Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft PowerPoint security vulnerabilities
Published:10.05.2011
Source:
SecurityVulns ID:11660
Type:remote
Threat Level:
6/10
Description:Memory corruption, buffer overflow.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability.")
 CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 make unspecified function calls during file parsing without proper handling of memory, which allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Memory Corruption RCE Vulnerability.")
Files:Microsoft Security Bulletin MS11-036 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2545814)

Postfix memory corruption
Published:10.05.2011
Source:
SecurityVulns ID:11661
Type:remote
Threat Level:
6/10
Description:Memory corruption if Cyrus SASL library is used for CRAM authentications.
Affected:POSTFIX : postfix 2.5
 POSTFIX : postfix 2.6
 POSTFIX : postfix 2.7
 POSTFIX : postfix 2.8
 POSTFIX : postfix 2.9
CVE:CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.)
Original documentdocumentWietse Venema, Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720) (10.05.2011)

Microsoft Windows WINS server memory corruption
updated since 10.05.2011
Published:16.09.2011
Source:
SecurityVulns ID:11659
Type:remote
Threat Level:
7/10
Description:Memory corruption on send() exceptional conditions handling.
Affected:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability.")
Original documentdocumentLuigi Auriemma, Advisory for MS11-035 / ZDI-11-167 (16.09.2011)
 documentZDI, ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability (12.05.2011)
 documentZDI, ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability (11.05.2011)
Files:Vulnerability in WINS Could Allow Remote Code Execution (2524426)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod