Section: .. / 0708-advisories /
| /// File Name: |
ZDI-07-046.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user.
| | Author: | Piotr Bania | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3295 | | Related CVE(s): | CVE-2007-3037 | | Last Modified: | Aug 15 06:05:13 2007 |
| MD5 Checksum: | 84f2d95dea182d5d542a792c2aad1a40 |
|
| /// File Name: |
ZDI-07-047.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user.
| | Author: | Piotr Bania | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2929 | | Related CVE(s): | CVE-2007-3035 | | Last Modified: | Aug 15 06:06:41 2007 |
| MD5 Checksum: | 7c1d938cfe76e2cfb9b9a52fc4e8fcb3 |
|
| /// File Name: |
ZDI-07-048.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3487 | | Related CVE(s): | CVE-2007-2223, CVE-2007-2224 | | Last Modified: | Aug 15 06:08:06 2007 |
| MD5 Checksum: | 9a7d42f20417e9c389822017a06dc9e5 |
|
| /// File Name: |
ZDI-07-049.txt |
Description:
|
Multiple vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of EMC Networker. Authentication is not required to exploit this vulnerability.
| | Author: | Tenable Network Security | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3282 | | Related CVE(s): | CVE-2007-3618 | | Last Modified: | Aug 21 22:47:48 2007 |
| MD5 Checksum: | 73df57f0606605ed45fd5cc1e84e1ea6 |
|
| /// File Name: |
zoidboom2.txt |
Description:
|
Zoidcom versions 0.6.7 and below suffer from a denial of service vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | zoidboom2.zip | | File Size: | 1475 | | Last Modified: | Aug 15 06:31:41 2007 |
| MD5 Checksum: | d78b4b2d3d04444addb4af32ce2522a6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
