Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office applications multiple security vulnerabilities
updated since 10.02.2010
Published:12.02.2010
Source:
SecurityVulns ID:10602
Type:client
Threat Level:
7/10
Description:Buffer overflow on Microsoft office files parsing, multiple memory corruptions on Microsoft PowerPoint fiels parsing.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
CVE:CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow.")
 CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability.")
 CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability.")
 CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability.")
 CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability.")
 CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability.")
 CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability (12.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability (12.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability (12.02.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010)
 documentZDI, ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability (10.02.2010)
 documentZDI, TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability (10.02.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability (10.02.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) (10.02.2010)
Files:Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
 Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.02.2010
Source:
SecurityVulns ID:10613
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OTRS : otrs 2.4
CVE:CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.)
Original documentdocumentMustLive, Vulnerability in phpAdsNew, OpenAds and OpenX (12.02.2010)
 documentRaphael Geissert, [SECURITY] [DSA 1993-1] New otrs2 packages fix SQL injection (12.02.2010)
 documentTrustwave Advisories, Trustwave's SpiderLabs Security Advisory TWSL2010-001 (12.02.2010)
 documentMaciej Gojny, SQL injection vulnerability in apemCMS (12.02.2010)

HP DreamScreen information leak
Published:12.02.2010
Source:
SecurityVulns ID:10615
Type:remote
Threat Level:
5/10
Affected:HP : DreamScreen 100
 HP : DreamScreen 130
CVE:CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors.)
Original documentdocumentHP, [security bulletin] HPSBPI02507 SSRT100012 rev.2 - HP DreamScreen, Remote Disclosure of Information (12.02.2010)

HP ProLiant Support Pack multiple security vulnerabilities
Published:12.02.2010
Source:
SecurityVulns ID:10616
Type:remote
Threat Level:
5/10
Description:Code execution, information leak.
Affected:HP : ProLiant Support Pack 8.30
Original documentdocumentHP, [security bulletin] HPSBMA02488 SSRT100013 rev.1 - HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure (12.02.2010)

Opera / Mozilla / Internet Explorer DoS
updated since 12.02.2010
Published:01.05.2012
Source:
SecurityVulns ID:10614
Type:client
Threat Level:
5/10
Description:Large number of nested tags leads to buffer overflow.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 OPERA : Opera 10.10
 MOZILLA : Firefox 11.0
 OPERA : Opera 10.62
Original documentdocumentMustLive, DoS vulnerabilities in Firefox, Internet Explorer and Opera (01.05.2012)
 documentInj3ct0r.com, Opera <= 10.10 Remote Denial of Service Exploit (12.02.2010)
Files:Opera <= 10.10 Remote Denial of Service Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod