 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 12.08.2008 | | Source: |  | | | SecurityVulns ID: |  | 9211 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Contact Form ][: crossite request forgery, crossite scripting. |
Microsoft Access ActiveX file download
updated since 09.07.2008 | | Published: | | 12.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9137 | | Type: | | client | | Level: | | 7/10 | | Description: | | SnapShot Viewer ActiveX allows file download to any location. |
| Affected: |  | MICROSOFT : Office 2000 | | | | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | | | MICROSOFT : Office 2007 | | CVE: |  | CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.) |
| UUDeview symbolic links vulnerability | | Published: | | 12.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9212 | | Type: | | local | | Level: | | 5/10 | | Description: | | Insecure temporary files creation. |
| CVE: | | CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.) |
| Alcatel OmniSwitch switches buffer overflow | | Published: | | 12.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9213 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized Cookie: header in embedded web server. |
| Sun Solaris snoop format string vulnerability | | Published: | | 12.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9214 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Format string vulnerability on SMB traffic parsing. |
| hMailServer IMAP server DoS | | Published: | | 12.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9215 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Memory leak on command execution leads to buffer overflow. |
| Microsoft Windows IPSec policies vulnerability | | Published: | | 12.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9219 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Under certain conditions rules are not applied after Windows 2003 domain is migrated to Windows 2008. |
| Microsoft Windows privilege escalation | | Published: | | 12.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9220 | | Type: | | local | | Level: | | 6/10 | | Description: | | Invalid event handling allows code execution in system context. |
Microsoft Office / Word / Excel / Power Point multiple security vulnerabilities
updated since 12.08.2008 | | Published: | | 13.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9216 | | Type: | | client | | Level: | | 8/10 | | Description: | | Multiple memory corruptions, protection bypass. |
| Affected: | | MICROSOFT : Office 2000 | | | | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | | | MICROSOFT : Office 2007 | | | | MICROSOFT : Office SharePoint Server 2007 | | CVE: | | CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability.") | | | | CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.) | | | | CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability.") | | | | CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability.") | | | | CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.) | | | | CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability.") | | | | CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability.") | | | | CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability.") | | | | CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability.") | | | | CVE-2008-2244 |
| Original document |  | IDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability (13.08.2008) |
| | | IDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability (13.08.2008) |
| | | IDEFENSE, iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability (13.08.2008) |
| | | IDEFENSE, iDefense Security Advisory 08.12.08: Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability (13.08.2008) |
| | | IDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability (13.08.2008) |
| | | IDEFENSE, iDefense Security Advisory 08.12.08: Microsoft Office BMP Input Filter Heap Overflow Vulnerability (13.08.2008) |
| | | ZDI, ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability (13.08.2008) |
| | | MICROSOFT, Microsoft Security Bulletin MS08-051 – Critical Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) Microsoft Security Bulletin MS08-051 – Critical (12.08.2008) |
| | | MICROSOFT, Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090) (12.08.2008) |
| | | MICROSOFT, Microsoft Security Bulletin MS08-043 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066) (12.08.2008) |
| | | MICROSOFT, Microsoft Security Bulletin MS08-042 – Important Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048) (12.08.2008) |
Microsoft Windows color management system memory corruption
updated since 12.08.2008 | | Published: | | 13.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9218 | | Type: | | library | | Level: | | 7/10 | | Description: | | Memory corruption on ICCM management. |
Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.08.2008 | | Published: | | 14.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9217 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Multiple memory corruptions, MHTML crossite scripting. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2008-2259 | | | | CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.) | | | | CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.) | | | | CVE-2008-2256 | | | | CVE-2008-2255 | | | | CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability.") | | | | CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability.") |
Microsoft Messenger unauthorized ActiveX access
updated since 12.08.2008 | | Published: | | 15.08.2008 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9221 | | Type: | | client | | Level: | | 6/10 | | Description: | | Messenger.UIAutomation.1 ActiveX allows access to applciation functionality. |
|
|
|
|
|
|
|
|
