Microsoft PowerPoint Floating Point Techno-color Time Bandit vulnerability

Added: 01/12/2012 CVE: CVE-2011-0655 BID: 47252 OSVDB: 71771 Background Microsoft PowerPoint is presentation software included in the Microsoft Office desktop suite. Problem The vulnerability is caused when PowerPoint reads an invalid record in a specially crafted PowerPoint file. A remote attack...

Firefox sensor.dll Insecure Library Loading

Added: 09/13/2011 CVE: CVE-2011-2980 BID: 49217 OSVDB: 74583 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A library loading vulnerability in Mozilla Firefox and Thunderbird allows arbitrary command execution when a user...

Adobe Flash Player ActionScript Function Arguments Code Execution

Added: 08/22/2011 CVE: CVE-2011-2110 BID: 48268 OSVDB: 73007 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player ActionScript Engine is vulnerable to an information leak that can be leveraged to execute...

Mozilla Firefox OBJECT mChannel Use-After-Free

Added: 08/22/2011 CVE: CVE-2011-0065 BID: 47659 OSVDB: 72085 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A use-after-free vulnerability allows command execution when a user loads a specially crafted web page that causes...

Internet Explorer DOM modification memory corruption

Added: 06/28/2011 CVE: CVE-2011-1256 BID: 48207 OSVDB: 72948 Background The Document Object Model DOM is a convention for interacting with objects in HTML pages. Problem A memory corruption vulnerability in Internet Explorer allows command execution when a user loads a specially crafted web page...

VideoLAN VLC Media Player MKV Demuxer Code Execution

Added: 06/27/2011 CVE: CVE-2011-0531 BID: 46060 OSVDB: 70698 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VideoLan VLC 1.1.6.1 and earlier are vulnerable to a remote code execution vulnerability as a result of insufficien...

Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption

Added: 06/19/2011 CVE: CVE-2011-2217 BID: 48099 Background Tom Sawyer Software produces a variety of data visualization, layout, and analysis tools. Problem Certain ActiveX controls in tsgetxu71ex552.dll and tsgetx71ex552.dll in Tom Sawyer GET Extension Factory 5.5.2.237, as used in VI Client...

Novell ZENworks Asset Management File Upload Traversal

Added: 05/27/2011 CVE: CVE-2010-4229 BID: 47295 OSVDB: 71872 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 10.3 prior to 10.3.2 and version 11 fail to validate the...

VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow

Added: 05/26/2011 CVE: CVE-2011-1574 OSVDB: 72143 Background VideoLAN VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC media player is vulnerable to a stack buffer overflow because the ReadS3M function in libmodplug fails to properl...

HP OpenView Performance Insight Server Backdoor Account

Added: 03/03/2011 CVE: CVE-2011-0276 BID: 46079 OSVDB: 70754 Background HP OpenView Performance Insight OVPI Server is a management utility that monitors and reports on the performance of services. Problem A backdoor account may allow an attacker to execute arbitrary code on the system. Resolutio...

Windows Thumbnail View CreateSizedDIBSECTION buffer overflow

Added: 01/14/2011 CVE: CVE-2010-3970 BID: 45662 OSVDB: 70263 Background The shimgvw.dll library is part of the Microsoft Graphics Rendering Engine. Problem A vulnerability in shimgvw.dll allows command execution when Windows renders a thumbnail image which passes a specially crafted biClrUsed...

Cisco IOS HTTP access level authentication bypass

Added: 12/23/2010 CVE: CVE-2001-0537 BID: 2936 OSVDB: 578 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands at the highest privilege level level 15 without needing to authenticate by...

Adobe Shockwave Player Lnam Chunk Processing Buffer Overflow

Added: 11/08/2010 CVE: CVE-2010-3655 BID: 44516 Background Adobe Shockwave is a multimedia player used to add animation and interactivity to web pages. It allows Adobe Director applications to be published on the Internet and viewed in a web browser on any computer which has the Shockwave plug-in...

RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Execution

Added: 10/22/2010 CVE: CVE-2010-3747 BID: 44144 OSVDB: 68673 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem CDDA cdda:// is a protocol used to locate media files on Compact Disc Digital Audio...

Oracle Secure Backup Administration property_box.php Other Variable Command Injection

Added: 09/29/2010 CVE: CVE-2010-0899 BID: 41616 OSVDB: 66333 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command injection vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

Microsoft Outlook SMB Attachment ATTACH_BY_REFERENCE vulnerability

Added: 07/16/2010 CVE: CVE-2010-0266 BID: 41446 OSVDB: 66296 Background Microsoft Outlook is an e-mail client which also provides calendar, scheduling, contact management, and information sharing capabilities. Problem A vulnerability in Microsoft Outlook allows command execution when a user opens...

Novell iManager EnteredClassName buffer overflow

Added: 07/12/2010 CVE: CVE-2010-1929 BID: 40480 OSVDB: 65737 Background Novell iManager is a web-based management interface for other Novell products. Problem A buffer overflow vulnerability in jclient.dll allows remote attackers to execute arbitrary commands by sending a specially crafted...

Windows Help and Support Center -FromHCP URL whitelist bypass

Added: 06/15/2010 CVE: CVE-2010-1885 BID: 40725 OSVDB: 65264 Background The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources. Problem A vulnerability in Windows Help and Support...

Microsoft Windows Movie Maker IsValidWMToolsStream buffer overflow

Added: 05/19/2010 CVE: CVE-2010-0265 BID: 38515 OSVDB: 62811 Background Windows Movie Maker is software for creating and editing home movies. Problem A buffer overflow vulnerability in the IsValidWMToolsStream function allows command execution when a user opens a specially crafted .MSWMM file...

Lotus Domino Web Access ActiveX control InstallBrowserHelperDll buffer overflow

Added: 03/05/2010 BID: 38457 OSVDB: 62612 Background Lotus Domino Web Access provides capabilities similar to those of the Lotus Notes client, delivered through a web browser. It includes an ActiveX control implemented in inotes6w.dll, dwa7w.dll, dwa8w.dll, and dwa85w.dll. Problem A buffer overfl...

Adobe Illustrator EPS File DSC Comment Buffer Overflow

Added: 01/20/2010 CVE: CVE-2009-4195 BID: 37192 OSVDB: 60632 Background Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PD...

Adobe Illustrator EPS File DSC Comment Buffer Overflow

Added: 01/20/2010 CVE: CVE-2009-4195 BID: 37192 OSVDB: 60632 Background Adobe Illustrator software is a comprehensive vector graphics environment for creative professionals that is used for both drawing and typographical work. Illustrator supports several vector file formats including AI, CDR, PD...

HP OpenView Network Node Manager ovalarm.exe Accept-Language buffer overflow

Added: 12/22/2009 CVE: CVE-2009-4179 BID: 37261 OSVDB: 60930 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow in the ovalarm.exe CGI program allows command execution when an attacker sends an HTTP request to this...

HP Power Manager Remote Code Execution

Added: 11/06/2009 CVE: CVE-2009-2685 BID: 36933 OSVDB: 59684 Background HP Power Manager is a web-based application that enables administrators to manage an HP UPS from a browser-based management console. Problem A stack-based buffer overflow in the HP Power Manager management web server allows...

Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow

Added: 11/06/2009 CVE: CVE-2009-3867 BID: 36881 OSVDB: 59711 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

Adobe Reader FlateDecode filter TIFF Predictor integer overflow

Added: 10/27/2009 CVE: CVE-2009-3459 BID: 36600 OSVDB: 58729 Background Adobe Reader is free software for viewing PDF documents. Problem An integer overflow in the FlateDecode filter in Adobe Reader allows command execution when a user opens a PDF file containing specially crafted compressed...

Mozilla Firefox PKCS11 Module Installation Code Execution

Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...

Phishing Tool

Added: 09/23/2009 Background This tool serves an HTML form which collects information from users. It allows you to either replicate a real web page, or specify a custom header graphic, a custom footer graphic, and an introductory text message. For best results, design the HTML form to look like a...

Oracle Secure Backup property_box.php type parameter command execution

Added: 09/01/2009 CVE: CVE-2009-1978 BID: 35678 OSVDB: 55904 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A command execution vulnerability in the Oracle Secure Backup web interface allows remote attackers to execute arbitrary...

Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation

Added: 08/27/2009 CVE: CVE-2009-0562 BID: 35990 OSVDB: 56914 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A heap memory corruption vulnerability in the OWC10.DataSourceControl ActiveX control allows command execution when a use...

Adobe Flash Player authplay.dll vulnerability

Added: 08/26/2009 CVE: CVE-2009-1862 BID: 35759 OSVDB: 56282 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem A vulnerability in authplay.dll in Adobe Flash Player allows command execution when a user opens a specially crafted...

Windows Telnet credential reflection

Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...

Apple iTunes itms: URL buffer overflow

Added: 07/06/2009 CVE: CVE-2009-0950 BID: 35157 OSVDB: 54833 Background iTunes is a free media player for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a specially crafted itms:// URL. Resolution Upgrade to iTunes 8.2 or higher. References...

Microsoft Excel SST record code execution

Added: 04/23/2009 CVE: CVE-2009-0238 BID: 33870 OSVDB: 52695 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows and Macintosh platforms. Problem A vulnerability in Microsoft Excel allows command execution when a user opens a spreadshee...

SAPgui EAI WebViewer3D ActiveX control SaveViewToSessionFile buffer overflow

Added: 04/07/2009 CVE: CVE-2007-4475 BID: 34310 OSVDB: 53066 Background SAPgui for Windows registers the EAI WebViewer3D ActiveX control. Problem A buffer overflow vulnerability in the EAI WebViewer3D ActiveX control allows command execution when a user loads a web page which invokes the...

Mozilla Firefox UTF-8 URL buffer overflow

Added: 12/31/2008 CVE: CVE-2008-0016 BID: 31397 OSVDB: 48780 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem A buffer overflow vulnerability in Mozilla Firefox allows command execution when a user follows a link to a specially crafted UTF-8 URL...

Visual FoxPro vfp6r.dll ActiveX Control DoCmd command execution

Added: 12/19/2008 CVE: CVE-2008-0236 BID: 27205 OSVDB: 40380 Background Visual FoxPro is a tool for developing database applications. Problem The vfp6r.dll ActiveX control allows command execution when a user opens a web page which uses the DoCmd method. Resolution Set the kill bit for class ID...

Novell GroupWise Messenger HTTP response handling buffer overflow

Added: 07/07/2008 CVE: CVE-2008-2703 BID: 29602 OSVDB: 46041 Background GroupWise Messenger is an instant messaging client for Novell GroupWise. Problem Novell GroupWise is affected by a buffer overflow vulnerability which could allow command execution when the client program processes specially...

CA ARCserve Backup caloggerd opcode 79 buffer overflow

Added: 05/30/2008 CVE: CVE-2008-2242 BID: 29283 OSVDB: 45368 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. The logger daemon caloggerd is an RPC service which handles event logs. Problem A buffer overflow vulnerability in caloggerd allows...

CA ARCserve Backup xdr_rwsstring buffer overflow

Added: 05/27/2008 CVE: CVE-2008-2242 BID: 29283 OSVDB: 45368 Background CA ARCserve Backup formerly BrightStor ARCserve Backup is a backup and recovery solution. It runs several services which use the SUN Remote Procedure Call SUN-RPC protocol. SUN-RPC messages are defined using the External Data...

MDaemon IMAP FETCH command buffer overflow

Added: 03/31/2008 CVE: CVE-2008-1358 BID: 28245 OSVDB: 43111 Background MDaemon is an e-mail server for Windows. Problem A buffer overflow vulnerability in the IMAP service allows authenticated users to execute arbitrary commands by sending a FETCH command with a long BODY. Resolution Upgrade to...

Microsoft Office Web Components OWC.Spreadsheet.9 ActiveX Control overflow

Added: 03/12/2008 CVE: CVE-2006-4695 BID: 28135 OSVDB: 42711 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

Microsoft Color Management Module profile tag buffer overflow

Added: 11/30/2007 CVE: CVE-2005-1219 BID: 14214 OSVDB: 17830 Background The Microsoft Color Management Module helps programs achieve consistent display of colors. International Color Consortium ICC profiles are used to ensure that colors are represented accurately to users. Problem A buffer...

Trend Micro ServerProtect TMregChange buffer overflow

Added: 09/27/2007 CVE: CVE-2007-4731 OSVDB: 45878 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the TMregChange function in the TMreg.dll library allows remote attackers to execute arbitrary commands by sending specially crafted da...

Windows MDAC RDS.Dataspace ActiveX control vulnerability

Added: 07/16/2007 CVE: CVE-2006-0003 BID: 17462 OSVDB: 24517 Background Microsoft Data Access Components MDAC enable Universal Data Access in Windows applications deployed over a network. Problem A cross-zone scripting vulnerability in the RDS.Dataspace ActiveX control in MDAC allows command...

Trend Micro ServerProtect SpntSvc.exe CreateBinding buffer overflow

Added: 07/09/2007 CVE: CVE-2007-2508 BID: 23868 OSVDB: 35790 Background Trend Micro ServerProtect is a virus scanner for servers. It includes the SpntSvc.exe daemon which listens for connections on port 5168/TCP. Problem A buffer overflow vulnerability in the CAgRpcClient::CreateBinding function ...

Windows Animated Cursor Header buffer overflow

Added: 04/05/2007 CVE: CVE-2007-0038 BID: 23194 OSVDB: 33629 Background Animated cursor .ani files contain animated graphics for icons and cursors. Problem A buffer overflow in Windows allows command execution when opening a specially crafted .ani file containing large file headers. Resolution...

Windows Animated Cursor Header buffer overflow

Added: 04/05/2007 CVE: CVE-2007-0038 BID: 23194 OSVDB: 33629 Background Animated cursor .ani files contain animated graphics for icons and cursors. Problem A buffer overflow in Windows allows command execution when opening a specially crafted .ani file containing large file headers. Resolution...

MERCUR imapd SUBSCRIBE command buffer overflow

Added: 03/27/2007 CVE: CVE-2007-1579 BID: 23050 OSVDB: 33546 Background MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms. Problem A buffer overflow vulnerability allows remote, authenticated attackers to execute arbitrary commands by...

Trend Micro ServerProtect CMON_NetTestConnection buffer overflow

Added: 02/23/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the CMONNetTestConnection function allows remote attackers to execute arbitrary commands by sending a specially crafted RPC...