 |
|
|
|
| Microsoft Windows Search multiple security vulnerabilities | | Published: |  | 10.12.2008 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 9497 | | Type: |  | client | | Level: |  | 8/10 | | Description: |  | Code execution with saved search results and with search-ms: URI. |
| Affected: |  | MICROSOFT : Windows XP | | | | MICROSOFT : Windows Vista | | CVE: |  | CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability.") | | | | CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability.") |
| Face recognition authentication bypass | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9504 | | Type: | | local | | Level: | | 5/10 | | Description: | | Authentication can be bypassed with series of photo or video. |
| HP OpenView Reporter / HP OpenView Performance Agent DoS | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9505 | | Type: | | remote | | Level: | | 5/10 |
| Microsoft Windows GDI library multiple security vulnerabilities | | Published: | | 10.12.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9495 | | Type: | | library | | Level: | | 8/10 | | Description: | | Buffer overflow and integer overflow on WMF parsing. |
| Capilano DesignWorks buffer overflow | | Published: | | 10.12.2008 | | Source: | | CN4PHUX | | SecurityVulns ID: | | 9492 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on .CCT file parsing. |
| Microsoft Visual Basic multiple ActiveX security vulnerabilities | | Published: | | 10.12.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9494 | | Type: | | library | | Level: | | 8/10 | | Description: | | Memory corruptions in DataGrid,
FlexGrid,
Hierarchical FlexGrid,
Windows Common AVI,
Charts,
Masked Edit controls. |
| Affected: | | MICROSOFT : Frontpage 2002 | | | | MICROSOFT : Visual Studio .Net 2003 | | | | MICROSOFT : Project 2003 | | | | MICROSOFT : Visual Studio .NET 2002 | | | | MICROSOFT : Visual Basic 6.0 Runtime Extended Files | | | | MICROSOFT : Visual FoxPro 8.0 | | | | MICROSOFT : Visual FoxPro 9.0 | | | | MICROSOFT : Project 2007 | | CVE: | | CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability.") | | | | CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability.") | | | | CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability.") | | | | CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability.") | | | | CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability.") | | | | CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability.") |
| Microsoft Windows Media Player multiple security vulnerabilities | | Published: | | 10.12.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9498 | | Type: | | client | | Level: | | 5/10 | | Description: | | NTLM credentials leak and relaying. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability.") | | | | CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability.") |
| Vinagre VNC client format string vulnerability | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9500 | | Type: | | client | | Level: | | 5/10 | | Description: | | Format string vulnerability in VNC name. |
| BMC Patrol Agent format string vulnerability | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9501 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Format string vulneerability in logging via version number. |
| Neostrada Livebox router DoS | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9506 | | Type: | | remote | | Level: | | 4/10 | | Description: | | Crash on malformed HTTP request. |
| Aruba Mobility Controller wireless routers DoS | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9507 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on malformed EAP authentication. |
| DD-WRT crossite request forgery | | Published: | | 10.12.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9503 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Form redirection is not checked. |
| Microsoft Sharepoint unauthorized access | | Published: | | 10.12.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9499 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to access administration page without authentication. |
| Affected: | | MICROSOFT : Sharepoint Server 2007 | | | | MICROSOFT : Microsoft Search Server 2008 | | CVE: | | CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability.") |
Microsoft Office multiple security vulnerabilities
updated since 10.12.2008 | | Published: | | 11.12.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9493 | | Type: | | client | | Level: | | 8/10 | | Description: | | Multiple memory corruptions on .doc and .xls parsing. |
| Affected: | | MICROSOFT : Office 2000 | | | | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | | | MICROSOFT : Office 2007 | | CVE: | | CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability.") | | | | CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability.") | | | | CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability.") | | | | CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.) | | | | CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability.") | | | | CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.) | | | | CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.) | | | | CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability.") | | | | CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability.") | | | | CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability.") | | | | CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability.") |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 10.12.2008 | | Published: | | 14.12.2008 | | Source: | | | | SecurityVulns ID: | | 9502 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
EZ Publish: privilege escalation from user to CMS Administrator + Privilege escalation from CMS Administrator to system user. |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 10.12.2008 | | Published: | | 29.12.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9496 | | Type: | | client | | Level: | | 9/10 | | Description: | | Multiple memory corruptions. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.") | | | | CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability.") | | | | CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability.") | | | | CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability.") |
|
|
|
|
|
|
|
|
