Section: .. / 0807-advisories /
| /// File Name: |
ZDI-08-045.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3219 | | Related CVE(s): | CVE-2008-2317 | | Last Modified: | Jul 25 20:58:18 2008 |
| MD5 Checksum: | fd7eab9f0357ba1ffd8f1eb1b36d1baa |
|
| /// File Name: |
ZDI-08-046.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of the RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in RealPlayer's rjbdll.dll module when handling the deletion of media library files. An attacker could exploit this vulnerability using an ActiveX control {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} to import a vulnerable file into the user's media library. Upon deletion of this file, an exploitable stack based buffer overflow can be triggered.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3360 | | Last Modified: | Jul 25 20:59:17 2008 |
| MD5 Checksum: | 6aee3edef397f5bdbe93bef7b3d46705 |
|
| /// File Name: |
ZDI-08-047.txt |
Description:
|
A vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must visit a malicious web site. The specific flaw exists in the rmoc3260 ActiveX control. Specifying malicious values for the 'Controls' or 'Console' properties with a specific timing results in a memory corruption which can lead to code execution under the context of the current user.
| | Author: | Peter Vreugdenhil | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3576 | | Related CVE(s): | CVE-2008-1309 | | Last Modified: | Jul 25 21:01:42 2008 |
| MD5 Checksum: | c1dc5a2b4f3ec5b589d8087402e03e9d |
|
| /// File Name: |
zonealarm-uhoh.txt |
Description:
|
Apparently, the latest auto update patch KB951748 (for all versions of Windows) cuts connectivity for all users with ZoneAlarm set to 'high' security for the internet zone.
| | File Size: | 1065 | | Last Modified: | Jul 10 04:08:07 2008 |
| MD5 Checksum: | aeb2ff17743d1b83e29b6d8826c314d6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
