Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Word multiple security vulnerabilities
Published:14.05.2008
Source:
SecurityVulns ID:8989
Type:remote
Threat Level:
7/10
Description:Memory coruption on RTF parsing, memory corruption on CSS parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Word Viewer 2003
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.)
 CVE-2008-1091
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.13.08: Microsoft Word CSS Processing Memory Corruption Vulnerability (14.05.2008)
 documentZDI, ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability (14.05.2008)
 documentMICROSOFT, ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability (14.05.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207) (14.05.2008)
Files:Microsoft Security Bulletin MS08-026 – Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)

Microsoft Jet engine buffer overflow
Published:14.05.2008
Source:
SecurityVulns ID:8991
Type:library
Threat Level:
7/10
Description:Buffer overflow on MDB files request handling.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file. NOTE: this might be the same issue as CVE-2005-0944.)
Original documentdocumentDVLabs, TPTI-08-04: Microsoft Office Jet Database Engine Column Parsing Stack Overflow Vulnerability (14.05.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-028 – Critical Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749) (14.05.2008)
Files:Microsoft Security Bulletin MS08-028 – Critical Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)

Microsoft antiviral applications multiple security vulnerabilities
Published:14.05.2008
Source:
SecurityVulns ID:8992
Type:remote
Threat Level:
6/10
Description:Multiple DoS conditions on different file formats parsing.
CVE:CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.)
 CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.)
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS08-029 – Moderate Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044) (14.05.2008)
Files:Microsoft Security Bulletin MS08-029 – Moderate Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)

Microsoft Windows I2O driver privilege escalation
Published:14.05.2008
Source:
SecurityVulns ID:8993
Type:local
Threat Level:
5/10
Description:\\.\I2OExc device weak permissions, IOCTL data insufficient validation.
Affected:MICROSOFT : Windows XP
CVE:CVE-2008-0322
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.12.08: Microsoft Windows I2O Filter Utility Driver (i2omgmt.sys) Local Privilege Escalation Vulnerability (14.05.2008)

Common Data Format library buffer overflow
Published:14.05.2008
Source:
SecurityVulns ID:8995
Type:library
Threat Level:
5/10
Description:Buffer overflow in Read32s_64() function.
Affected:NASA : CDF 3.2
CVE:CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.)
Original documentdocumentGENTOO, [ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code (14.05.2008)

Cisco Building Broadband Service Manager Captive Portal crossite scripting
Published:14.05.2008
Source:
SecurityVulns ID:8996
Type:remote
Threat Level:
5/10
Description:Crossite scripting with http://host/ekgnkm/AccessCodeStart.asp?msg=%3Cscript%3Ealert(%22XSS%22);%3C/script%3E
CVE:CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager (BBSM) Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.)
Original documentdocumentBrad Antoniewicz, Cisco BBSM Captive Portal Cross-site Scripting (14.05.2008)

Adobe Distiller buffer overflow
Published:14.05.2008
Source:
SecurityVulns ID:8997
Type:client
Threat Level:
5/10
Description:Buffer overflow on .joboptions file parsing.
Affected:ADOBE : Acrobat Distiller 8
Original documentdocumentPaul Craig, Malformed Acrobat Distiller 8 .joboptions (14.05.2008)

libid3tag library endless loop
Published:14.05.2008
Source:
SecurityVulns ID:8998
Type:library
Threat Level:
5/10
Description:Endless loop on MP3 files parsing.
Affected:LIBID3TAG : libid3tag 0.15
CVE:CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\0', which triggers an infinite loop.)
Original documentdocumentGENTOO, [ GLSA 200805-15 ] libid3tag: Denial of Service (14.05.2008)

Cisco Unified Communications Manager DoS
Published:14.05.2008
Source:
SecurityVulns ID:8999
Type:remote
Threat Level:
6/10
Description:DoS against Certificate Trust List (CTL) Provider (TCP/2444), Certificate Authority Proxy Function (CAPF) (TCP/3804), SIP and SNMP TRAP.
Affected:CISCO : Cisco Unified Communications Manager 5.1
 CISCO : Cisco Unified Communications Manager 4.1
 CISCO : Cisco Unified Communications Manager 4.2
 CISCO : Cisco Unified Communications Manager 4.3
 CISCO : Cisco Unified Communications Manager 6.1
CVE:CVE-2008-1747
 CVE-2008-1746
 CVE-2008-1745
 CVE-2008-1744
 CVE-2008-1743
 CVE-2008-1742

Linux distributives OpenSSH / OpenSSL weak random generator
updated since 14.05.2008
Published:15.05.2008
Source:
SecurityVulns ID:8994
Type:library
Threat Level:
6/10
Description:Weak random generation in Debian-based distributives (Debian, Ubuntu).
CVE:CVE-2008-0166
Original documentdocumentmm_(at)_deadbeef.de, Debian generated SSH-Keys working exploit (15.05.2008)
 documentUBUNTU, [USN-612-1] OpenSSL vulnerability (14.05.2008)
 documentUBUNTU, [USN-612-2] OpenSSH vulnerability (14.05.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod