Article discussing file management security issues in Microsoft Windows Vista/2003/XP/2000.
af2416acea7784325eb7b5e5fd487071fe970b7a59fd3bfa82407217ee7559d8Exploit that demonstrates the vulnerability in ReadDirectoryChangesW() for Microsoft Windows 2000/XP/2003/Vista.
4478745e135e06387cd47d9eeaa660d45d71036448847dcdbc5d5e4abacc8449ReadDirectoryChangesW() in Microsoft Windows 2000/XP/2003/Vista does not check a user's permissions for child objects, making it possible to retrieve information about objects that a user has no LIST permissions for.
28c243a93150e7391b8dd5ee991fbdddfc48cde9df598f7cf90b32d70425b91aMicrosoft Visual C++ version 8.0 suffers from a denial of service condition.
f7fe00818ea85c70a2896433664c42f3b88ce3298aa19b8e8bdf63471623ff38Hewlett-Packard Network Node Manager version 7.50 suffers from a weak file permission vulnerability.
18e604d9ebe27727202f140e225b76db05ea8dd755422272552f40dd75b95143Microsoft Windows XP/2003/Vista suffers from a memory corruption flaw.
705bd57347d0e6a7a932a0cbc5376bb71bc6bb86572f00fc641439dee19e2f8ePanda Platinum Internet Security 2006/2007 suffers from multiple vulnerabilities. Insecure file permissions allow an unprivileged local user the ability to obtain system-level access or access to account of another logged on user. Insecure design of the spam filtering control engine allows remote attackers to control bayesian self learning spam filtering process using a malicious web page.
64bf6b4e76147fd07e6e28bffb2aa61bd8df71d79c186dd1e124d9eb55b2dbacUnder some conditions, the ICQ client is vulnerable to remote script injection into the My Computer Security Zone of the Internet Explorer component used to display advertisement banners.
c1b734689902bb448560a2eb96f4343e17e937067a337cfa835e1a669561f972The design flow in the way The Bat! 2.x displays messages allows attackers to spoof RFC 822 headers and more.
ad0f681bcad8c9274be2769c052fb5e6dbf1f003fec29f7f9f7f7d1023ba0bdcSPIDynamics WebInspect is susceptible to cross-application scripting attacks.
1015978531e7b0bc37dd7eef03b9bb70913a12479637df33e68b9197fcf36a51The InternetCreateUrlW function of wininet.dll, a core component of Internet Explorer, is vulnerable to a buffer overflow attack when the source buffer is copied into the destination buffer using WideCharToMultiByte. In practice this is probably only useful for Denial of Service attacks (if that) and still requires some social-engineering to actually exploit this.
ff53458ff1c02389c39168172c59ac6ab1cbb62bfdb0fc78469a4dc9190da6caMultiple applications that suffer from the fd_set overflow vulnerability can be exploited remotely.
98b5664dadec4af4304274a5d8ca405f190f86ac380dc5aa853abbe0b1aeb28fPresentation: Bypassing client application protection techniques with notepad.
e4f987378606cf9b7a1349994610bfb96d53d4405cc8e13e837a7a2766319313White paper discussing the fact that many modern networks are extremely dependant on a centralized time resource and the negative aspects of a network not having one.
5002e772d9e24ac5abaeb58ec0059d55af71c592417b69d56aac8c3ecc92433dKaspersky Antivirus (KAV) crashes when it tries access a path that has more the 256 characters. In addition to this vulnerability, a long path can be used to hide malware. Also, malware with specially crafted names are not detected by this anti-virus product. Tested on Kaspersky Antivirus 4.0.9.0.
6949810c13d2cba2796d0abbbae6962016128aba3acc695195bdaa032d0e85b3It has been found that the Far file manager does not handle path names correctly. This can result in a buffer overflow condition that allows code execution. An example script to crash Far 1.70beta1 and 1.70beta4 is included. The Far developers (Rarlab) will fix this in version 1.70beta5.
3c005022589cdd7f5a8b111e3c1376932e2a7aa5e26e42083ce66606bbf95efbNbtstream.c is a NetBIOS session request flooder which exploits the bug discussed in MS00-091. Causes unpatched Windows machines to hang or crash.
fcf420233e3df4916cfd60c2f95d68644e51e1aad9d9aa681177af92eecb8c2fThe Bat! v1.48f and below has a client side vulnerability which allows malicious mail messages to add any files in any directory on the disk where user stores his attachments.
1adbf87e7851d5d7a9b23c17e6184b5d212a67dbc7d0715a21f84ca3f403a183
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed