Search:Vulnerability:14.05.2008 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Microsoft Word multiple security vulnerabilities
Published: 14.05.2008
Source: MICROSOFT
SecurityVulns ID: 8989
Type: remote
Level: 7/10
Description: Memory coruption on RTF parsing, memory corruption on CSS parsing.

Affected: MICROSOFT : Office 2000
MICROSOFT : Office 2003
MICROSOFT : Office 2004 for Mac
MICROSOFT : Office 2007
MICROSOFT : Word Viewer 2003
MICROSOFT : Office 2008 for Mac
CVE: CVE-2008-1434
CVE-2008-1091

Original document IDEFENSE, iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability (14.05.2008)

ZDI, ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability (14.05.2008)

MICROSOFT, ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability (14.05.2008)

document MICROSOFT, Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (14.05.2008)

Files: Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows I2O driver privilege escalation
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8993
Type: local
Level: 5/10
Description: \\.\I2OExc device weak permissions, IOCTL data insufficient validation.

Affected: MICROSOFT : Windows XP
CVE: CVE-2008-0322

Original document IDEFENSE, iDefense Security Advisory 05.12.08: Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability (14.05.2008)

Discuss: Read or add your comments to this news (0 comments)

libid3tag library endless loop
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8998
Type: library
Level: 5/10
Description: Endless loop on MP3 files parsing.

Affected: LIBID3TAG : libid3tag 0.15
CVE: CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.)

Original document GENTOO, [ GLSA 200805-15 ] libid3tag: Denial of Service (14.05.2008)

Discuss: Read or add your comments to this news (0 comments)

Cisco Unified Communications Manager DoS
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8999
Type: remote
Level: 6/10
Description: DoS against Certificate Trust List (CTL) Provider (TCP/2444), Certificate Authority Proxy Function (CAPF) (TCP/3804), SIP and SNMP TRAP.

Affected: CISCO : Cisco Unified Communications Manager 5.1
CISCO : Cisco Unified Communications Manager 4.1
CISCO : Cisco Unified Communications Manager 4.2
CISCO : Cisco Unified Communications Manager 4.3
CISCO : Cisco Unified Communications Manager 6.1
CVE: CVE-2008-1747
CVE-2008-1746
CVE-2008-1745
CVE-2008-1744
CVE-2008-1743
CVE-2008-1742

Discuss: Read or add your comments to this news (0 comments)

Microsoft Publisher memory corruption
Published: 14.05.2008
Source: MICROSOFT
SecurityVulns ID: 8990
Type: client
Level: 5/10
Description: .PUB files memory corruption on embedded objects parsing.

Affected: MICROSOFT : Office 2000
MICROSOFT : Office XP
MICROSOFT : Office 2003
MICROSOFT : Office 2007
CVE: CVE-2008-0119

Original document cocoruder, Microsoft Office Publisher PUB File Parsing Remote Memory Corruption Vulnerability (14.05.2008)

MICROSOFT, Microsoft Security Bulletin MS08-027 – Critical Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208) (14.05.2008)

Files: Microsoft Security Bulletin MS08-027 – Critical Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Jet engine buffer overflow
Published: 14.05.2008
Source: MICROSOFT
SecurityVulns ID: 8991
Type: library
Level: 7/10
Description: Buffer overflow on MDB files request handling.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
CVE: CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file. NOTE: this might be the same issue as CVE-2005-0944.)

Original document DVLabs, TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability (14.05.2008)

MICROSOFT, Microsoft Security Bulletin MS08-028 – Critical Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) (14.05.2008)

Files: Microsoft Security Bulletin MS08-028 – Critical Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)
Discuss: Read or add your comments to this news (0 comments)

Common Data Format library buffer overflow
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8995
Type: library
Level: 5/10
Description: Buffer overflow in Read32s_64() function.

Affected: CDF : cdf 3.2
CVE: CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.)

Original document GENTOO, [ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code (14.05.2008)

Discuss: Read or add your comments to this news (0 comments)

Cisco Building Broadband Service Manager Captive Portal crossite scripting
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8996
Type: remote
Level: 5/10
Description: Crossite scripting with http://host/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E

CVE: CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.)

Original document Brad Antoniewicz, Cisco BBSM Captive Portal Cross-site Scripting (14.05.2008)

Discuss: Read or add your comments to this news (0 comments)

Microsoft antiviral applications multiple security vulnerabilities
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8992
Type: remote
Level: 6/10
Description: Multiple DoS conditions on different file formats parsing.

CVE: CVE-2008-1438
CVE-2008-1437

Original document MICROSOFT, Microsoft Security Bulletin MS08-029 – Moderate Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044) (14.05.2008)

Files: Microsoft Security Bulletin MS08-029 – Moderate Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
Discuss: Read or add your comments to this news (0 comments)

Adobe Distiller buffer overflow
Published: 14.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8997
Type: client
Level: 5/10
Description: Buffer overflow on .joboptions file parsing.

Affected: ADOBE : Acrobat Distiller 8

Original document Paul Craig, Malformed Acrobat Distiller 8 .joboptions (14.05.2008)

Discuss: Read or add your comments to this news (0 comments)

Linux distributives OpenSSH / OpenSSL weak random generator
updated since 14.05.2008
Published: 15.05.2008
Source: BUGTRAQ
SecurityVulns ID: 8994
Type: library
Level: 6/10
Description: Weak random generation in Debian-based distributives (Debian, Ubuntu).

CVE: CVE-2008-0166

Original document mm_(at)_deadbeef.de, Debian generated SSH-Keys working exploit (15.05.2008)

UBUNTU, [USN-612-1] OpenSSL vulnerability (14.05.2008)

UBUNTU, [USN-612-2] OpenSSH vulnerability (14.05.2008)

Discuss: Read or add your comments to this news (0 comments)