Microsoft Windows Print Spooler Buffer Overflow Vulnerability

Description Microsoft Windows Print Spooler service is prone to a buffer-overflow vulnerability. Specifically, this issue occurs when the Print Spooler service handles malformed messages containing excessive data. Exploiting this vulnerability allows attackers to escalate their privileges and gai...

Microsoft Internet Explorer Unspecified SharePoint Portal Services Log Sink ActiveX Vulnerability

Description Microsoft Internet Explorer is prone to an unspecified vulnerability in the SharePoint Portal Service Log Sink ActiveX control. The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the...

Microsoft Outlook Express Multiple Vulnerabilities

Description Microsoft has released an update to address various issues affecting Outlook Express 6.0 running on Windows XP. These issues may allow remote attackers to cause the client to crash or disclose sensitive information. Reportedly remote attackers may cause the client to crash by sending...

Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability

Description Microsoft Windows is prone to a buffer-overflow vulnerability in the Color Management Module. The issue is due to a boundary-condition error related to the parsing of ICC International Color Consortium Profile tags in various supported image and document formats. ICC Profile data may...

Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability

Description A remote denial of service vulnerability has been reported in the kernel for Microsoft Windows. The vendor has confirmed that this vulnerability permits remote attackers to crash affected computers. This issue is due to a failure of the application to properly handle malformed Remote...

Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability

Description Microsoft Word is affected by a remote buffer overflow vulnerability. This vulnerability presents itself when a .doc file contains specific malformed input. Upon attempting to read the malformed .doc file, the affected application fails to properly validate data within the file. This...

Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a heap-based buffer-overflow vulnerability that occurs when the 'javaprxy.dll' COM object is instantiated by a malicious webpage. Attackers may exploit this issue to execute arbitrary code in the context of the client. Technologies Affected...

XML-RPC for PHP Remote Code Injection Vulnerability

Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...

Microsoft Windows Web Client Service Remote Code Execution Vulnerability

Description Microsoft Windows Web Client Service is affected by a remote code execution vulnerability. This is due to a buffer overflow in the affected component. A remote authenticated attacker can exploit this issue by sending a malformed message to the Web Client Service. This can lead to...

Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability

Description Microsoft Outlook Express is prone to a buffer overflow when parsing NNTP responses. Successful exploits could allow arbitrary code to run in the context of the user running the application. Technologies Affected Microsoft Outlook Express 5.0 Microsoft Outlook Express 5.5 Microsoft...

Microsoft Step-By-Step Interactive Training Bookmark Link Buffer Overflow Vulnerability

Description Microsoft Step-By-Step Interactive Training is prone to a buffer overflow vulnerability. This is due to a boundary condition error related to validation of data in bookmark link files. As bookmark link files may originate from an external source, this issue may be remotely exploitable...

Microsoft Exchange Server Outlook Web Access HTML Injection Vulnerability

Description Outlook Web Access is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the affected application of an unsuspecting user in...

Microsoft ISA Server HTTP/HTTPS Service Basic Auth Information Disclosure Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is prone to an information disclosure vulnerability. Reports indicate that the issue manifests when an ISA server is publishing a Web service that has Basic authentication enabled, but the Web publishing rules that process the...

Microsoft Internet Explorer Unspecified DigWebX ActiveX Control Vulnerability

Description Microsoft Internet Explorer is prone to an unspecified vulnerability in the DigWebX ActiveX control. The vendor has not released any further information about this vulnerability other than to state the "kill bit" has been set on unsupported versions of the control. Technologies Affect...

Microsoft Internet Explorer PNG Image Rendering Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a buffer overflow vulnerability. This issue exists in the PNG image rendering library used by the browser. Successful exploitation will result in execution of arbitrary code in the context of the currently logged in user. This issue is present i...

Microsoft Internet Explorer XML Redirect Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information disclosure vulnerability. Specifically, it may be possible for remote users to read XML data from an affected computer via a malicious Web page. This issue is a variant of BID 5560. This variant was not addressed with the release ...

Microsoft Internet Explorer Unspecified GIF And BMP Denial Of Service Vulnerability

Description Microsoft Internet Explorer is prone to a denial of service vulnerability when rendering malformed GIF and BMP images. Malformed images for other file formats may also cause a similar condition, though the vendor has not provided any further information. The vendor has not released an...

Microsoft ISA Server HTTP Request Smuggling Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is reported prone to a HTTP request smuggling attack. The vendor reports that Microsoft ISA server fails to correctly handle an invalid HTTP request that contains multiple 'Content-Length' values in an invalid HTTP header. A remo...

Microsoft Incoming SMB Packet Validation Remote Buffer Overflow Vulnerability

Description Microsoft SMB is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. Remote attackers may exploit this vulnerability to execut...

Microsoft Agent Trusted Content Spoofing Vulnerability

Description Microsoft Agent is prone to a vulnerability that could allow a malicious website to spoof trusted content. This could result in a user downloading and executing malicious files thinking they are safe. Technologies Affected Microsoft Windows 2000 Advanced Server Microsoft Windows 2000...

Microsoft ISA Server NetBIOS Predefined Filter Policy Bypass Vulnerability

Description Microsoft Internet Security and Acceleration ISA server is prone to a policy bypass vulnerability. Reports indicate that the issue manifests when a Microsoft ISA server is utilizing the 'NetBIOS all' predefined filter. A remote attacker may leverage this vulnerability to successfully...

Microsoft Windows HTML Help Remote Code Execution Vulnerability

Description Microsoft Windows HTML Help is affected by a remote code execution vulnerability. The vulnerability presents itself when the application handles malformed data through the InfoTech protocol ms-its, its, mk:@msitstore. An attacker may exploit this issue from a malicious Web page or...

Microsoft Internet Explorer JavaScript OnLoad Handler Remote Code Execution Vulnerability

Description Microsoft Internet Explorer is affected by a remote code execution vulnerability. This vulnerability presents itself when the browser handles a JavaScript 'onLoad' handler in conjunction with an improperly initialized 'window' JavaScript function. This issue may be exploited to execut...

Ipswitch IMail Server Multiple Vulnerabilities

Description Ipswitch IMail is prone to multiple remote vulnerabilities. Attackers may exploit these issues to deny service for legitimate users, obtaoin potentially sensitive information, and execute arbitrary code. The vulnerabilities include a directory-traversal issue, two remote...

Darryl Burgdorf Webhints Remote Command Execution Vulnerability

Description Darryl Burgdorf Webhints is prone to a remote command execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Technologies Affected Colored Scripts Easy Message Board Darryl Burgdorf Webhints 1.3.0 Recommendations Block...

Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability

Description Microsoft Windows is reported prone to a remote code execution vulnerability. It is reported that the vulnerability manifests when an affected Microsoft platform receives and processes an especially malformed TCP/IP packet. Reports indicate that the immediate consequences of...

Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability

Description A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the...

Microsoft Word Unspecified Document File Buffer Overflow Vulnerability

Description Microsoft Word is affected by a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data. Microsoft has not specified exactly where the error may occur. This could result in execution of arbitrary code in the...

Microsoft Internet Explorer Content Advisor File Handling Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability when handling malformed Content Advisor files. An attacker can exploit this issue by crafting a Content Advisor file with excessive data and arbitrary machine code to be processed by the browser. A typical...

Microsoft Word Malformed Document Buffer Overflow Vulnerability

Description Microsoft Word is prone to a buffer overflow vulnerability. This issue presents itself when Microsoft Word attempts to parse a malformed document. This could result in execution of arbitrary code in the context of a user who opens the malicious document. Internet Explorer is a likely...

Microsoft Internet Explorer Malformed URI Buffer Overflow Vulnerability

Description A buffer overflow vulnerability is reported in Microsoft Internet Explorer. This issue is due to insufficient boundary verification of user-supplied input data causing a fixed-sized memory buffer to be overrun when attempting to copy data into it. This vulnerability allows...

Microsoft Exchange Server SMTP Extended Verb Buffer Overflow Vulnerability

Description Microsoft Exchange Server is prone to a buffer overflow in the X-LINK2STATE SMTP extended verb. Successful exploitation could result in arbitrary code execution. Technologies Affected Microsoft Exchange Server 2000 Microsoft Exchange Server 2000 SP1 Microsoft Exchange Server 2000 SP2...

Microsoft Windows Message Queuing Remote Buffer Overflow Vulnerability

Description A remote buffer overflow vulnerability affects Microsoft Windows. This issue is due to a failure of the affected functionality to properly validate the length of user-supplied strings prior to copying them into static process buffers. This vulnerability may be exploited over RPC. An...

Microsoft Windows Kernel Object Management Denial Of Service Vulnerability

Description The Microsoft Windows kernel is prone to a locally exploitable denial-of- service vulnerability. The issue is related to object management in the Windows kernel. Technologies Affected Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows...

Microsoft Windows Kernel Access Validation Request Buffer Overflow Vulnerability

Description The Microsoft Windows kernel is prone to a buffer overflow in the system that validates access requests. Successful exploits could allow arbitrary code to run in the context of the kernel. Only local users can exploit this vulnerability. Technologies Affected Microsoft Windows 2000...

Microsoft Windows Kernel CSRSS Local Privilege Escalation Vulnerability

Description A local privilege-escalation vulnerability affects Microsoft Windows because the kernel fails to properly handle user-supplied messages. A local attacker may leverage this issue to completely compromise the computer. Technologies Affected Microsoft Windows 2000 Advanced Server Microso...

Microsoft MSN Messenger GIF Image Processing Remote Buffer Overflow Vulnerability

Description Microsoft MSN Messenger is prone to a remote buffer-overflow vulnerability when handling malformed Graphic Interchange Format GIF images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system-level...

Microsoft Windows Shell Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability that may allow remote attackers to execute code through the Windows Shell. The cause of the vulnerability is related to how the operating system handles unregistered file types. The specific issue is that files with an unknown extension ma...

SMTP Binding Configuration Settings Bypassed

SUMMARY Symantec responded to a potential vulnerability identified in the SMTP binding function of the entry-level Symantec Gateway Security appliances with the ISP load-balancing capabilities. In certain firmware versions, the SMTP outbound email traffic would be load-balanced regardless of the...

Symantec UPX Parsing Engine Heap Overflow

SUMMARY Symantec resolved a potential remote access compromise vulnerability reported by ISS X-Force. The vulnerability was identified in an early version of a Symantec antivirus scanning module responsible for parsing UPX compressed files that is still in limited use in some Symantec security...

Microsoft Internet Explorer DHTML Method Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a heap-based buffer-overflow vulnerability caused by a boundary condition error that is exposed when passing data to the 'createControlRange' DHTML method. As a result, heap-based memory can be corrupted with attacker-supplied data. An attacker...

Microsoft Windows Hyperlink Object Library Buffer Overflow Vulnerability

Description The Microsoft Windows Hyperlink Object Library is reported prone to a buffer overflow vulnerability. An attacker may exploit this condition to execute arbitrary code on a vulnerable computer, which may grant unauthorized access to the computer or lead to privilege escalation. It is...

Microsoft MSN Messenger/Windows Messenger PNG Buffer Overflow Vulnerability

Description A remotely exploitable buffer overflow exists in MSN Messenger and Windows Messenger. This vulnerability is related to parsing of Portable Network Graphics PNG image header data. Successful exploitation will result in execution of arbitrary code in the context of the vulnerable client...

Microsoft OLE Remote Buffer Overflow Vulnerability

Description Microsoft OLE is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to perform boundary checks before copying user-supplied data to sensitive process buffers. A remote attacker may leverage this vulnerability to execute arbitrary...

Microsoft Windows COM Structured Storage Local Privilege Escalation Vulnerability

Description Microsoft Windows is reported prone to a local privilege escalation vulnerability when processing COM structured storage files. This issue may allow a local attacker to gain elevated privileges on a vulnerable computer. An attacker with local interactive access may craft an applicatio...

Microsoft Windows Media Player Remote PNG Image Format Buffer Overflow Vulnerability

Description A remote buffer overflow vulnerability affects the Portable Network Graphics PNG image format processing functionality of Microsoft Windows Media Player. This issue is due to a failure of the application to properly validate the size of image data prior to copying it into static proce...

Microsoft Internet Explorer URI Decoding Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability related to URI decoding. A bug in how the browser parses encoded URI data may allow zone bypass. As a result, it is possible to force the browser to interpret Web content in the Local Zone. This could be exploited to execute...

Microsoft Internet Explorer Unspecified ActiveX Image Control Vulnerability

Description Microsoft has announced in the MS05-014 Cumulative Internet Explorer bulletin that the ActiveX Image Control 1.0 is no longer supported due to an unspecified security vulnerability. The cumulative update addresses the vulnerability by setting the kill-bit on the control so that it may...

Microsoft Windows Server Message Block Handlers Remote Buffer Overflow Vulnerability

Description Microsoft Windows Server Message Block handler is reported prone to a remote buffer-overflow vulnerability. Note that since SMB drivers execute in the kernel memory space, a successful attack can grant a remote attacker unauthorized access with ring-0 privileges. Microsoft has noted...

Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability

Description A remote buffer overflow vulnerability affects Microsoft Office XP. The problem presents itself when an unsuspecting user follows a malicious HTML link that points to a Office document. A boundary condition error is exposed during this operation that may allow attacker-specified data ...