Search:Vulnerability:17.02.2010 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Microsoft Windows code execution
updated since 10.02.2010
Published: 17.02.2010
Source: MICROSOFT
SecurityVulns ID: 10605
Type: client
Level: 7/10
Description: URL code injection.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server
CVE: CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability.")

Original document Brett Moore, Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability (17.02.2010)

ZDI, ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability (10.02.2010)

MICROSOFT, Microsoft Security Bulletin MS10-007 - Critical Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) (10.02.2010)

Files: Microsoft Security Bulletin MS10-007 - Critical Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Discuss: Read or add your comments to this news (0 comments)

Huawei HG510 crossite request forgery
Published: 17.02.2010
Source: BUGTRAQ
SecurityVulns ID: 10627
Type: remote
Level: 5/10
Description: Crossite request forgery allows to reboot device.

Affected: HUAWEI : Huawei HG510

Original document ivan.markovic_(at)_netsec.rs, Huawei HG510 CSRF, Auth Bypass, DoS (17.02.2010)

Discuss: Read or add your comments to this news (0 comments)

MIT Kerberos 5 DoS
Published: 17.02.2010
Source: BUGTRAQ
SecurityVulns ID: 10628
Type: remote
Level: 5/10
Description: KDC crash on request processing.

Affected: MIT : krb5 1.7
CVE: CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.)

Original document MIT, MITKRB5-SA-2010-001 [CVE-2010-0283] krb5-1.7 KDC denial of service (17.02.2010)

Discuss: Read or add your comments to this news (0 comments)

OpenOffice buffer overflow
Published: 17.02.2010
Source: BUGTRAQ
SecurityVulns ID: 10629
Type: remote
Level: 6/10
Description: Buffer overflow on Microsoft Word documents parsing.

Affected: OPENOFFICE : OpenOffice 3.1
CVE: CVE-2009-3302 (filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw.")
CVE-2009-3301 (Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.)

Original document VUPEN Security Research, VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities (17.02.2010)

Discuss: Read or add your comments to this news (0 comments)

Enomaly ECP code execution
Published: 17.02.2010
Source: BUGTRAQ
SecurityVulns ID: 10630
Type: m-i-t-m
Level: 5/10
Description: VMCasting payload signing is not implemented during software update process.

Affected: ENOMALY : ECP 3.0

Original document sam.johnston_(at)_aos.net.au, Enomaly ECP: Multiple vulnerabilities in VMcasting protocol & implementation. (17.02.2010)

Discuss: Read or add your comments to this news (0 comments)

test server