Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows multiple security vulnerabilities
Published:20.08.2012
Source:
SecurityVulns ID:12514
Type:remote
Threat Level:
9/10
Description:RDP user-after-free, Remote Administration Protocol multiple security vulnerabilities, Print Spooler Service format string vulnerability, user-after-free in win32k.sys.
CVE:CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability.")
 CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Remote Desktop Protocol Vulnerability.")
 CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Stack Overflow Vulnerability.")
 CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka "Remote Administration Protocol Heap Overflow Vulnerability.")
 CVE-2012-1851 (Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability.")
 CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability.")
Original documentdocument[email protected], NGS00288 Patch Notification: Windows Remote Desktop Memory Corruption Leading to RCE on XP SP3 (20.08.2012)
Files:Microsoft Security Bulletin MS12-053 - Critical Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135)
 Microsoft Security Bulletin MS12-054 - Critical Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594)
 Microsoft Security Bulletin MS12-055 - Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847)

GIMP script-fu buffer overflow
updated since 03.06.2012
Published:20.08.2012
Source:
SecurityVulns ID:12397
Type:local
Threat Level:
5/10
Description:Buffer overflow on message parsing, shell execution.
Affected:GNU : gimp 2.6
CVE:CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.)
 CVE-2012-2763 (Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.)
Original documentdocumentresearch_(at)_reactionis.co.uk, GIMP Scriptfu Python Remote Command Execution (20.08.2012)
 documentJoseph Sheridan, script-fu buffer overflow in GIMP 2.6 (03.06.2012)

Microsoft Exchange Server WebReady Document Viewing multiple security vulnerabilities
Published:20.08.2012
Source:
SecurityVulns ID:12515
Type:remote
Threat Level:
7/10
Description:Multiple vulnerabilities in embedded Oracle Outside In technology.
Affected:MICROSOFT : Exchange 2007
 MICROSOFT : Exchange 2010
CVE:CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
Files:Microsoft Security Bulletin MS12-058 - Critical Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358)

Microsoft Visio buffer overflow
Published:20.08.2012
Source:
SecurityVulns ID:12516
Type:local
Threat Level:
4/10
Description:Buffer overflow on DXF files prasing.
Affected:MICROSOFT : Visio 2010
 MICROSOFT : Visio Viewer 2010
CVE:CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability.")
Original documentdocumentZDI, ZDI-12-143 : Microsoft Visio DWGDP MTEXT Remote Code Execution Vulnerability (20.08.2012)

Microsoft Windows multiple security vulnerabilities
updated since 13.06.2012
Published:20.08.2012
Source:
SecurityVulns ID:12405
Type:remote
Threat Level:
7/10
Description:Code execution via .Net, kernel and different kernel drivers privilege escalation.
CVE:CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability.")
 CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability.")
 CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability.")
 CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.)
 CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.)
 CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability.")
 CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.)
 CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Original documentdocumentZDI, ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability (20.08.2012)
Files:Microsoft Security Bulletin MS12-038 - Critical Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
 Microsoft Security Bulletin MS12-041 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
 Microsoft Security Bulletin MS12-042 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

Oracle Java multiple security vulnerabilities
updated since 15.02.2012
Published:20.08.2012
Source:
SecurityVulns ID:12205
Type:library
Threat Level:
8/10
Description:14 different vulnerabilities.
Affected:ORACLE : JDK 6
 ORACLE : JDK 7
CVE:CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.)
 CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.)
 CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.)
 CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.)
 CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721.)
 CVE-2012-1721 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1722.)
 CVE-2012-1720 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.)
 CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect integrity, related to CORBA.)
 CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect availability via unknown vectors related to Security.)
 CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.)
 CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.)
 CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, 1.4.2_37 and earlier, and JavaFX 2.1 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to CORBA.)
 CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment.)
 CVE-2012-0508 (Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX, 1.3.0 and earlier, and 1.2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2012-0507 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.)
 CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.)
 CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.)
 CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install and the Java Update mechanism.)
 CVE-2012-0503 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.)
 CVE-2012-0502 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.)
 CVE-2012-0501 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect availability via unknown vectors.)
 CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and JavaFX 2.0.2 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier; and JavaFX 2.0.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.)
 CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.)
 CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.)
Original documentdocumentZDI, ZDI-12-142 : Oracle Java WebStart Browser Argument Injection Remote Code Execution Vulnerability (20.08.2012)
 documentSecurity Explorations, [SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE (17.06.2012)
 documentZDI, ZDI-12-083 : Oracle Java OpenAL Library Pointer Manipulation Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-081 : Oracle Java GlueGen Arbitrary Native Library Loading Remote Code Execution Vulnerability (13.06.2012)
 documentnoreply_(at)_telus.com, TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution (15.02.2012)
Files:Oracle Java SE Critical Patch Update Advisory - February 2012
 Oracle Java SE Critical Patch Update Advisory - June 2012

Apple Mac OS X multiple security vulnerabilities
Published:20.08.2012
Source:
SecurityVulns ID:12518
Type:remote
Threat Level:
8/10
Description:Multiple vulnerabilities in different subsystems.
Affected:APPLE : MacOS X 10.7
CVE:CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.)
 CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.)
 CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.)
 CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.)
 CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.)
 CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.)
 CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.)
 CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.)
 CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.)
 CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key.)
 CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.)
 CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.)
 CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.)
 CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.)
 CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.)
 CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.)
 CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.)
 CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.)
 CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.)
 CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.)
 CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.)
 CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device.)
 CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.)
 CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.)
 CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.)
 CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.)
 CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.)
 CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive.)
 CVE-2011-1777 (Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image.)
 CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.)
 CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.)
 CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, 1.8.8dev, 1.9.1 through 1.9.1-430, 1.9.2 through 1.9.2-136, and 1.9.3dev allows local users to delete arbitrary files via a symlink attack.)
 CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.)
Original documentdocumentZDI, ZDI-12-137 : Apple Mac OS X libsecurity_cdsa_plugin Malloc Integer Truncation Remote Code Execution Vulnerability (20.08.2012)
Files:APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002

Apple QuickTime multiple security vulnerabilities
updated since 31.10.2011
Published:20.08.2012
Source:
SecurityVulns ID:12002
Type:remote
Threat Level:
7/10
Description:Multiple memory corruption on different multimedia formats parsing, crossite scripting.
Affected:APPLE : QuickTime 7.7
CVE:CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.)
 CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.)
 CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.)
 CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.)
 CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.)
 CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.)
 CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.)
 CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.)
 CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.)
 CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.)
 CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.)
 CVE-2011-3218 (The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.)
Original documentdocumentZDI, ZDI-12-136 : Apple QuickTime Invalid Public Movie Atom Remote Code Execution Vulnerability (20.08.2012)
 documentZDI, ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability (09.01.2012)
 documentZDI, ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability (11.12.2011)
 documentZDI, ZDI-11-316 : Apple QuickTime H264 Matrix Conversion Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-315 : Apple QuickTime FLC Delta Decompression Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-314 : Apple Quicktime PnPixPat PatType 3 Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-312 : Apple QuickTime Atom Hierarachy Argument Size Mismatch Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-313 : Apple QuickTime FLC RLE Packet Count Decompression Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-311 : Apple Quicktime Empty URL Data Handler Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-303 : Apple QuickTime H264 Stream frame_cropping Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-304 : Apple Quicktime Advanced Audio Codec Frame Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentAPPLE, APPLE-SA-2011-10-26-1 QuickTime 7.7.1 (31.10.2011)

McAfee SmartFilter Administration Server code execution
Published:20.08.2012
Source:
SecurityVulns ID:12519
Type:remote
Threat Level:
6/10
Description:Code excution via RMI services.
Affected:MCAFEE : SmartFilter Administration 4.2
Original documentdocumentZDI, ZDI-12-140 : McAfee SmartFilter Administration Server SFAdminSrv.exe JBoss RMI Remote Code Execution Vulnerabilty (20.08.2012)

SAP Crystal Reports buffer overflow
Published:20.08.2012
Source:
SecurityVulns ID:12520
Type:remote
Threat Level:
7/10
Description:Buffer overflow on network data parsing.
Original documentdocumentZDI, ZDI-12-139 : SAP Crystal Reports crystalras.exe OBUnmarshal Remote Code Execution Vulnerability (20.08.2012)

SAP Business Objects Financial Consolidation ActiveX buffer overflow
Published:20.08.2012
Source:
SecurityVulns ID:12521
Type:client
Threat Level:
5/10
Description:CtAppReg.dll buffer overflow.
Original documentdocumentZDI, ZDI-12-138 : SAP Business Objects Financial Consolidation CtAppReg.dll username Remote Code Execution Vulnerability (20.08.2012)

Wireshark security vulnerabilities
updated since 13.08.2012
Published:20.08.2012
Source:
SecurityVulns ID:12509
Type:remote
Threat Level:
5/10
Description:Few different DoS conditions in NFS and PPP dissectors.
Affected:WIRESHARK : Wireshark 1.4
CVE:CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.)
 CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.)
 CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.)
 CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.)
 CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet.)
 CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries.)
 CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length.)
 CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.)
 CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message.)
 CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.)
 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.)
Original documentdocumentMANDRIVA, [ MDVSA-2012:135 ] wireshark (20.08.2012)
 documentMANDRIVA, [ MDVSA-2012:125 ] wireshark (13.08.2012)

Microsoft Internet Explorer multiple security vulnerabilities
Published:20.08.2012
Source:
SecurityVulns ID:12513
Type:client
Threat Level:
8/10
Description:Memory corruptions, integer overflow, function pointer corruption.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability.")
 CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka "JavaScript Integer Overflow Remote Code Execution Vulnerability.")
 CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a malformed virtual function table after this table's deletion, aka "Virtual Function Table Corruption Remote Code Execution Vulnerability.")
 CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Asynchronous NULL Object Access Remote Code Execution Vulnerability.")
 CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability.")
Original documentdocumentds.adv.pub_(at)_gmail.com, Internet Explorer Script Interjection Code Execution (20.08.2012)
Files:Microsoft Security Bulletin MS12-052 - Critical Cumulative Security Update for Internet Explorer (2722913)
 Microsoft Security Bulletin MS12-056 - Important Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)

Cisco IOS XR DoS
Published:20.08.2012
Source:
SecurityVulns ID:12522
Type:remote
Threat Level:
5/10
Description:Crash on received packet processing.
Affected:CISCO : Cisco 9000
CVE:CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series devices allows remote attackers to cause a denial of service (packet transmission outage) via a crafted packet, aka Bug IDs CSCty94537 and CSCtz62593.)
Files:Cisco IOS XR Software Route Processor Denial of Service Vulnerability

rssh restrictions bypass
Published:20.08.2012
Source:
SecurityVulns ID:12523
Type:local
Threat Level:
5/10
Description:It's possible to execute shell commands.
Affected:RSSH : rssh 2.3
CVE:CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2530-1] rssh security update (20.08.2012)

emacs protection bypass
Published:20.08.2012
Source:
SecurityVulns ID:12524
Type:local
Threat Level:
4/10
Description:"enable-local-variables" doesn't work.
CVE:CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.)
Original documentdocumentSLACKWARE, [slackware-security] emacs (SSA:2012-228-02) (20.08.2012)

libotr multiple buffer overflows
Published:20.08.2012
Source:
SecurityVulns ID:12525
Type:library
Threat Level:
6/10
Description:multiple heap overflows.
Affected:LIBOTR : libotr 3.2
CVE:CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.)
Original documentdocumentUBUNTU, [USN-1541-1] libotr vulnerability (20.08.2012)

Microsoft libraries security vulnerabilities
updated since 20.08.2012
Published:18.09.2012
Source:
SecurityVulns ID:12517
Type:library
Threat Level:
5/10
Description:MSCOMCTL.OCX ActiveX code execution.
Affected:MICROSOFT : SQL Server 2000
 MICROSOFT : Commerce Server 2002
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Visual Basic 6.0
 MICROSOFT : SQL Server 2005
 MICROSOFT : Host Integration Server 2004
 MICROSOFT : Visual FoxPro 8.0
 MICROSOFT : Visual FoxPro 9.0
 MICROSOFT : Office 2010
 MICROSOFT : SQL Server 2008
 MICROSOFT : Commerce Server 2007
 MICROSOFT : Commerce Server 2009
CVE:CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN - Microsoft Windows Common Controls MSCOMCTL.OCX Use-after-free (CVE-2012-1856 / MS12-060) (18.09.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod