Section: .. / 0708-advisories /
| /// File Name: |
MDKSA-2007-163.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause koffice to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16106 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 15 06:09:17 2007 |
| MD5 Checksum: | c03879506124d8aec6fa9fbbf84a69a8 |
|
| /// File Name: |
ZDI-07-048.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method available on the TextNode JavaScript object. When specific parameters are passed to the method, an integer overflow occurs causing incorrect memory allocation. If this event occurs after a different ActiveX object has been instantiated, an exploitable condition is created when the ActiveX object is deallocated which can result in the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3487 | | Related CVE(s): | CVE-2007-2223, CVE-2007-2224 | | Last Modified: | Aug 15 06:08:06 2007 |
| MD5 Checksum: | 9a7d42f20417e9c389822017a06dc9e5 |
|
| /// File Name: |
ZDI-07-047.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while decompressing skin files (.WMZ and .WMD) with malformed headers. During this process the malformed values are used to improperly calculate data which can later allow an attacker to execute code under the rights of the current user.
| | Author: | Piotr Bania | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2929 | | Related CVE(s): | CVE-2007-3035 | | Last Modified: | Aug 15 06:06:41 2007 |
| MD5 Checksum: | 7c1d938cfe76e2cfb9b9a52fc4e8fcb3 |
|
| /// File Name: |
ZDI-07-046.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of malformed skin files (WMZ). A size compressed / decompressed size mismatch can result in an under allocated heap buffer which can be leveraged by an attacker to eventually execute arbitrary code under the context of the current user.
| | Author: | Piotr Bania | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3295 | | Related CVE(s): | CVE-2007-3037 | | Last Modified: | Aug 15 06:05:13 2007 |
| MD5 Checksum: | 84f2d95dea182d5d542a792c2aad1a40 |
|
| /// File Name: |
TA07-226A.txt |
Description:
|
Technical Cyber Security Alert TA07-226A - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4667 | | Last Modified: | Aug 15 05:53:51 2007 |
| MD5 Checksum: | 5b3f94b1afad87da35c15909715d82cc |
|
| /// File Name: |
EEYE-META.txt |
Description:
|
eEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows metafiles. If an application attempts to display a malicious metafile in a particular way, a heap overflow will occur and result in the execution of arbitrary code, with the privileges of the user who ran the application.
| | Author: | Yuji Ukai | | Homepage: | http://www.eeye.com/ | | File Size: | 3545 | | Last Modified: | Aug 15 05:52:25 2007 |
| MD5 Checksum: | 9e707c6278e188ec419fcf7199605bd1 |
|
| /// File Name: |
EEYE-VGX.txt |
Description:
|
eEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.
| | Author: | Ben Nagy, Derek Soeder | | Homepage: | http://www.eeye.com/ | | File Size: | 4904 | | Last Modified: | Aug 15 05:51:30 2007 |
| MD5 Checksum: | fea740cde6f8973d252aea667a630098 |
|
| /// File Name: |
sa26449.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26449/ | | File Size: | 4222 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 0f520f8e8c3915d9506e8d2e068da034 |
|
| /// File Name: |
sa26447.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26447/ | | File Size: | 7709 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 7bdd5f54eea44030e9bf275cbcbb4cc8 |
|
| /// File Name: |
sa26444.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Virtual PC and Virtual Server, which can be exploited by malicious, local users to gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26444/ | | File Size: | 3565 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 0ce87eb6caede1bbdb9a75124460c8f8 |
|
| /// File Name: |
sa26439.txt |
Description:
|
Secunia Security Advisory - Three vulnerabilities have been reported in Microsoft Windows Vista, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26439/ | | File Size: | 3411 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 7d7521c51c1704bf1e41c7c05570060f |
|
| /// File Name: |
sa26433.txt |
Description:
|
Secunia Security Advisory - Two vulnerabilities have been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26433/ | | File Size: | 4213 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | ff2727a8be60987aa61e5e8e69b10d07 |
|
| /// File Name: |
sa26423.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26423/ | | File Size: | 3827 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 1d2af7a899cb5bcc67d76ae10792266d |
|
| /// File Name: |
sa26419.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26419/ | | File Size: | 5023 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | b7a6587c870ccef8d217944034743a09 |
|
| /// File Name: |
sa26409.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26409/ | | File Size: | 5585 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | 7a49577a575ad4a8b3aacdcc15f37f24 |
|
| /// File Name: |
sa26145.txt |
Description:
|
Secunia Security Advisory - Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26145/ | | File Size: | 3646 | | Last Modified: | Aug 15 04:09:30 2007 |
| MD5 Checksum: | bbd18f69253375cd6a8b7fae764869d2 |
|
| /// File Name: |
linux-signal.txt |
Description:
|
The Linux 2.4 and 2.6 kernel series suffer from a flaw where an unprivileged local user may send arbitrary signals to a child process despite security restrictions.
| | Author: | Wojciech Purczynski | | File Size: | 3357 | | Last Modified: | Aug 14 19:57:17 2007 |
| MD5 Checksum: | 23b2c89639dc24156d051cc99606bf03 |
|
| /// File Name: |
deskpro-inject.txt |
Description:
|
DeskPRO versions 3.0.2 and below suffer from multiple HTML injection vulnerabilities.
| | Author: | Doz | | Homepage: | http://www.hackerscenter.com/ | | File Size: | 2036 | | Last Modified: | Aug 14 19:55:08 2007 |
| MD5 Checksum: | d04763849bcb360522af9ca41540f0fd |
|
| /// File Name: |
USN-497-1.txt |
Description:
|
Ubuntu Security Notice 497-1 - Lasse Kärkkäinen discovered that the Xfce Terminal did not correctly escape shell meta-characters during "Open Link" actions. If a remote attacker tricked a user into opening a specially crafted URI, they could execute arbitrary commands with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5384 | | Related CVE(s): | CVE-2007-3770 | | Last Modified: | Aug 14 19:53:31 2007 |
| MD5 Checksum: | 13ab212b8888bcc78c6cb3f91ba65e36 |
|
| /// File Name: |
CVE-2007-3385.txt |
Description:
|
Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle \ characters in cookies.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1116 | | Related CVE(s): | CVE-2007-3385 | | Last Modified: | Aug 14 19:51:00 2007 |
| MD5 Checksum: | 846987ee0b172de5c9ceed8820d4d3e1 |
|
| /// File Name: |
CVE-2007-3382.txt |
Description:
|
Tomcat versions 3.3 to 3.3.2, 4.1.0 to 4.1.36, 5.0.0 to 5.0.30, 5.5.0 to 5.5.24, and 6.0.0 to 6.0.13 suffer from an information leak disclosure in the way they handle ' characters in cookies.
| | Author: | Mark Thomas | | Homepage: | http://tomcat.apache.org/ | | File Size: | 1199 | | Related CVE(s): | CVE-2007-3382 | | Last Modified: | Aug 14 19:49:55 2007 |
| MD5 Checksum: | e769d1ddacd3998454816444672d0674 |
|
| /// File Name: |
MDKSA-2007-161.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause poppler to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6200 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 19:46:34 2007 |
| MD5 Checksum: | 1ddfb844a0e010bc390fc82cfa167984 |
|
| /// File Name: |
MDKSA-2007-160.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause pdftohtml to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2846 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 19:43:50 2007 |
| MD5 Checksum: | 397ed1aba510834d880dd0ec6ec06549 |
|
| /// File Name: |
MDKSA-2007-159.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause gpdf to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2424 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 19:43:20 2007 |
| MD5 Checksum: | ad7c71e6ee4c270a104e17026140e69d |
|
| /// File Name: |
MDKSA-2007-158.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause xpdf to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3978 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 14 19:42:47 2007 |
| MD5 Checksum: | a1ece8107dd103f05f3f507001a088dd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
