eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the Windows Media Player 9 AVI movie DirectX component that allows memory at an arbitrary address to be modified when a specially crafted AVI file is played. Exploitation of this vulnerability can allow the execution of attacker-supplied code on a victim's system with the privileges of the user who attempted to open the movie file. This vulnerability has been identified in a component of DirectX.
a87f037c194fc9f1bd764ccbf3d7b854412d07eb18190c6a967d1ebfe483a8ab
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way a Microsoft Design Tools COM object allocates and uses heap memory. An attacker could design a web page or HTML document that exploits the vulnerability in order to execute arbitrary code on the system of a user who views it.
b4712c870bdcac60468002316153f70a792b81b9fe6c673800af6b3c5d03b1bd
eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the Windows Plug and Play Service that would allow an unprivileged user to execute arbitrary code with SYSTEM privileges on a remote Windows 2000 or XP SP1 system. On Windows XP SP2, this vulnerability could be exploited by an unprivileged user to gain full privileges on a system to which he is logged in interactively.
846bcdcac256df0db0e4e7c5c0a2e07e6e237430fc7f1965fc0222d7ee188ed3
eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC) service that would allow an anonymous attacker to take complete control over an affected system. MSDTC listens on TCP port 3372 and a dynamic high TCP port, and is enabled by default on all Windows 2000 systems.
337058a7bf5cc5f2e313c072c885bd813f962b1a071b4babbe28a29cef9196a1