 |
|
|
|
Microsoft Excel multiple security vulnerabilities
updated since 10.06.2009 | | Published: |  | 14.06.2009 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 9978 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Multiple buffer overflows, memory and pointers corruptions. |
| Affected: |  | MICROSOFT : Office 2000 | | | | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | | | MICROSOFT : Office 2004 for Mac | | | | MICROSOFT : Office 2007 | | | | MICROSOFT : Office 2008 for Mac | | CVE: |  | CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability.") | | | | CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability.") | | | | CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability.") | | | | CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability.") | | | | CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability.") | | | | CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability.") | | | | CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability.") |
Windows print spooler multiple security vulnerabilities
updated since 10.06.2009 | | Published: | | 14.06.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9979 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Buffer overflow, unauthorized files access, privilege escalation with dynamic library loading. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | | | MICROSOFT : Windows 2008 Server | | CVE: | | CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability.") | | | | CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability.") | | | | CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability.") |
| FreeBSD information leak | | Published: | | 14.06.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9987 | | Type: | | local | | Level: | | 5/10 | | Description: | | Integer overflow on pipe implementation allows reading data from another process' memory. |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 14.06.2009 | | Published: | | 14.06.2009 | | Source: | | | | SecurityVulns ID: | | 9990 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
Apache Tomcat multiple security vulnerabilities
updated since 05.06.2009 | | Published: | | 14.06.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9965 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Information leak, user enumeration, DoS, directory traversal. |
| Affected: | | APACHE : Tomcat 4.1 | | | | APACHE : Tomcat 5.5 | | | | APACHE : Tomcat 6.0 | | CVE: | | CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.) | | | | CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.) | | | | CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.) | | | | CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.) |
F5 FirePass 4100 crossite scripting
updated since 14.11.2007 | | Published: | | 14.06.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8340 | | Type: | | remote | | Level: | | 5/10 | | Description: | | SSL VPN download_plugin.php3, page backurl parameter, my.logon.php3, my.activation.php3 crossite scripting. |
Microsoft Word buffer overflows
updated since 11.06.2009 | | Published: | | 14.06.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9983 | | Type: | | client | | Level: | | 8/10 | | Description: | | Fre different buffer overflows on document parsing. |
| Affected: | | MICROSOFT : Office 2000 | | | | MICROSOFT : Office XP | | | | MICROSOFT : Office 2003 | | | | MICROSOFT : Office 2004 for Mac | | | | MICROSOFT : Office 2007 | | | | MICROSOFT : Office 2008 for Mac | | CVE: | | CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability.") | | | | CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability.") |
| Mozilla Firefox multiple security vulnerabilities | | Published: | | 14.06.2009 | | Source: | | MOZILLA | | SecurityVulns ID: | | 9986 | | Type: | | client | | Level: | | 8/10 | | Description: | | Privilege escalations, crossite scripting, DoS, race conditions, SSL spoofing if HTTP proxy is used, multiple memory corruptions. |
| Affected: | | MOZILLA : Firefox 3.0 | | CVE: | | CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.) | | | | CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.) | | | | CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.) | | | | CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.) | | | | CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.) | | | | CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.) | | | | CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning.) | | | | CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters.) | | | | CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.) | | | | CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction.") | | | | CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.) |
| Original document |  | MOZILLA, Mozilla Foundation Security Advisory 2009-24 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-25 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-26 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-27 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-30 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-28 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-29 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-31 (14.06.2009) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2009-32 (14.06.2009) |
| | | SECUNIA, Secunia Research: Mozilla Firefox Java Applet Loading Vulnerability (14.06.2009) |
| FreeBSD IPv6 interface DoS | | Published: | | 14.06.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9988 | | Type: | | local | | Level: | | 5/10 | | Description: | | Unprivileged user can set options and disable interface. |
| Google Chrome DoS | | Published: | | 14.06.2009 | | Source: | | MustLive | | SecurityVulns ID: | | 9989 | | Type: | | remote | | Level: | | 3/10 | | Description: | | <script>location.hostname = "%";</script> causes endless loop. |
| DX Studio Player Firefox plug-in code execution | | Published: | | 14.06.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9991 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to execute system commands via Javascript API. |
| Affected: | | DXSTUDIO : DX Studio Player 3.0 | | CVE: | | CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.) |
Microsoft Active Directory multiple security vulnerabilities
updated since 09.06.2009 | | Published: | | 14.06.2009 | | Source: | | MICROSOFT | | SecurityVulns ID: | | 9975 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Double free() vulnerability, memory leaks. |
| Affected: | | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | CVE: | | CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability.") | | | | CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.) |
HP OpenView Network Node Manager SNMP code execution
updated since 14.06.2009 | | Published: | | 27.06.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9992 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Bufffer overflow in rping application. |
| Affected: | | HP : OpenView Network Node Manager 7.53 | | CVE: | | CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.) |
|
|
|
|
|
|
|
|
