Computer Security
[EN] securityvulns.ru no-pyccku


FreeBSD privilege escalation
Published:14.07.2010
Source:
SecurityVulns ID:10989
Type:local
Threat Level:
5/10
Description:Under some conditions it's possible to bypass read-onyy flag for mbuf pages.
Affected:FREEBSD : FreeBSD 8.0
 FREEBSD : FreeBSD 7.3
 FREEBSD : FreeBSD 8.1
CVE:CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-10:07.mbuf (14.07.2010)

Microsoft Windows Help and Support Center code execution
Published:14.07.2010
Source:
SecurityVulns ID:10990
Type:client
Threat Level:
7/10
Description:Code injection via URL.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-042 - Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593) (14.07.2010)
Files:Microsoft Security Bulletin MS10-042 - Critical Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)

Microsoft Windows Canonical Display integer overflow
Published:14.07.2010
Source:
SecurityVulns ID:10991
Type:library
Threat Level:
7/10
Description:Integer overflow on image displaying.
Affected:MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-043 - Critical Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) (14.07.2010)
Files:Microsoft Security Bulletin MS10-043 - Critical Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)

Microsoft Access security vulnerabilities
Published:14.07.2010
Source:
SecurityVulns ID:10992
Type:client
Threat Level:
7/10
Description:Multiple memory corruptions.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability.")
 CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability.")
Original documentdocumentZDI, ZDI-10-117: Microsoft Office Access AccWizObjects ActiveX Control Uninitialized Imports Remote Code Execution Vulnerability (14.07.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-044 - Critical Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) (14.07.2010)
Files:Microsoft Security Bulletin MS10-044 - Critical Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

Microsoft Outlook code execution
updated since 14.07.2010
Published:15.07.2010
Source:
SecurityVulns ID:10993
Type:client
Threat Level:
7/10
Description:It's possible to execute file from UNC resource by sending reference to file as ATTACH_BY_REFERENCE attachment.
Affected:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability.")
Original documentdocumentAkita Software Security, Outlook PR_ATTACH_METHOD file execution vulnerability (15.07.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-045 - Important Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) (14.07.2010)
Files:Microsoft Security Bulletin MS10-045 - Important Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod