Computer Security

Search:Vulnerability:16.09.2008
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows DoS
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9293
Type:remote
Level:5/10
Description:Uninitialized memory reference on WRITE_ANDX SMB request handling.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
Original documentdocumentj.v.vallejo_(at)_gmail.com, Microsoft Windows WRITE_ANDX SMB command handling Kernel DoS (16.09.2008)
Discuss:Read or add your comments to this news (0 comments)

InstallShield Update Services server spoofing
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9295
Type:m-i-t-m
Level:4/10
Description:Server's identity is not checked during update rules download.
CVE:CVE-2008-1093
Original documentdocumentBrian Dowling, InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely. (16.09.2008)
Discuss:Read or add your comments to this news (0 comments)

Baidu Hi instant messenger integer overflow
updated since 14.09.2008
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9287
Type:remote
Level:5/10
Description:Integer overflow on encrypted message decyphering causes buffer overflow.
Original documentdocumentLi Gen, Baidu Hi IM client software DoS bug, div zero make client crash (16.09.2008)
 documentLi Gen, Baidu Hi IM software parsing plaintext stack overflow (14.09.2008)
Discuss:Read or add your comments to this news (0 comments)

Nokia e90 phone Wi-Fi DoS
updated since 14.09.2008
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9288
Type:remote
Level:5/10
Description:Device crash on malformed Wi-Fi frame.
Affected:NOKIA : Nokia E90
Original documentdocumentwins.mallow_(at)_gmail.com, Re: Fwd: Nokia e90 (Probably, and other devices with s60v3) Crashes (16.09.2008)
 documentwins mallow, Fwd: Nokia e90 (Probably, and other devices with s60v3) Crashes (14.09.2008)
Discuss:Read or add your comments to this news (0 comments)

Unreal game engine multiple security vulnerabilities
updated since 15.09.2008
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9289
Type:remote
Level:5/10
Description:Server integer overflow, client format string vulnerability.
Affected:UNREAL : Unreal Tournament 2003
 UNREAL : Unreal Tournament 3 1.3
 FUELOFWAR : Fuel of War 1.1
Original documentdocumentaluigi_(at)_autistici.or, Failed assertion in the Unreal engine (16.09.2008)
 documentLuigi Auriemma, Clients format strings in the Unreal engine (15.09.2008)
 documentLuigi Auriemma, Server termination in the Unreal engine 3 (15.09.2008)
Files:Exploits server termination in Unreal engine 3
 Exploits Client format string in Unreal engine
 Unreal engine test server
Discuss:Read or add your comments to this news (0 comments)

Apple QuickTime multiple security vulnerabilities
updated since 10.09.2008
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9281
Type:client
Level:7/10
Description:Integer overflow on PICT parsing, memory corruptions on STSZ, MDAT and H.264 parsing. Buffer overflows on AVC1 and Panorama PDAT parsing.
Affected:APPLE : QuickTime Player 7.4
 APPLE : QuickTime 7.4
CVE:CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.)
 CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.)
 CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.)
 CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView elements in panorama track PDAT atoms.)
 CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.)
 CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.)
Original documentdocumentNGSSoftware Insight Security Research Advisory (NISR), Critical Vulnerability in Apple Quicktime’s Indeo Codec (16.09.2008)
 documentZDI, ZDI-08-057: Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability (12.09.2008)
 documentZDI, ZDI-08-060: Apple QuickTime AVC1 Atom Parsing Heap Overflow Vulnerability (10.09.2008)
 documentZDI, ZDI-08-059: Apple QuickTime STSZ Atom Parsing Heap Corruption Vulnerability (10.09.2008)
 documentZDI, ZDI-08-058: Apple QuickTime Panorama PDAT Atom Parsing Buffer Overflow Vulnerability (10.09.2008)
 documentZDI, ZDI-08-062: Apple QuickTime MDAT Frame Parsing Memory Corruption Vulnerability (10.09.2008)
 documentZDI, ZDI-08-061: Apple QuickTime Player H.264 Parsing Heap Corruption Vulnerability (10.09.2008)
 documentIDEFENSE, iDefense Security Advisory 09.09.08: Apple QuickTime PICT Integer Overflow Vulnerability (10.09.2008)
Discuss:Read or add your comments to this news (0 comments)

Landesk QIP Server buffer overflow
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9294
Type:remote
Level:6/10
Description:Buffer overflow on TCP/12175 packet parsing.
CVE:CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request, related to the StringToMap and StringSize arguments.)
Original documentdocumentDVLabs, TPTI-08-06: Landesk QIP Server Service Heal Packet Buffer Overflow (16.09.2008)
Discuss:Read or add your comments to this news (0 comments)

Airtel ADSL modems backdoor
Published:16.09.2008
Source:BUGTRAQ
SecurityVulns ID:9296
Type:remote
Level:5/10
Description:Undocumented accounts 'user' and 'support'.
Original documentdocumentshr_(at)_birmiwal.net, Security flaw in Airtel DSL modems (16.09.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server