...

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

Sunway ForceControl SNMP NetDBServer Data Chunk Copy Buffer Overflow

Added: 02/22/2012 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

HP Diagnostics Server magentservice.exe Integer Wrap

Added: 01/26/2012 CVE: CVE-2011-4789 BID: 51398 OSVDB: 78309 Background HP Diagnostics software monitors application transaction health in traditional, virtualized and cloud environments. Problem A vulnerability exists in the way the magentservice.exe service handles network requests. Subtraction...

Plone Zope SAXutils Command Execution

Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...

Novell iPrint Client ActiveX Control GetDriverSettings Stack Overflow

Added: 12/23/2011 CVE: CVE-2011-3173 BID: 50367 OSVDB: 76631 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the ActiveX contr...

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

Novell ZENworks LaunchHelp.dll ActiveX Control LaunchProcess Code Execution

Added: 11/14/2011 CVE: CVE-2011-2657 BID: 50274 OSVDB: 76700 Background Novell ZENworks Configuration Management is an IT desktop computer management suite that provides the ability to install, configure and administer desktop computers from a centralized location. The product is based on a...

Netzip Classic ZIP file parsing buffer overflow

Added: 11/04/2011 BID: 46059 Background Netzip Classic is a Windows utility for downloading and decompressing files. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted ZIP file and double-clicks on the file contained in it. Resolution Do not use...

Sunway ForceControl SNMP NetDBServer Signed Integer Buffer Overflow

Added: 09/29/2011 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

Microsoft Internet Explorer Time Element Memory Corruption

Added: 09/06/2011 CVE: CVE-2011-1255 BID: 48206 OSVDB: 72947 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. The HTML+Time Timed Interactive Multimedia Extensions helps to add timed, animated, multimedia content to HTML documents. Problem...

Oracle Java Runtime Environment Insecure File Loading

Added: 08/08/2011 OSVDB: 74330 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java...

Oracle Warehouse Builder SQL Injection

Added: 08/01/2011 CVE: CVE-2011-0799 BID: 47431 OSVDB: 71956 Background Oracle Warehouse Builder OWB is an ETL tool produced by Oracle that offers a graphical environment to build, manage and maintain data integration processes in business intelligence systems. Problem A SQL injection vulnerabili...

Mozilla Firefox nsTreeRange Use After Free

Added: 07/27/2011 CVE: CVE-2011-0073 BID: 47663 OSVDB: 72087 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem Mozilla Firefox and SeaMonkey are prone to a remote code execution vulnerability caused by accessing previously...

Microsoft Excel Data Validation Record Parsing Overflow

Added: 06/15/2011 CVE: CVE-2011-0105 BID: 47256 OSVDB: 71765 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Excel 2002 versions lacking the patch detailed in Microsoft Security Advisory...

Internet Explorer HTML+TIME element OuterText memory corruption

Added: 12/16/2010 CVE: CVE-2010-3346 BID: 45261 OSVDB: 69829 Background The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages. Problem A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a...

Oracle Secure Backup Administration preauth variable command injection

Added: 12/06/2010 CVE: CVE-2010-0906 BID: 41597 OSVDB: 67128 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A vulnerability in the Administration server allows remote, authenticated attackers to execute arbitrary commands which are...

Microsoft Excel Drawing Exception Handling vulnerability

Added: 12/01/2010 CVE: CVE-2010-3335 BID: 44659 OSVDB: 69087 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A use-after-free vulnerability during exception handling in Microsoft Office allows comman...

Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow

Added: 11/08/2010 CVE: CVE-2010-3655 BID: 44516 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the Shockwave plug-in...

RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution

Added: 10/22/2010 CVE: CVE-2010-3747 BID: 44144 OSVDB: 68673 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem CDDA cdda:// is a protocol used to locate media files on Compact Disc Digital Audio...

RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution

Added: 10/22/2010 CVE: CVE-2010-3747 BID: 44144 OSVDB: 68673 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem CDDA cdda:// is a protocol used to locate media files on Compact Disc Digital Audio...

HP Data Protector Express DtbClsLogin function buffer overflow

Added: 10/07/2010 CVE: CVE-2010-3007 BID: 43105 OSVDB: 67973 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute...

Sun Java System Web Server WebDAV OPTIONS request buffer overflow

Added: 02/05/2010 CVE: CVE-2010-0361 BID: 37874 OSVDB: 61851 Background Sun Java System Web Server is a web application server. WebDAV Web-based Distributed Authoring and Versioning is an extension to the HTTP protocol which allows users to edit web server content. Problem A buffer overflow...

Adobe Flash Player authplay.dll vulnerability

Added: 08/26/2009 CVE: CVE-2009-1862 BID: 35759 OSVDB: 56282 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A vulnerability in authplay.dll in Adobe Flash Player allows command execution when a user opens a specially crafted...

Visual Studio Active Template Library object type mismatch vulnerability

Added: 08/24/2009 CVE: CVE-2009-2494 BID: 35982 OSVDB: 56910 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

Visual Studio Active Template Library uninitialized object

Added: 07/30/2009 CVE: CVE-2009-0901 BID: 35832 OSVDB: 56696 Background Microsoft Visual Studio is a product to assist with software development in the Windows operating system. Visual Studio uses Microsoft Active Template Library ATL, which is a set of template-based C++ classes, to help simplif...

Mozilla Firefox JIT Escape Function Memory Corruption

Added: 07/13/2009 CVE: CVE-2009-2477 BID: 35660 OSVDB: 55846 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption vulnerability in Mozilla Firefox in the way it handles JIT escape function calls allows arbitrary code injection and...

Microsoft PowerPoint Legacy Format Scheme record buffer overflow

Added: 06/26/2009 CVE: CVE-2009-0226 BID: 34881 OSVDB: 54385 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem A buffer overflow vulnerability in Microsoft PowerPoint allows command execution when a user opens a PowerPoint 4.0 stream...

Novell GroupWise Internet Agent e-mail address buffer overflow

Added: 06/05/2009 CVE: CVE-2009-1636 BID: 35064 OSVDB: 54645 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability allows a remote attacker to execute arbitrary commands by sending a message containing a specially crafted e-mail address ...

Windows GDI Privilege Elevation

Added: 05/25/2009 CVE: CVE-2006-5758 BID: 20940 OSVDB: 30214 Background The Graphics Rendering Engine in Microsoft Windows 2000 and Windows XP maps GDI Kernel structures on a global shared memory section that is created with insecure permissions. Problem Users with local access can remap the shar...

Adobe Reader Javascript API spell.customDictonaryOpen memory corruption

Added: 05/12/2009 CVE: CVE-2009-1493 BID: 34740 OSVDB: 54129 Background Adobe Reader is free software for viewing PDF documents. Problem A memory corruption vulnerability in the Javascript API in Adobe Reader allows command execution when a user opens a specially crafted PDF file which calls the...

Windows SMB credential reflection vulnerability

Added: 05/07/2009 CVE: CVE-2008-4037 BID: 7385 OSVDB: 49736 Background The Server Message Block SMB.aspx protocol is a file sharing protocol implemented in Microsoft Windows. NTLM is a challenge/response-based authentication protocol. Problem An NTLM credential reflection vulnerability allows a...

Symantec Alert Management System Intel File Transfer service command execution

Added: 05/06/2009 CVE: CVE-2009-1431 BID: 34675 OSVDB: 54160 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. The Intel File Transfer service is a component of AMS2 which is used to aid communication between the core server and managed clients. It...

Microsoft WordPad Word97 text converter buffer overflow

Added: 04/23/2009 CVE: CVE-2009-0235 BID: 34470 OSVDB: 53664 Background The Microsoft WordPad Word 97 text converter allows Windows users who do not have Microsoft Word to open Word 97 files. Problem A buffer overflow vulnerability in the Word 97 text converter allows command execution when a use...

HP OpenView Network Node Manager OvOSLocale cookie buffer overflow

Added: 03/26/2009 CVE: CVE-2009-0920 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted OvOSLocale cookie in an...

Citect SCADA ODBC Service Overflow

Added: 03/10/2009 CVE: CVE-2008-2639 BID: 29634 OSVDB: 46105 Background The CitectSCADA and CitectFacilities applications include ODBC server capabilities to provide remote SQL access to a relational database. The ODBC Server component listens on port 20222/tcp by default. Problem A buffer overfl...

Adobe Reader JBIG2 image stream buffer overflow

Added: 02/27/2009 CVE: CVE-2009-0658 BID: 33751 OSVDB: 52073 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file containing a special...

Adobe Acrobat util.printf JavaScript function buffer overflow

Added: 11/10/2008 CVE: CVE-2008-2992 BID: 30035 OSVDB: 49520 Background Adobe Acrobat is software for creating PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the util.printf JavaScript function with a specially crafted form...

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

Autodesk LiveUpdate ActiveX control ApplyPatch method vulnerability

Added: 10/06/2008 CVE: CVE-2008-4472 BID: 31490 OSVDB: 49047 Background Autodesk is a suite of architectural design software products. Problem The ApplyPatch method in the LiveUpdate ActiveX control allows a web page to execute arbitrary files on the system. Remote command execution is possible b...

DATAC RealWin SCADA Server FC_INFOTAG/SET_CONTROL buffer overflow

Added: 10/03/2008 CVE: CVE-2008-4322 BID: 31418 OSVDB: 48606 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a...

Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow

Added: 05/19/2008 CVE: CVE-2008-0660 BID: 27576 OSVDB: 41073 Background Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product. Problem A buffer overflow vulnerability in Facebook PhotoUploader allows comma...

HP Openview Network Node Manager ovwparser.dll buffer overflow

Added: 04/14/2008 CVE: CVE-2008-1697 BID: 28569 OSVDB: 43992 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A vulnerability in ovwparser.dll allows remote attackers to execute arbitrary commands by sending a request for a long,...

Microsoft Excel rtAFDesc record invalid pointer access

Added: 01/17/2008 CVE: CVE-2008-0081 BID: 27305 OSVDB: 40344 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem Microsoft Excel references an uninitialized pointer if a spreadsheet contains an improperly placed...

Samba lsa_io_trans_names buffer overflow

Added: 12/24/2007 CVE: CVE-2007-2446 BID: 24195 OSVDB: 34699 Background Samba is a software package which implements the SMB protocol on a variety of platforms, providing compatibility with Windows systems. Problem A vulnerability in the LSA RPC interface allows a remote attacker to execute...

Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability

Added: 08/17/2007 CVE: CVE-2007-2216 BID: 25289 OSVDB: 36396 Background The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients. Problem The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code...