Computer Security
[EN] no-pyccku

libgd graphics library code execution
SecurityVulns ID:7131
Threat Level:
Description:JIS fonts parsing problem in gdImageStringFTEx() function.
Affected:GD : libgd 2.0
 TETEX : tetex 3.0
CVE:CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font.)

Sami HTTP Server DoS
SecurityVulns ID:7132
Threat Level:
Description:Crash on large number of requests to non-existent files.
CVE:CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.)

Sun Solaris kcms_calibrate privilege escalation
SecurityVulns ID:7134
Threat Level:
CVE:CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.)

Microsoft Word 0-day vulnerabilities
updated since 31.01.2007
SecurityVulns ID:7133
Threat Level:
Description:Few unknown vulnerabilities are ussed for hidden malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office 2003
CVE:CVE-2007-0621 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-6456. Reason: This candidate is a duplicate of CVE-2006-6456. It was assigned for a targeted zero-day attack, but further analysis revealed it was for an older issue. Notes: All CVE users should reference CVE-2006-6456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.)
Original documentdocumentMICROSOFT, Microsoft Security Advisory (932114) Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution (03.02.2007)
Files:Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
 Microsoft Security Advisory (932114) Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod