Internet Explorer deleted object memory corruption

Added: 02/23/2009 CVE: CVE-2009-0075 BID: 33627 OSVDB: 51839 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A memory corruption vulnerability allows command execution when a user opens a specially crafted web page which causes a...

Microsoft Office OCX ActiveX controls OpenWebFile program execution

Added: 01/30/2009 BID: 33243 Background Microsoft Office OCX is a suite of ActiveX document containers to create, open, edit, and print Microsoft Office files. Problem A vulnerability in multiple Office OCX ActiveX controls allows a web page to execute remote programs using the OpenWebFile method...

Opera file URI buffer overflow

Added: 01/13/2009 CVE: CVE-2008-5178 BID: 32323 OSVDB: 49882 Background Opera is a web browser which is available for multiple platforms. Problem A buffer overflow vulnerability allows command execution when a user opens a long, specially crafted file:// URI. Resolution Upgrade to Opera 9.63 or...

Norton AntiSpam 2004 SymSpamHelper ActiveX control buffer overflow

Added: 12/24/2008 CVE: CVE-2004-0363 BID: 9916 OSVDB: 6249 Background Norton AntiSpam 2004, which is included in Norton Internet Security 2004, is spam filtering software. Problem A buffer overflow vulnerability in the SymSpamHelper ActiveX control symspam.dll allows command execution when a user...

Internet Explorer embed tag src extension buffer overflow

Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...

VLC media player TY file parse_master buffer overflow

Added: 12/04/2008 CVE: CVE-2008-4654 BID: 31813 OSVDB: 49181 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability in the parsemaster function in the Ty demux plugin allows command execution when a...

VLC media player RealText subtitle file ParseRealText buffer overflow

Added: 12/01/2008 CVE: CVE-2008-5036 BID: 32125 OSVDB: 49809 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem A buffer overflow vulnerability in the ParseRealText function allows command execution when a user opens a media fi...

CA ARCserve Backup for Laptops and Desktops LGServer password integer overflow

Added: 11/28/2008 CVE: CVE-2007-5004 BID: 24348 OSVDB: 41352 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem An integer overflow vulnerability allows remote attackers to execute...

Find e-mail addresses

Added: 09/24/2008 Background E-mail addresses in a given domain can often be found using publicly available information such as Internet search engines, network registrars, and public key servers. This tool attempts to provide a list of e-mail addresses using these resources. Limitations Many...

CoolPlayer m3u playlist processing filename buffer overflow

Added: 08/13/2008 CVE: CVE-2008-3408 BID: 30418 OSVDB: 47194 Background CoolPlayer is a free audio player for Windows platforms. Problem A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename. Resolutio...

Trend Micro OfficeScan objRemoveCtrl ActiveX buffer overflow

Added: 08/11/2008 CVE: CVE-2008-3364 BID: 30407 OSVDB: 47213 Background Trend Micro OfficeScan is a centralized virus and security scan management system. Problem A buffer overflow in the objRemoveCtrl ActiveX control, which is automatically installed when OfficeScan is installed through the serv...

RealPlayer rjbdll.dll ActiveX Control file import buffer overflow

Added: 08/01/2008 CVE: CVE-2008-3066 BID: 30379 OSVDB: 48286 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem A buffer overflow vulnerability in an ActiveX control in rjbdll.dll allows command...

Orbit Downloader URL Unicode conversion buffer overflow

Added: 07/07/2008 CVE: CVE-2008-1602 BID: 28541 OSVDB: 44036 Background Orbit Downloader is a download manager supporting various protocols. Problem A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloade...

Facebook PhotoUploader ActiveX control ExtractIptc buffer overflow

Added: 05/19/2008 CVE: CVE-2008-0660 BID: 27576 OSVDB: 41073 Background Facebook PhotoUploader is an ActiveX control which allows uploading of photos to the Facebook web site. It uses the Aurigma ImageUploader product. Problem A buffer overflow vulnerability in Facebook PhotoUploader allows comma...

CA ARCserve Backup for Laptops and Desktops LGServer service code execution

Added: 05/07/2008 CVE: CVE-2008-1328 BID: 28616 OSVDB: 44320 Background BrightStor ARCserve Backup for Laptops and Desktops is an automated backup solution optimized for low-bandwidth, intermittent network connections. Problem A buffer overflow vulnerability in BrightStor ARCserve Backup for...

Borland StarTeam Multicast Service parse_request buffer overflow

Added: 04/25/2008 CVE: CVE-2008-0311 BID: 28602 OSVDB: 44039 Background Borland StarTeam is a software change and configuration management system. Problem A buffer overflow vulnerability in the PGMWebHandler::parserequest function in the StarTeam Multicast Service allows remote attackers to execu...

Borland InterBase ibserver.exe Service Attach request buffer overflow

Added: 04/21/2008 CVE: CVE-2008-1910 BID: 28730 OSVDB: 44455 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow vulnerability in ibserver.exe allows remote attackers to execute arbitrary commands by sending a long, specially...

HP Openview Network Node Manager Ovalarmsrv buffer overflow

Added: 04/18/2008 CVE: CVE-2008-3544 BID: 28668 OSVDB: 50076 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A buffer overflow vulnerability in the Ovalarmsrv service in Network Node Manager allows remote attackers to execute...

HP Openview Network Node Manager ovwparser.dll buffer overflow

Added: 04/14/2008 CVE: CVE-2008-1697 BID: 28569 OSVDB: 43992 Background HP OpenView Network Node Manager is network availability and performance management software. Problem A vulnerability in ovwparser.dll allows remote attackers to execute arbitrary commands by sending a request for a long,...

Windows GDI EMF filename buffer overflow

Added: 04/09/2008 CVE: CVE-2008-1087 BID: 28570 OSVDB: 44215 Background The Windows Graphics Device Interface GDI interacts with graphics device drivers on behalf of applications. Problem A buffer overflow in Windows GDI allows command execution when a user opens a specially crafted EMF file...

MDaemon IMAP FETCH command buffer overflow

Added: 03/31/2008 CVE: CVE-2008-1358 BID: 28245 OSVDB: 43111 Background MDaemon is an e-mail server for Windows. Problem A buffer overflow vulnerability in the IMAP service allows authenticated users to execute arbitrary commands by sending a FETCH command with a long BODY. Resolution Upgrade to...

rpc.ypupdated command injection vulnerability

Added: 03/28/2008 CVE: CVE-1999-0208 BID: 1749 OSVDB: 11517 Background Network Information Service NIS is a distributed database that allows you to maintain consistent configuration files throughout your network. rpc.ypupdated is an NIS service which is responsible for duplicating information fro...

mIRC PRIVMSG hostname buffer overflow

Added: 03/13/2008 CVE: CVE-2008-4449 BID: 31552 OSVDB: 48752 Background mIRC is an Internet Relay Chat IRC client. Problem A buffer overflow in mIRC allows command execution when a user connects to a malicious IRC server which sends a PRIVMSG message with a long, specially crafted hostname...

Veritas Storage Foundation Administrator service buffer overflow

Added: 03/03/2008 CVE: CVE-2008-0638 BID: 25778 OSVDB: 41978 Background Veritas Storage Foundation is an online storage management solution. An Administrator service, implemented by vxsvc.exe, listens on port 3207 by default. Problem A buffer overflow vulnerability in the Administrator service...

ASPX Shell

Added: 02/14/2008 Background This exploit does not exploit a vulnerability, but instead creates an aspx page. The page, if placed on an IIS server, establishes a shell connection when requested. Problem N/A Resolution N/A References N/A Limitations The user needs the ability to upload the resulti...

Lotus Notes MIF attachment viewer buffer overflow

Added: 01/30/2008 CVE: CVE-2007-5909 BID: 26175 OSVDB: 40791 Background Lotus Notes is the client for Lotus Domino servers. Problem A buffer overflow in the KeyView Viewer included in Lotus Notes allows command execution when a user views a specially crafted Frame Maker Interchange File MIF...

QuickTime PICT image UncompressedQuickTimeData buffer overflow

Added: 11/19/2007 CVE: CVE-2007-4672 BID: 26344 OSVDB: 38547 Background QuickTime is a media player for Windows and Mac OS platforms. Problem A buffer overflow vulnerability in QuickTime allows command execution when a user opens a specially crafted PICT image containing an invalid...

RealPlayer ActiveX control playlist name buffer overflow

Added: 10/25/2007 CVE: CVE-2007-5601 BID: 26130 OSVDB: 41430 Background RealPlayer and RealOne Player include a number of ActiveX controls allowing functions to be called by scripts embedded in web pages. Problem The RealPlayer Database Component MPAMedia.dll is affected by a buffer overflow...

Kodak Image Viewer TIFF image handling vulnerability

Added: 10/15/2007 CVE: CVE-2007-2217 BID: 25909 OSVDB: 37627 Background The Windows Kodak Image Viewer is a utility for rendering various image formats. It is included in Windows 2000, and may also be present on newer versions of Windows if a computer was upgraded from Windows 2000. Problem A...

RSA Authentication Agent for Web for IIS chunked encoding overflow

Added: 07/13/2007 CVE: CVE-2005-1471 BID: 13524 OSVDB: 16164 Background RSA Authentication Agent For Web for IIS provides access control for applications on IIS web servers. Problem A heap overflow vulnerability when using chunked transfer-encoding allows remote attackers to execute arbitrary...

Solaris loadable kernel module directory traversal

Added: 06/22/2007 CVE: CVE-2004-1767 BID: 9477 OSVDB: 15128 Background Loadable kernel modules are programs which can be dynamically loaded into the kernel. Problem A directory traversal vulnerability in the vfsgetvfssw function in the Solaris kernel allows unprivileged users to load their own...

Internet Explorer Content Advisor memory corruption

Added: 06/20/2007 CVE: CVE-2005-0555 BID: 13117 OSVDB: 15466 Background The Content Advisor is used to control what content is viewable in Internet Explorer. Problem A memory corruption vulnerability in the Content Advisor allows command execution when a user loads a specially crafted page in...

Trend Micro ServerProtect CMON_ActiveUpdate buffer overflow

Added: 06/18/2007 CVE: CVE-2007-1070 BID: 22639 OSVDB: 33042 Background Trend Micro ServerProtect is a virus scanner for servers. Problem A buffer overflow vulnerability in the CMONActiveUpdate and CMONActiveRollback functions allows remote attackers to execute arbitrary commands by sending a...

Microsoft Speech API memory corruption

Added: 06/13/2007 CVE: CVE-2007-2222 BID: 24426 OSVDB: 35353 Background Microsoft Speech API allows development of Windows applications supporting speech-based interaction. Problem A memory corruption vulnerability in Microsoft Speech API 4 allows command execution when a user loads a specially...

McAfee ePolicy Orchestrator SiteManager ExportSiteList buffer overflow

Added: 05/11/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

Yahoo Messenger AudioConf ActiveX control buffer overflow

Added: 04/12/2007 CVE: CVE-2007-1680 BID: 23291 OSVDB: 34319 Background Yahoo! Messenger is an instant messaging application. It includes the AudioConf ActiveX control which is provided by yacscom.dll. Problem A buffer overflow vulnerability in the AudioConf ActiveX control allows command executi...

McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow

Added: 03/22/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

McAfee ePolicy Orchestrator SiteManager ActiveX buffer overflow

Added: 03/22/2007 CVE: CVE-2007-1498 BID: 22952 OSVDB: 33796 Background ePolicy Orchestrator is a centralized security configuration and monitoring application. It includes the SiteManager ActiveX control which is implemented by sitemanager.dll. Problem A buffer overflow vulnerability in the...

BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow

Added: 02/09/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31327 Background The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary...

BrightStor ARCserve Backup Tape Engine opnum 0xCF buffer overflow

Added: 02/09/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31327 Background The BrightStor ARCserve Backup server includes a Backup Tape Engine feature which allows use of tape drives for storage. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary...

BrightStor ARCserve Message Engine opnum 0x75 buffer overflow

Added: 01/24/2007 CVE: CVE-2007-0169 BID: 22005 OSVDB: 31318 Background The BrightStor ARCserve Backup server runs the Message Engine RPC service on ports 6503/TCP and 6504/TCP by default. Problem A buffer overflow in BrightStor ARCserve Backup allows remote attackers to execute arbitrary command...

Microsoft Excel PALETTE record buffer overflow

Added: 01/11/2007 CVE: CVE-2007-0031 BID: 21922 OSVDB: 31258 Background Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms. Problem A buffer overflow vulnerability in Microsoft Excel allows command execution when a user opens a speciall...

Novell NetMail NMAP STOR command buffer overflow

Added: 01/05/2007 CVE: CVE-2006-6424 BID: 21725 OSVDB: 31363 Background Novell NetMail servers include the Network Messaging Application Protocol NMAP service, which listens on port 689/TCP. Problem A buffer overflow in Novell NetMail allows remote attackers to execute arbitrary commands by sendi...

AOL ICQ ActiveX DownloadAgent vulnerability

Added: 12/15/2006 CVE: CVE-2006-5650 BID: 20930 OSVDB: 30220 Background America Online AOL ICQ is a widely used program for communicating with other users on the Internet. Problem The ICQPhone.SipxPhoneManager ActiveX control, which is installed with ICQ, includes a function called DownloadAgent...

WinZip FileView ActiveX control unsafe method

Added: 11/27/2006 CVE: CVE-2006-5198 BID: 21060 OSVDB: 30433 Background WinZip includes the FileView ActiveX control which provides a user interface similar to the file view pane in Windows Explorer. Problem The FileView ActiveX control is marked "safe for scripting" and exposes several unsafe...

WinZip FileView ActiveX control unsafe method

Added: 11/27/2006 CVE: CVE-2006-5198 BID: 21060 OSVDB: 30433 Background WinZip includes the FileView ActiveX control which provides a user interface similar to the file view pane in Windows Explorer. Problem The FileView ActiveX control is marked "safe for scripting" and exposes several unsafe...

Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow

Added: 11/03/2006 CVE: CVE-2006-0272 BID: 16287 OSVDB: 22567 Background Oracle Database Server includes the DBMSXMLSCHEMA component, which contains procedures for managing XML schemas. Problem A buffer overflow vulnerability in the DBMSXMLSCHEMA.GENERATESCHEMA procedure allows database users to...

Serv-U FTP Server MDTM timezone buffer overflow

Added: 10/27/2006 CVE: CVE-2004-0330 BID: 9751 OSVDB: 4073 Background Serv-U FTP Server supports the MDTM command which allows users to modify the time stamp on files. Problem A buffer overflow in Serv-U FTP Server allows remote authenticated attackers to execute arbitrary commands by sending the...

Microsoft Message Queuing buffer overflow

Added: 10/06/2006 CVE: CVE-2005-0059 BID: 13112 OSVDB: 15458 Background Microsoft Message Queuing allows applications which may be running at different times to communicate across a network. Problem A buffer overflow in Microsoft Message Queuing allows remote attackers to execute arbitrary...

WhatsUp Gold _maincfgret.cgi instancename buffer overflow

Added: 09/08/2006 CVE: CVE-2004-0798 BID: 11043 OSVDB: 9177 Background WhatsUp Professional formerly WhatsUp Gold is a network mapping and monitoring tool. Problem A buffer overflow in the WhatsUp Gold web interface allows remote command execution by requesting maincfgret.cgi with a long...