Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

Adobe Reader U3D Heap Overflow

Added: 12/21/2011 CVE: CVE-2011-2462 BID: 50922 OSVDB: 77529 Background Adobe Reader is free software for viewing PDF documents. Problem A heap memory corruption vulnerability exists in Adobe Acrobat Reader. The vulnerability is due to an input validation error while parsing Universal 3D U3D file...

Symantec Alert Management System AMSSendAlertAck Buffer Overflow

Added: 12/01/2011 CVE: CVE-2010-0110 BID: 45936 OSVDB: 72623 Background The Symantec Alert Management System 2 AMS2 is used by multiple Symantec products. It includes an Intel Alert Handler service hndlrsvc.exe. This service handles messages forwarded to it by the Alert Originator Manager...

Apple Safari libxslt File Create

Added: 10/24/2011 CVE: CVE-2011-1774 BID: 48840 OSVDB: 74017 Background Safari is a web browser for Mac OS X and Windows. Problem Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a...

RealNetworks RealPlayer QCP Parsing

Added: 09/12/2011 CVE: CVE-2011-2950 BID: 49172 OSVDB: 74549 Background RealPlayer is a media player application which can play back various multimedia file formats, including QCP audio files. The QCP file format is frequently used to provide ring tones and to record voice for cellular telephones...

QuickTime PICT PnSize Stack Overflow

Added: 08/29/2011 CVE: CVE-2011-0257 BID: 49144 OSVDB: 74687 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime versions prior to 7.7 are vulnerable to a stack overflow cause by improper validation of very large values in the the PnSize field of PICT...

Microsoft Excel SLK File Parsing Buffer Overflow

Added: 08/15/2011 CVE: CVE-2011-1276 BID: 48161 OSVDB: 72924 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem Microsoft Office Excel is vulnerable to remote code execution due to improper boundary...

IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

Added: 06/30/2011 CVE: CVE-2011-1213 BID: 48018 OSVDB: 72706 Background Lotus Notes is the client for Lotus Domino servers. Problem IBM Lotus Notes File Viewer is vulnerable to remote code execution as a result of a stack buffer overflow while parsing headers of LZH files. A remote, unauthenticat...

IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

Added: 06/30/2011 CVE: CVE-2011-1213 BID: 48018 OSVDB: 72706 Background Lotus Notes is the client for Lotus Domino servers. Problem IBM Lotus Notes File Viewer is vulnerable to remote code execution as a result of a stack buffer overflow while parsing headers of LZH files. A remote, unauthenticat...

7T Interactive Graphical SCADA System dc.exe Directory Traversal

Added: 06/03/2011 CVE: CVE-2011-1566 BID: 46936 OSVDB: 72349 Background 7-Technologies Interactive Graphical SCADA System IGSS is a Supervisory Control and Data Acquisition SCADA solution used mainly in Denmark and the US. Problem An input validation error in the Data Collector service dc.exe whe...

Internet Explorer HTML+TIME element OuterText memory corruption

Added: 12/16/2010 CVE: CVE-2010-3346 BID: 45261 OSVDB: 69829 Background The HTML+TIME component of Internet Explorer adds timing and media synchronization support to HTML pages. Problem A memory corruption vulnerability in the HTML+TIME component allows command execution when a user loads a...

Novell iPrint Client ActiveX Control GetDriverSettings buffer overflow

Added: 11/24/2010 CVE: CVE-2010-4321 BID: 44966 OSVDB: 69357 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Client ActiveX control named ienipp.ocx. Problem A buffer overflow vulnerability in the Novell iPrint...

DATAC RealWin SCADA Server SCPC_INITIALIZE buffer overflow

Added: 11/08/2010 CVE: CVE-2010-4142 BID: 44150 OSVDB: 68812 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

HP Data Protector Express DtbClsLogin function buffer overflow

Added: 10/07/2010 CVE: CVE-2010-3007 BID: 43105 OSVDB: 67973 Background HP Data Protector Express is a backup and recovery solution for single machines and small networks. Problem A buffer overflow vulnerability in dpwindtb.dll in the DtbClsLogin function allows remote attackers to execute...

Microsoft Windows Movie Maker MediaClipString Buffer Overflow

Added: 08/27/2010 CVE: CVE-2010-2564 BID: 42268 OSVDB: 66986 Background Windows Movie Maker is software for creating and editing home movies. Problem A buffer overflow vulnerability when parsing MediaClipString data allows command execution when a user opens a specially crafted .MSWMM file...

Informix Dynamic Server librpc.dll credentials length buffer overflow

Added: 06/10/2010 CVE: CVE-2009-2753 BID: 38471 OSVDB: 62783 Background Informix Dynamic Server is a database solution from IBM. It includes a portmapper service which listens for connections on port 36890/TCP and uses librpc.dll. Problem A buffer overflow vulnerability in librpc.dll allows remot...

Microsoft Visio DXF file insertion buffer overflow

Added: 05/07/2010 CVE: CVE-2010-1681 BID: 39836 Background Microsoft Visio is a component of the Microsoft Office suite which provides the capability to produce diagrams. Problem A buffer overflow vulnerability allows command execution when a user inserts a specially crafted DXF file into a Visio...

Nagios statuswml.cgi Command Injection

Added: 04/13/2010 CVE: CVE-2009-2288 BID: 35464 OSVDB: 55281 Background Nagios is a network host and service monitoring and management system. Problem The Nagios statuswml.cgi script passes unsanitized data to the ping and traceroute commands, resulting in shell command execution via...

Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation

Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...

Novell Client NetIdentity Agent XTIERRPCPIPE pointer dereference vulnerability

Added: 07/24/2009 CVE: CVE-2009-1350 BID: 34400 OSVDB: 53351 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem A vulnerability in the xtagent.exe program allows remote, authenticated attackers to execute arbitrary commands by sending a specially crafted...

Apple iTunes itms: URL buffer overflow

Added: 07/06/2009 CVE: CVE-2009-0950 BID: 35157 OSVDB: 54833 Background iTunes is a free media player for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted itms:// URL. Resolution Upgrade to iTunes 8.2 or higher. References...

Microsoft SQL Server spreplwritetovarbin Buffer Overflow

Added: 04/29/2009 CVE: CVE-2008-5416 BID: 32710 OSVDB: 50917 Background Microsoft SQL Server is a database server package for Windows platforms. Problem A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands...

Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow

Added: 04/10/2009 CVE: CVE-2008-5457 BID: 33177 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability in the WebLogic IIS connector allows remote attackers to execute arbitrary commands by sending a long, special...

Adobe Acrobat JavaScript getIcon method buffer overflow

Added: 03/27/2009 CVE: CVE-2009-0927 BID: 34169 Background Adobe Acrobat is software for creating PDF documents. Adobe Reader is free software for viewing PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the JavaScript getIco...

Fujitsu SystemcastWizard Lite PXE service buffer overflow

Added: 03/03/2009 CVE: CVE-2009-0270 BID: 33342 OSVDB: 51486 Background SystemcastWizard Lite is support software for the setup of Primequest systems. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted datagram to the...

Oracle 9i Release 2 XDB HTTP Pass Overflow

Added: 02/25/2009 CVE: CVE-2003-0727 BID: 8375 OSVDB: 2449 Background Oracle 9i release 2 includes the XDB HTTP service which by default listens on port 8080. Problem A buffer overflow vulnerability in the parsing of credentials passed to the server allows remote attackers to execute arbitrary...

Microsoft Works WkImgSrv.dll ActiveX Control WksPictureInterface vulnerability

Added: 01/08/2009 CVE: CVE-2008-1898 BID: 28820 OSVDB: 44458 Background Microsoft Works is a suite of productivity tools for home users. Problem The WkImgSrv.dll ActiveX control included in Microsoft Works allows command execution when a user loads a web page which instantiates the control with a...

Adobe Acrobat util.printf JavaScript function buffer overflow

Added: 11/10/2008 CVE: CVE-2008-2992 BID: 30035 OSVDB: 49520 Background Adobe Acrobat is software for creating PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the util.printf JavaScript function with a specially crafted form...

Openwsman HTTP Basic Authentication buffer overflow

Added: 10/17/2008 CVE: CVE-2008-2234 BID: 30694 OSVDB: 47534 Background Openwsman is an open-source implementation of the Web Services Management specification. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted HTTP Basic...

Computer Associates Alert Notification Server opcode 23 buffer overflow

Added: 04/25/2008 CVE: CVE-2007-4620 BID: 28605 OSVDB: 44040 Background The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users. Problem The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple...

Yahoo Music Jukebox MediaGrid ActiveX buffer overflow

Added: 02/11/2008 CVE: CVE-2008-0625 BID: 27578 OSVDB: 41051 Background Yahoo! Music Jukebox is a music player capable of playing, ripping, and burning MP3s and CDs, creating and sharing playlists, streaming radio stations, and purchasing music. Problem A buffer overflow vulnerability in the...

Novell GroupWise Client IMG SRC buffer overflow

Added: 01/15/2008 CVE: CVE-2007-6435 BID: 26875 OSVDB: 40870 Background Novell GroupWise is an e-mail and collaboration product suite. Problem A buffer overflow vulnerability in the GroupWise client allows command execution when a user replies to or forwards a message containing an IMG tag with a...

MacroVision InstallShield Update Service DownloadAndExecute buffer overflow

Added: 01/04/2008 CVE: CVE-2007-6654 BID: 27013 OSVDB: 39980 Background MacroVision InstallShield is software for creating installers or software packages. Problem A buffer overflow in the DownloadAndExecute function in the Update Service ActiveX control allows command execution when a user loads...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

QuickTime RTSP Content-Type header buffer overflow

Added: 11/30/2007 CVE: CVE-2007-6166 BID: 26549 OSVDB: 40876 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens an RTSP stream containing a specially crafted Content-Type header...

Lotus Notes TagAttributeListCopy buffer overflow

Added: 11/21/2007 CVE: CVE-2007-4222 BID: 26200 OSVDB: 40949 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the TagAttributeListCopy function in nnotes.dll could allow command execution when a user receives a specially crafted e-mail message and forwar...

Lotus Domino IMAP mailbox name buffer overflow

Added: 11/02/2007 CVE: CVE-2007-3510 BID: 26176 OSVDB: 40953 Background IBM Lotus Domino is a messaging and collaboration solution for multiple platforms. Problem A buffer overflow vulnerability in Lotus Domino could allow a remote, authenticated attacker to execute arbitrary commands by sending ...

BrightStor ARCserve Media Server SUN RPC buffer overflow

Added: 05/03/2007 CVE: CVE-2007-2139 BID: 23635 OSVDB: 34127 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. ARCserve Media Server is a component which comes with ARCserve Backup. Problem ARCserve Media Server is affected by multiple buffer...

QuickTime rtsp src URL buffer overflow

Added: 01/04/2007 CVE: CVE-2007-0015 BID: 21829 OSVDB: 31023 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow in QuickTime allows command execution when a user opens a specially crafted QTL file containing a long src parameter starting with rtsp:/...

BrightStor ARCserve Backup Tape Engine GetGroupStatus buffer overflow

Added: 12/22/2006 CVE: CVE-2006-6076 BID: 21221 OSVDB: 30637 Background The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage. Problem A buffer overflow vulnerability in the RPC GetGroupStatus function allows remote attackers to...

Microsoft Client Service for NetWare tree name buffer overflow

Added: 11/16/2006 CVE: CVE-2006-4688 BID: 20984 OSVDB: 30260 Background The Client Service for NetWare, also known as the Gateway Service for NetWare, allows Windows users to access NetWare file, print, and directory services. It is available with Microsoft Windows operating systems but is not...

Microsoft IIS ASP chunked encoding buffer overflow

Added: 11/10/2006 CVE: CVE-2002-0079 BID: 4485 OSVDB: 768 Background Microsoft IIS web servers include ISAPI extensions which are invoked in the server process to handle requests of a given type. Problem A buffer overflow in the ASP ISAPI filter allows remote attackers to execute arbitrary comman...

BrightStor ARCserve Message Engine RPC server buffer overflow

Added: 11/09/2006 CVE: CVE-2006-5143 BID: 20365 OSVDB: 29535 Background The BrightStor ARCserve Backup family of products includes a Message Engine which listens for connections on port 6503/TCP. Problem A buffer overflow in the ASCORE.dll library allows remote attackers to execute arbitrary...

Computer Associates License Client PUTOLF buffer overflow

Added: 07/21/2006 CVE: CVE-2005-0582 BID: 12705 OSVDB: 14389 Background The CA License Client comes with most Computer Associates products. It uses ports 10202/tcp and 10203/tcp to exchange product license information. Problem A buffer overflow in the CA License Client allows remote command...

Mozilla Firefox GIF processing buffer overflow

Added: 06/09/2006 CVE: CVE-2005-0399 BID: 12881 OSVDB: 14937 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A heap overflow in Mozilla Firefox when processing GIF images with the obsolete Netscape extension 2 allows command execution when a use...

Outlook Express NNTP LIST buffer overflow

Added: 05/04/2006 CVE: CVE-2005-1213 BID: 13951 OSVDB: 17306 Background Outlook Express is a free e-mail client which is included in Windows operating systems. Problem A buffer overflow in Outlook Express allows command execution when processing responses from NNTP servers to LIST commands...

Internet Explorer DHTML object vulnerability

Added: 04/25/2006 CVE: CVE-2005-0553 BID: 13120 OSVDB: 15465 Background Dynamic HTML DHTML allows the creation of interactive web pages. Problem Race conditions in various DHTML methods could allow command execution when a specially crafted web page is loaded in Internet Explorer. Resolution Appl...

RealPlayer invalid chunk header heap overflow

Added: 03/31/2006 CVE: CVE-2005-2922 BID: 17202 OSVDB: 24062 Background RealPlayer, RealOne Player, and Helix Player include an embedded player which plays media embedded in a web page. Problem A chunked HTTP response containing an invalid or missing chunk header results in a heap overflow, leadi...

Lotus Notes Attachment Viewer UUE file buffer overflow

Added: 02/21/2006 CVE: CVE-2005-2618 BID: 16576 OSVDB: 23065 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the attachment viewer in the Lotus Notes e-mail client allows command execution when a user opens a specially crafted UUE file. Resolution Upgra...

Mozilla Firefox QueryInterface method memory corruption

Added: 02/10/2006 CVE: CVE-2006-0295 BID: 16476 OSVDB: 22893 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A memory corruption in the QueryInterface method of the Location and Navigator objects leads to command execution. Resolution Upgrade to...