Microsoft Windows GDI library multiple security vulnerabilities
Published:		10.09.2008
Source:		MICROSOFT
SecurityVulns ID:		9276
Type:		library
Level:		8/10
Description:		Multiple vulnerabilities on different graphics format parsing.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server
		MICROSOFT : Windows Vista
		MICROSOFT : Windows 2008 Server
CVE:		CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability.")
		CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability.")
		CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability.")
		CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability.")
		CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability.")

Original document		VR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - Microsoft Windows Graphics Rendering Engine WMF Parsing Buffer Overflow (10.09.2008)
		Ivan Fratric, Windows GDI+ GIF memory corruption (10.09.2008)
		IDEFENSE, iDefense Security Advisory 09.09.08: Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability (10.09.2008)
		ZDI, ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability (10.09.2008)
		ZDI, ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability (10.09.2008)
		MICROSOFT, Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) (10.09.2008)

Files:		Microsoft Security Bulletin MS08-052 – Critical Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Windows Media Player memory corruption
Published:		10.09.2008
Source:		MICROSOFT
SecurityVulns ID:		9278
Type:		client
Level:		6/10
Description:		Server-Side playlists parsing memory corruption.

Affected:		MICROSOFT : Windows XP
		MICROSOFT : Windows Vista
		MICROSOFT : Windows 2008 Server
CVE:		CVE-2008-2253

Original document

MICROSOFT, Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154) (10.09.2008)

Files:		Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Windows Media Encoder ActiveX code execution
Published:		10.09.2008
Source:		MICROSOFT
SecurityVulns ID:		9277
Type:		client
Level:		7/10
Description:		Control supports unsafe methods.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server
		MICROSOFT : Windows Vista
		MICROSOFT : Windows 2008 Server
CVE:		CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability.")

Original document

MICROSOFT, Microsoft Security Bulletin MS08-053 – Critical Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156) (10.09.2008)

Files:		Microsoft Security Bulletin MS08-053 – Critical Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Office code execution
Published:		10.09.2008
Source:		MICROSOFT
SecurityVulns ID:		9279
Type:		client
Level:		5/10
Description:		Code execution on OneNote: URI.

Affected:		MICROSOFT : Office XP
		MICROSOFT : Office 2003
		MICROSOFT : Office 2007
CVE:		CVE-2008-3007 (Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability.")

Original document		Brett Moore, Insomnia : ISVA-080910.1 - MS Office OneNote URL Handling Vulnerability (10.09.2008)
		MICROSOFT, Microsoft Security Bulletin MS08-055 – Critical Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047) (10.09.2008)

Files:		Microsoft Security Bulletin MS08-055 – Critical Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
Discuss:		Read or add your comments to this news (0 comments)

Sun M4000-M9000 chassis DoS
Published:		10.09.2008
Source:		BUGTRAQ
SecurityVulns ID:		9280
Type:		local
Level:		5/10
Description:		Crash on a single domain requires long repair procedure and rebooting of whole chassis.

Original document

Theo de Raadt, Sun M-class hardware denial of service (10.09.2008)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		10.09.2008
Source:
SecurityVulns ID:		9282
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		HORDE : Horde 3.1
		LEDGERSMB : LedgerSMB 1.2
		STASH : Stash 1.0
		HORDE : Horde 3.2

Original document		Will Drewry, [oCERT-2008-012] Horde, Popoon frameworks common input sanitization errors (XSS) (10.09.2008)
		r3d.w0rm_(at)_yahoo.com, Stash v1.0.3 Admin bypass / Remote File Disclosure (10.09.2008)
		chris.travers_(at)_gmail.com, Multiple Vulnerabilities: LedgerSMB < 1.2.15 (10.09.2008)

Discuss:

Read or add your comments to this news (0 comments)

Apple QuickTime multiple security vulnerabilities updated since 10.09.2008
Published:		16.09.2008
Source:		BUGTRAQ
SecurityVulns ID:		9281
Type:		client
Level:		7/10
Description:		Integer overflow on PICT parsing, memory corruptions on STSZ, MDAT and H.264 parsing. Buffer overflows on AVC1 and Panorama PDAT parsing.

Affected:		APPLE : QuickTime Player 7.4
		APPLE : QuickTime 7.4
CVE:		CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
		CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.)
		CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.)
		CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.)
		CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.)
		CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
		CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.)

Original document		NGSSoftware Insight Security Research Advisory (NISR), Critical Vulnerability in Apple Quicktime’s Indeo Codec (16.09.2008)
		ZDI, ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability (12.09.2008)
		ZDI, ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability (10.09.2008)
		ZDI, ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability (10.09.2008)
		ZDI, ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability (10.09.2008)
		ZDI, ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability (10.09.2008)
		ZDI, ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability (10.09.2008)
		IDEFENSE, iDefense Security Advisory 09.09.08: Apple QuickTime PICT Integer Overflow Vulnerability (10.09.2008)

Discuss:

Read or add your comments to this news (0 comments)