Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.
e3b72455fae8d556eade84f6b95183d9fb3856484b23d09de4ad46012248b887Secunia Research has discovered a security issue in AOL, which can be exploited by malicious, local users to manipulate arbitrary files. The problem is that AOL sets insecure default permissions (grants "Everyone" group "Full Control") on the "America Online 9.0" directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application's files.
7be11af21a27703c6db82025cbfe982e4cd9379f5538e5cc9ebd858f45c303b2Secunia Research has discovered a security issue in PC Tools AntiVirus version 2.1.0.51, which can be exploited by malicious, local users to gain escalated privileges. Successful exploitation allows execution of arbitrary commands with SYSTEM privileges.
83c92f48a356ec3bbbcc54a63e89c46fa42cdc8b58d424b520367adccacb22c9Secunia Research has discovered a vulnerability in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an memory corruption error within the handling of simultaneously happening XPCOM events resulting in the use of a deleted timer object. Successful exploitation allows execution of arbitrary code. Versions below 1.5.0.5 are susceptible.
762ec07c76ea414272e2b2b553bef57a62f2f3d3ca6502c14d0ca71ffef11f14Secunia Research has discovered a vulnerability in FileCOPA, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an integer underflow error in the FTP service (filecpnt.exe) when processing directory arguments passed to certain FTP commands (e.g. "CWD", "DELE", "MDTM", and "MKD"). This can be exploited to cause a stack-based buffer overflow by passing a specially crafted, overly long argument to one of the affected FTP commands. Successful exploitation allows execution of arbitrary code. Versions below 1.01 are affected.
6d3f11d1b2b6f38b433dbc524097d03ff9fd23e22a35197cc06a5f2749b994e8Secunia Research has discovered a vulnerability in Lotus Notes, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the TAR reader (tarrdr.dll) when extracting files from a TAR archive. This can be exploited to cause a stack-based buffer overflow via a TAR archive containing a file with a long filename. Successful exploitation allows execution of arbitrary code, but requires that the user views a malicious TAR archive and chooses to extracts a compressed file to a directory with a very long path (more than 220 bytes). Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
6005828ac70516cca59ccdd67b173d13de808ad823e9db5ee755b74356259601Secunia Research has discovered two boundary condition vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a user's system. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
29f10a8be4d832d76d5eb82cfe358a7b3f93f0c6b5d02a8a2ab7c319b4d1c85bSecunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to directory traversal errors in kvarcve.dll when generating the preview of a compressed file from ZIP, UUE and TAR archives. This can be exploited to delete arbitrary files that are accessible to the Notes user. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
a9bc2a3a0141f79688e6b766ca98f395753401a2d0e8795deb887ac34da40f1fSecunia Research Advisory - Secunia Research has discovered a vulnerability in Yahoo! Messenger, which can be exploited by malicious, local users to gain escalated privileges.
70022251c5a4349b15f90c19fe4600995fd54d38726d166a4046f8dd8ce8a7b1Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
0d382df0752cbac48c63a72e9a6d0b795444e664182c8248c9b7b2b8acb31c4eSecunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Smc.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs on a system with escalated privileges.
85323ae425e47da08beea66a0a16908505ca64951280ffd2c4c34781b5cfdaecSecunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious, local users to gain knowledge of sensitive information.
6d79767ff1e5f5b6058280f3115df61f03044adbe204b87b6fa57a85f52c56c8Secunia Security Advisory - Secunia has discovered a vulnerability in OpenOffice and StarOffice, which can be exploited by malicious, local users to gain knowledge of sensitive information.
3b42a4de1894fb36879f486d5528b9ab61b6508f9397b5b03fc8fee129db81b1Secunia Security Advisory - The FTPServer/X FTP Server Control and COM Object v1.00.045 and v1.00.046 are vulnerable to buffer overflow that results in a denial of service and potentially can enable a remote attacker to gain access to the machine.
0894d97443bbd9d1990dddc0a475b12dff29aa463f6dba9d9b9afdabb6b001ccA vulnerability in the Xeneo Web Server can be exploited by malicious attackers to cause a denial of service due to an error in the handling of requests including a malformed URL encoding representation of a character.
893273caaeca2a5baa326a0456742a7e0d82e24c4657dbd8a249341dabfc93f5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed