Computer Security
[EN] securityvulns.ru no-pyccku


Capilano DesignWorks buffer overflow
Published:10.12.2008
Source:
SecurityVulns ID:9492
Type:local
Threat Level:
5/10
Description:Buffer overflow on .CCT file parsing.
Affected:CAPILANO : DesignWorks Professional 4.3
Original documentdocumentXubucrus Djug, DesignWorks Professional 4.3.1 Local .CCT File Stack Buffer Overflow (PoC) (10.12.2008)
Files:Exploits DesignWorks Professional 4.3 buffer overflow

Microsoft Visual Basic multiple ActiveX security vulnerabilities
Published:10.12.2008
Source:
SecurityVulns ID:9494
Type:library
Threat Level:
8/10
Description:Memory corruptions in DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI, Charts, Masked Edit controls.
Affected:MICROSOFT : Frontpage 2002
 MICROSOFT : Visual Studio .Net 2003
 MICROSOFT : Project 2003
 MICROSOFT : Visual Studio .NET 2002
 MICROSOFT : Visual Basic 6.0 Runtime Extended Files
 MICROSOFT : Visual FoxPro 8.0
 MICROSOFT : Visual FoxPro 9.0
 MICROSOFT : Project 2007
CVE:CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability.")
 CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability.")
 CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability.")
 CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability.")
 CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability.")
 CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability.")
Original documentdocumentSECUNIA, Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows (10.12.2008)
 documentZDI, ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) (10.12.2008)
Files:Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Microsoft Windows GDI library multiple security vulnerabilities
Published:10.12.2008
Source:
SecurityVulns ID:9495
Type:library
Threat Level:
8/10
Description:Buffer overflow and integer overflow on WMF parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability.")
 CVE-2008-2249
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.09.08: Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802) (10.12.2008)
Files:Microsoft Security Bulletin MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Microsoft Windows Search multiple security vulnerabilities
Published:10.12.2008
Source:
SecurityVulns ID:9497
Type:client
Threat Level:
8/10
Description:Code execution with saved search results and with search-ms: URI.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
CVE:CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability.")
 CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) (10.12.2008)
Files:Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)

Microsoft Windows Media Player multiple security vulnerabilities
Published:10.12.2008
Source:
SecurityVulns ID:9498
Type:client
Threat Level:
5/10
Description:NTLM credentials leak and relaying.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability.")
 CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-076 – Important Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) (10.12.2008)
Files:Microsoft Security Bulletin MS08-076 – Important Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Microsoft Sharepoint unauthorized access
Published:10.12.2008
Source:
SecurityVulns ID:9499
Type:remote
Threat Level:
6/10
Description:It's possible to access administration page without authentication.
Affected:MICROSOFT : SharePoint Server 2007
 MICROSOFT : Microsoft Search Server 2008
CVE:CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-077 - Important Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) (10.12.2008)

Vinagre VNC client format string vulnerability
Published:10.12.2008
Source:
SecurityVulns ID:9500
Type:client
Threat Level:
5/10
Description:Format string vulnerability in VNC name.
Affected:VINAGRE : Vinagre 2.24
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-1127 - Vinagre show_error() format string vulnerability (10.12.2008)

BMC Patrol Agent format string vulnerability
Published:10.12.2008
Source:
SecurityVulns ID:9501
Type:remote
Threat Level:
5/10
Description:Format string vulneerability in logging via version number.
Affected:BMC : PATROL Agent 3.7
Original documentdocumentZDI, ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability (10.12.2008)

DD-WRT crossite request forgery
Published:10.12.2008
Source:
SecurityVulns ID:9503
Type:remote
Threat Level:
5/10
Description:Form redirection is not checked.
Affected:DDWRT : DD-WRT 24
Original documentdocumentth3.r00k_(at)_gmail.com, Multiple XSRF in DD-WRT (Remote Root Command Execution) (10.12.2008)
Files:Exploits Multiple XSRF in DD-WRT

Face recognition authentication bypass
Published:10.12.2008
Source:
SecurityVulns ID:9504
Type:local
Threat Level:
5/10
Description:Authentication can be bypassed with series of photo or video.
Affected:TOSHIBA : Toshiba Face Recognition 2.0
 ASUS : Asus SmartLogon 1.0
 LENOVO : Lenovo Veriface III
Original documentdocumentSecurity Vulnerability Research Team, [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops (10.12.2008)

HP OpenView Reporter / HP OpenView Performance Agent DoS
Published:10.12.2008
Source:
SecurityVulns ID:9505
Type:remote
Threat Level:
5/10
Affected:HP : OpenView Reporter 3.7
 HP : HP Performance Agent 4.70
 HP : HP Reporter 3.8
 HP : OpenView Performance Agent 4.60
 HP : OpenView Performance Agent 4.61
CVE:CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.)
Original documentdocumentHP, [security bulletin] HPSBMA02391 SSRT071481 rev.1 - HP OpenView Reporter and HP Reporter Running on Windows, Remote Denial of Service (DoS) (10.12.2008)
 documentHP, [security bulletin] HPSBMA02390 SSRT071481 rev.1 - HP OpenView Performance Agent, HP Performance Agent, Remote Denial of Service (DoS) (10.12.2008)

Neostrada Livebox router DoS
Published:10.12.2008
Source:
SecurityVulns ID:9506
Type:remote
Threat Level:
4/10
Description:Crash on malformed HTTP request.
Original documentdocument0in.email_(at)_gmail.com, Neostrada Livebox Remote Network Down PoC Exploit (10.12.2008)
Files:Neostrada Livebox Remote Network Down Exploit

Aruba Mobility Controller wireless routers DoS
Published:10.12.2008
Source:
SecurityVulns ID:9507
Type:remote
Threat Level:
5/10
Description:Crash on malformed EAP authentication.
Affected:ARUBANETWORKS : ArubaOS 2.4
 ARUBANETWORKS : ArubaOS 2.5
 ARUBANETWORKS : ArubaOS 3.1
 ARUBA : ArubaOS 3.2
 ARUBANETWORKS : ArubaOS 3.3
Original documentdocumentRobbie (Rupinder) Gill, DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808) (10.12.2008)

Microsoft Office multiple security vulnerabilities
updated since 10.12.2008
Published:11.12.2008
Source:
SecurityVulns ID:9493
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions on .doc and .xls parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability.")
 CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability.")
 CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability.")
 CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.)
 CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability.")
 CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.)
 CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.)
 CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability.")
 CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability.")
 CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability.")
 CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability.")
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, iDefense Security Advisory 12.10.08: Microsoft Excel Malformed Object Memoy Corruption Vulnerability (11.12.2008)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability (11.12.2008)
 documentZDI, ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability (10.12.2008)
 documentZDI, ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability (10.12.2008)
 documentZDI, ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability (10.12.2008)
 documentSECUNIA, Secunia Research: Microsoft Excel NAME Record Array Indexing Vulnerability (10.12.2008)
 documentSECUNIA, Secunia Research: Microsoft Word RTF Polyline/Polygon Integer Overflow (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) (10.12.2008)
Files:Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
 Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 10.12.2008
Published:14.12.2008
Source:
SecurityVulns ID:9502
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. EZ Publish: privilege escalation from user to CMS Administrator + Privilege escalation from CMS Administrator to system user.
Affected:EZ : ez publish 3.10
 EZ : ez publish 4.0
 PRESTASHOP : PrestaShop 1.1
 PHPEPPERSHOP : PHPepperShop 1.4
 XOOPS : XOOPS 2.3
Original documentdocumentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 с активацией учетной записи (14.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentth3.r00k_(at)_gmail.com, XSS in PHPepperShop v 1.4 (10.12.2008)
 documentth3.r00k_(at)_gmail.com, Two XSS Flaws in PrestaShop 1.1.0.3 (10.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, Joomla Component mydyngallery (10.12.2008)
 documentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 (10.12.2008)
Files:eZ Publish privilege escalation exploit by s4avrd0w
 eZ Publish OS Commanding executing exploit by s4avrd0w
 EZ publish exploit with admin account activization

Microsoft Internet Explorer multiple security vulnerabilities
updated since 10.12.2008
Published:29.12.2008
Source:
SecurityVulns ID:9496
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.")
 CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability.")
Original documentdocumentBrett Moore, [Full-disclosure] Insomnia : ISVA-081209.1 - IE Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentZDI, ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive) (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215) (10.12.2008)
Files: Microsoft Internet Explorer XML Buffer Overflow Exploit
  Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod