Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows Media Player multiple security vulnerabilities
Published:15.08.2007
Source:
SecurityVulns ID:8044
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities on skin files parsing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that causes a size mismatch between compressed and decompressed data and triggers a heap-based buffer overflow, aka "Windows Media Player Code Execution Vulnerability Parsing Skins.")
 CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote attackers to execute arbitrary code via a skin file (WMZ or WMD) with crafted header information that is not properly handled during decompression, aka "Windows Media Player Code Execution Vulnerability Decompressing Skins.")
Original documentdocumentZDI, [Full-disclosure] ZDI-07-046: Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability (15.08.2007)
 documentZDI, [Full-disclosure] ZDI-07-047: Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability (15.08.2007)
 documentMICROSOFT, http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx (15.08.2007)

Microsoft Windows Vista gadgets code execution
Published:15.08.2007
Source:
SecurityVulns ID:8045
Type:client
Threat Level:
7/10
Description:Code eexcution with "Contacts" and "Weather" gadgets.
Affected:MICROSOFT : Windows Vista
CVE:CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows Vista allows remote attackers to execute arbitrary code via crafted HTML attributes.)
 CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.)
 CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows Vista allows user-assisted remote attackers to execute arbitrary code via crafted contact information that is not properly handled when it is imported.)
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 08.14.07: Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability (15.08.2007)
 documentMICROSOF, Microsoft Security Bulletin MS07-048 - Important Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123) (15.08.2007)

Microsoft Virtual PC / Virtual Server buffer overflow
Published:15.08.2007
Source:
SecurityVulns ID:8046
Type:local
Threat Level:
7/10
Description:Heap based buffer overflow allows guest operation system user with administrative privileges to execute code on host operation system or another guest operation system.
Affected:MICROSOFT : Virtual PC for Mac 6.1
 MICROSOFT : Virtual PC 2004
 MICROSOFT : Virtual Server 2005
 MICROSOFT : Virtual PC for Mac 7
CVE:CVE-2007-0948
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS07-049 - Important Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986) (15.08.2007)
Files:Microsoft Security Bulletin MS07-049 - Important Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

Live for Speed car racing game multiple security vulnerabilities
Published:15.08.2007
Source:
SecurityVulns ID:8048
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows and DoS conditions.
Affected:LIVEFORSPEED : Live for Speed 0.5
Original documentdocumentLuigi Auriemma, [Full-disclosure] Multiple vulnerabilities in Live for Speed 0.5X10 (15.08.2007)
Files:Exploits Live for Speed Fake Players DoS

Zoidcom library DoS
Published:15.08.2007
Source:
SecurityVulns ID:8049
Type:library
Threat Level:
5/10
Description:Double free() vulnerability on malformed network request.
Affected:ZOIDCOM : Zoidcom 0.6
Original documentdocumentLuigi Auriemma, [Full-disclosure] Crash in Zoidcom 0.6.7 (15.08.2007)
Files:Exploits Zoidcom <= 0.6.7 crash

Babo Violent game multiple security vulnerabilities
Published:15.08.2007
Source:
SecurityVulns ID:8050
Type:remote
Threat Level:
5/10
Description:Crash on UDP packet with malformed data. Format string vulnerability.
Affected:BITHEADS : Babo Violent 2
Original documentdocumentLuigi Auriemma, [Full-disclosure] Multiple vulnerabilities in Babo Violent 2 2.08.00 (15.08.2007)
Files:Exploits Babo Violent 2 <= 2.08.00 multiple vulnerabilities

Mozilla Firefox information leak
Published:15.08.2007
Source:
SecurityVulns ID:8051
Type:client
Threat Level:
6/10
Description:It's possible to read value of any internal variables.
Affected:MOZILLA : Firefox 2.0
Original documentdocumentcarl hardwick, [Full-disclosure] Firefox 2.0.0.6 Remote Variable Leakage vulnerability (15.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod