Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.
e3b72455fae8d556eade84f6b95183d9fb3856484b23d09de4ad46012248b887
Secunia Research has discovered a security issue in AOL, which can be exploited by malicious, local users to manipulate arbitrary files. The problem is that AOL sets insecure default permissions (grants "Everyone" group "Full Control") on the "America Online 9.0" directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application's files.
7be11af21a27703c6db82025cbfe982e4cd9379f5538e5cc9ebd858f45c303b2
Secunia Research has discovered a security issue in PC Tools AntiVirus version 2.1.0.51, which can be exploited by malicious, local users to gain escalated privileges. Successful exploitation allows execution of arbitrary commands with SYSTEM privileges.
83c92f48a356ec3bbbcc54a63e89c46fa42cdc8b58d424b520367adccacb22c9
Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events resulting in the use of a deleted timer object. Successful exploitation allows execution of arbitrary code. Versions below 1.5.0.5 are susceptible.
762ec07c76ea414272e2b2b553bef57a62f2f3d3ca6502c14d0ca71ffef11f14
Secunia Research has discovered a vulnerability in FileCOPA, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an integer underflow error in the FTP service (filecpnt.exe) when processing directory arguments passed to certain FTP commands (e.g. "CWD", "DELE", "MDTM", and "MKD"). This can be exploited to cause a stack-based buffer overflow by passing a specially crafted, overly long argument to one of the affected FTP commands. Successful exploitation allows execution of arbitrary code. Versions below 1.01 are affected.
6d3f11d1b2b6f38b433dbc524097d03ff9fd23e22a35197cc06a5f2749b994e8
Secunia Research has discovered a vulnerability in Lotus Notes, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the TAR reader (tarrdr.dll) when extracting files from a TAR archive. This can be exploited to cause a stack-based buffer overflow via a TAR archive containing a file with a long filename. Successful exploitation allows execution of arbitrary code, but requires that the user views a malicious TAR archive and chooses to extracts a compressed file to a directory with a very long path (more than 220 bytes). Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
6005828ac70516cca59ccdd67b173d13de808ad823e9db5ee755b74356259601
Secunia Research has discovered two boundary condition vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
29f10a8be4d832d76d5eb82cfe358a7b3f93f0c6b5d02a8a2ab7c319b4d1c85b
Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to directory traversal errors in kvarcve.dll when generating the preview of a compressed file from ZIP, UUE and TAR archives. This can be exploited to delete arbitrary files that are accessible to the Notes user. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
a9bc2a3a0141f79688e6b766ca98f395753401a2d0e8795deb887ac34da40f1f
Secunia Research Advisory - Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.
70022251c5a4349b15f90c19fe4600995fd54d38726d166a4046f8dd8ce8a7b1
Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
0d382df0752cbac48c63a72e9a6d0b795444e664182c8248c9b7b2b8acb31c4e
Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Smc.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs on a system with escalated privileges.
85323ae425e47da08beea66a0a16908505ca64951280ffd2c4c34781b5cfdaec
Secunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
6d79767ff1e5f5b6058280f3115df61f03044adbe204b87b6fa57a85f52c56c8
Secunia Security Advisory - Secunia has discovered a vulnerability in OpenOffice and StarOffice, which can be exploited by malicious, local users to gain knowledge of sensitive information.
3b42a4de1894fb36879f486d5528b9ab61b6508f9397b5b03fc8fee129db81b1
Secunia Security Advisory - The FTPServer/X FTP Server Control and COM Object v1.00.045 and v1.00.046 are vulnerable to buffer overflow that results in a denial of service and potentially can enable a remote attacker to gain access to the machine.
0894d97443bbd9d1990dddc0a475b12dff29aa463f6dba9d9b9afdabb6b001cc
A vulnerability in the Xeneo Web Server can be exploited by malicious attackers to cause a denial of service due to an error in the handling of requests including a malformed URL encoding representation of a character.
893273caaeca2a5baa326a0456742a7e0d82e24c4657dbd8a249341dabfc93f5