The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
b4b1af1414616836794ade27cea928934b749ebd739b732498a4491702561254The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
96288d159c287c058009d8e91825a92c22beb920a6169e740a20af44b919357bThe vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven.
6b511360ce2598e1deb986ad52df1981db6e70d11d4357b2353ea14c01410c67The vulnerability described in this document could hypothetically be exploited by unprivileged code running in a VMware virtual machine (guest) in order to execute code in the host VMX process, thereby breaking out of the virtual machine; however, such exploitation has not been proven. In the event that arbitrary code execution in the VMX process is possible, kernel privileges can be obtained on a Windows host by abusing the VMX process's special access to a VMware driver, meaning the maximum possible impact of this vulnerability is elevation from unprivileged guest code execution to host kernel code execution.
faaa583588ea28e78dd0709b7d226804732abda76965a7dc1e8370600d08440fVMware suffers from a backdoor ROM overwrite privilege escalation vulnerability.
b9592c21e5137b1c05d3912f92d7e5520576843ea7ebeb78d6e4e04c2e626f17Intuit Help System suffers from protocol file retrieval vulnerability.
65677d6250ef2ab1e9b970ddb24217950a01b3edbee65118c3e2ebe4ee508a3dIntuit Help System suffers from protocol URL heap corruption and memory leak vulnerabilities.
28c43548d0a76f1624a1a7bef0b4301fe6ec08af383b75c0a01f373d96370407This is another dirty mitigation for another Internet Explorer zero-day vulnerability. This mitigation works by registering as a Browser Helper Object, then modifying MSHTML.DLL in memory to break createEventObject.
8c85083512e2220e17ed05326b82b0f41b1ad183aa7d0a19e8113810fac21dadThis code was released to mitigate the Microsoft IIS semi-colon vulnerability. It's intended for IIS 4.0, 5.x, and 6.0.
258979f3104b310429262a5ee76831642e3256b938d895463e1848938fa31d00This code is for a DLL that loads into Internet Explorer as a BHO and modifies MSHTML.DLL in memory to mitigate attempts by the getElementsByTagName Body Style vulnerability.
29e82a2de8203195dcfb1971c885efe9081f588afdf4034ea888c3643b4303b7By exploiting either of the VMware flaws described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaws have been proven exploitable on x64 versions of Windows, and they have produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of these flaws on x64 versions of Linux.
00028132b68b6b52ccbf9adca27a78831980d6aa94845933c21f512a28b129b3By exploiting the VMware flaw described in this document, user-mode code executing in a virtual machine may gain kernel privileges within the virtual machine, dependent upon the guest operating system. The flaw has been proven exploitable on x64 versions of Windows, and it has produced potentially exploitable crashes on x64 versions of *BSD. The Linux kernel does not allow exploitation of the flaws on x64 versions of Linux.
bc46bdf127b13616ebd5b44a7bcba711654e92899537c4c70c898cd5d96217a6eEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.
9b1cfee5014a419ac428eac7004f0bbeb5caae72cf8de6073a0fb45a9a602d41eEye Digital Security has discovered a local privilege escalation vulnerability in Windows Vista that allows a program executing without privileges to fully compromise an affected system. A malicious user or malware program could exploit this vulnerability to execute arbitrary code with SYSTEM privileges within the CSRSS process, permitting the bypass of Vista's vaunted user privilege limitations and administrator approval mode. By establishing and closing multiple connections to CSRSS's "ApiPort", an application may cause a private data structure within CSRSS that describes its process to be used after it has been freed, creating an exploitable "dangling pointer" condition. This vulnerability is entirely separate from the CSRSS NtRaiseHardError message box flaw publicly disclosed in December 2006, although both affect code within the CSRSS process. It is interesting to note that this vulnerability only affects Windows Vista, due to new, flawed code added to CSRSRV.DLL in support of functionality introduced in Vista.
9e3f9423f653ac1b326017f5be448337555ba6f9473c7cb24c27270a9d983e2deEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that allows an unprivileged user with the ability to execute a program to fully compromise an affected system. All x86 versions of Windows up to and including Windows Server 2003 SP2 are vulnerable. The Windows kernel's Virtual DOS Machine (VDM) implementation features a race condition through which a malicious program can modify the first 4KB page of physical memory (also known as the "zero page"). The data in this region of memory is trusted and may be subsequently used by other Virtual DOS Machines, including a VDM instantiated by the Windows kernel as part of hibernating or effecting a blue-screen crash. Exploitation of this vulnerability therefore allows arbitrary code to run within other users' VDM processes, and even within the kernel if hibernation or a blue-screen can be provoked by any available means.
caf6c1119af3dab28ff1f2c0a10db34ba618823144b84c2fc3c5d0c70a778133eEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.
6954f6306f926edd1c4a4b0dcac3b5fd90102d5b9255732d3a228f9efd4ef61aeEye Digital Security has discovered a stack buffer overflow in Adobe Download Manager, a utility typically installed for the purpose of downloading Adobe software such as Adobe (Acrobat) Reader. By opening a malicious AOM file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Adobe Download Manager versions 2.1.x and below are affected.
5fe805f75d967bc79ae983d8de02831c3dd55807784e321a24b62a1b32608e17A flaw exists in a default Windows component called the "Workstation Service" that when exploited allows for remote code execution in SYSTEM context, allowing an attacker to take complete control of affected systems. Systems affected include Windows 2000 (Remote Code Execution), Windows XP SP1 (Local Privilege Escalation).
367cc68f34ddc938cf2dcc518afe55cf78d89fa4e11fb54f7de27032d7c6cf8eeEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.
69775c157322e3ccfd4e271a49bc2f9a19813713532ec62e509a70315569839ceEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.
140740018944f8f8fb1cd1ce93819ababbcebc675a58daa37730a7bec43591c1eEye has confirmed that the Internet Explorer crash vulnerability as described in MS06-042 is indeed exploitable.
25511fcd2687aa34d588259c7d6ccedff89b97a4eb9e6853540042e50efcb196eEye Digital Security has discovered a serious flaw within the Framework Service component of the McAfee EPO management console. The Framework service is enabled and running by default on all servers and agents. The framework service listens by default on port 8081 and accepts requests over the HTTP protocol. The framework service allows for remotely submitting configuration and update changes. Each request is encrypted, SHA-1 hashed and DSA signed, and written to a file on disk. Due to a directory traversal attack, it is possible to write any file with any contents to anywhere on the remote system. This flaw allows a remote attacker to anonymously compromise an affected system and execute code within the SYSTEM context. Systems affected are McAfee Common Management (EPO) Agent versions below version 3.5.5.438.
e8932eda7f9807583c185c48202c7d94d5af0ec25e49315aa830489d37bd37edeEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.
192be6a692079e390dfd075f67d40f516ee863e78178cd3506d900f7f78ed647eEye Security Advisory - eEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that could allow any code executing on a Windows NT 4.0 or Windows 2000 system to elevate itself to the highest possible local privilege level (kernel).
833bb985f7ebc68cacbf3f7fb0eeed820e4e83d92d17cfe255f77d5fe1397c4feEye Security Advisory - eEye Digital Security has discovered a vulnerability in Windows SMB client's handling of SMB responses. An attacker who can cause an affected system to connect to the SMB service on a malicious host may exploit this vulnerability in order to execute code on the victim's machine.
fb5cde16136522ffabad3105abe6c68b80f0e9d341455fd15d9d4f83ad98b828
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed