Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows SafeDisk driver buffer overflow
updated since 20.10.2007
Published:12.12.2007
Source:
SecurityVulns ID:8274
Type:local
Threat Level:
7/10
Description:Buffer overflow in secdrv.sys driver allows code execution in syste, context.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys, as shipped in Microsoft Windows XP and Server 2003, allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL. NOTE: this issue may be the same as CVE-2007-5586, but there are insufficient details to be sure.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-067 – Important Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653) (12.12.2007)
 documentReversemode, [CORRECTED] Microsoft Windows XP SP2/2003 - Macrovision SecDrv.sys privilege escalation (0day) (20.10.2007)
 documentReversemode, Microsoft Windows XP/2003 Macrovision SecDrv.sys privilege escalation (0day) (20.10.2007)
Files:Microsoft Security Bulletin MS07-067 – Important Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege (944653)

squid proxy server DoS
updated since 06.12.2007
Published:12.12.2007
Source:
SecurityVulns ID:8419
Type:remote
Threat Level:
6/10
Description:Invalid cash update reply processing.
Affected:SQUID : Squid 2.6
CVE:CVE-2007-6239 (The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers.)
Original documentdocumentMartin Huter, squids ICAP implementation lacks a defer check when reading from ICAP server (12.12.2007)
 documentSQUID, SQUID-2007:2, Dec 4, 2007 (06.12.2007)

Microsoft Windows Vista SMBv2 packets signature bypass
Published:12.12.2007
Source:
SecurityVulns ID:8433
Type:m-i-t-m
Threat Level:
6/10
Description:Invalid implementation of digital signing.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-5351
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-063 – Important Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) (12.12.2007)
Files:Microsoft Security Bulletin MS07-063 – Important Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

Microsoft Windows Vista ALPC privilege escalation
Published:12.12.2007
Source:
SecurityVulns ID:8436
Type:local
Threat Level:
7/10
Description:Code execution in kernel context with Advanced Local Procedure Call.
CVE:CVE-2007-5350
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-066 – Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) (12.12.2007)
Files:Microsoft Security Bulletin MS07-066 – Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

libnfsidmap / NFS privilege escalation
Published:12.12.2007
Source:
SecurityVulns ID:8439
Type:remote
Threat Level:
5/10
Description:Under some conditions, file owner is determined incorrectly.
CVE:CVE-2007-4135 (Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on SUSE Linux Enterprise 10 has unspecified attack vectors and impact, involving the name to uid translation in NFSv4 name lookups.)
Original documentdocumentMANDRIVA, [ MDKSA-2007:240 ] - Updated libnfsidmap packages fix username lookup flaw (12.12.2007)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 12.12.2007
Published:13.12.2007
Source:
SecurityVulns ID:8438
Type:client
Threat Level:
8/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-5347
 CVE-2007-5344
 CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability.")
 CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability.")
Original documentdocumentIDEFENSE, iDefense Security Advisory 12.11.07: Microsoft Internet Explorer JavaScript setExpression Heap Corruption Vulnerability (13.12.2007)
 documentZDI, ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability (12.12.2007)
 documentZDI, ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption (12.12.2007)
 documentZDI, ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability (12.12.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615) (12.12.2007)
Files:Microsoft Security Bulletin MS07-069 - Critical Cumulative Security Update for Internet Explorer (942615)

Samba buffer overflow
updated since 12.12.2007
Published:16.12.2007
Source:
SecurityVulns ID:8440
Type:remote
Threat Level:
8/10
Description:Buffer overflow in send_mailslot() on parsing domain logon request.
Affected:SAMBA : Samba 3.0
CVE:CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.)
Original documentdocumentSAMBA, [SECURITY] Buffer overrun in send_mailslot() (12.12.2007)
 documentSECUNIA, Secunia Research: Samba "send_mailslot()" Buffer Overflow Vulnerability (12.12.2007)
Files:POC for samba send_mailslot()

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod