Computer Security
[EN] securityvulns.ru no-pyccku


OpenOffice NULL pointer dereference
updated since 17.01.2010
Published:19.01.2010
Source:
SecurityVulns ID:10525
Type:local
Threat Level:
4/10
Description:NULL pointer dereference on CSV and SLK files parsing.
Affected:OPENOFFICE : OpenOffice 3.1
Original documentdocumentkarakorsankara_(at)_hotmail.com, OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability (19.01.2010)
 documentkarakorsankara_(at)_hotmail.com, Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability (17.01.2010)

MySQL multiple security vulnerabilities
Published:19.01.2010
Source:
SecurityVulns ID:10531
Type:m-i-t-m
Threat Level:
5/10
Description:Certificate spoofing, privilege escalation, DoS.
Affected:ORACLE : MySQL 5.0
 ORACLE : MySQL 5.1
CVE:CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.)
 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.)
 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.)
Original documentdocumentMANDRIVA, [ MDVSA-2010:012 ] mysql (19.01.2010)

AOL ActiveX buffer overflow
Published:19.01.2010
Source:
SecurityVulns ID:10532
Type:client
Threat Level:
6/10
Description:Buffer overflow in BindToFile method.
Affected:AOL : AOL 9.5
Original documentdocumentkarakorsankara_(at)_hotmail.com, AOL 9.5 ActiveX Heap Overflow Vulnerability (19.01.2010)

Sogou privilege escalation
Published:19.01.2010
Source:
SecurityVulns ID:10533
Type:local
Threat Level:
5/10
Description:It's possible to launch explorer with Local System rights.
Affected:SOGOU : Sogou 4.3
Original documentdocumentk4mr4n_St_(at)_yahoo.com, 0day vulnerability Sogou input method to obtain system privileges (19.01.2010)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.01.2010
Source:
SecurityVulns ID:10534
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:EZCONTENTS : ezContents 2.0
 ROUNDCUBE : Roundcube Webmail 0.2
 ZENOSS : Zenoss 2.3
 XOOPS : Xoops 2.4
CVE:CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.)
 CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.)
Original documentdocumentadmin_(at)_bugreport.ir, Blaze Apps Multiple Vulnerabilities (19.01.2010)
 documentadmin_(at)_bugreport.ir, ezContents CMS Multiple Vulnerabilities (19.01.2010)
 documentMANDRIVA, [ MDVSA-2010:015 ] roundcubemail (19.01.2010)
 documentCodeScan Labs, Multiple Vulnerabilities in XOOPS 2.4.3 and earlier (19.01.2010)
 documentAdam Baldwin, Zenoss Multiple Admin CSRF (19.01.2010)

Microsoft Internet Explorer Multiple security vulnerabilities
updated since 19.01.2010
Published:23.01.2010
Source:
SecurityVulns ID:10530
Type:client
Threat Level:
8/10
Description:0-day use-after-free vulnerability on createEventObject processing: <body onload="for(var i=0; i!=10000; i++) ev.srcElement"> <img src=. onerror="ev=createEventObject(event); outerHTML++">, Multiple memory corruptions.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.)
 CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.)
 CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.)
 CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability.")
 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability.")
Original documentdocumentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability (23.01.2010)
 documentZDI, ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability (22.01.2010)
 documentZDI, ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability (22.01.2010)
 documentZDI, ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability (22.01.2010)
 documentZDI, ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability (22.01.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer (978207) (22.01.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-021A -- Microsoft Internet Explorer Vulnerabilities (22.01.2010)
 documentds.adv.pub_(at)_gmail.com, Code to mitigate IE event zero-day (CVE-2010-0249) (19.01.2010)
Files:mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day
 Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution
 Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer (978207)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod