EMC AutoStart contains multiple buffer overflow vulnerabilities which can be exploited to potentially cause a denial of service, or possibly, execute arbitrary code within the context of the affected application. Versions 5.3.x and 5.4.x are affected.
c6c9c42100d678b45b46b99d67e332a94acb32e5e795399054df43273d774351iDefense Security Advisory 12.02.08 - Remote exploitation of an integer overflow vulnerability in Sun Microsystems Inc.'s Java JRE could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the font parsing code in the JRE. As part of its font API, the JRE provides the ability to load a font from a remote URL. Various types of fonts are supported, one of which is the TrueType format font. The vulnerability occurs when parsing various structures in TrueType font files. During parsing, values are taken from the file, and without being properly validated, used in operations that calculate the number of bytes to allocate for heap buffers. The calculations can overflow, resulting in a potentially exploitable heap overflow. iDefense has confirmed the existence of this vulnerability in Sun Microsystem Inc.'s Java JRE version 1.6.0_05 for Windows. Previous versions may also be affected.
f6138bd9306284a73b3be3d7781e778c2de99c2305f7e7bac167538fec90f7e1iDefense Security Advisory 10.29.08 - Remote exploitation of multiple integer overflow vulnerabilities in OpenOffice versions 2.4.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the current user. Integer overflow issues exist within the code responsible for parsing multiple EMR records within an EMF file. This allows an attacker to overflow heap memory with data they supplied. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4.1.
fdb454b37d786a9ada30ce36452df4141a400dde4634b766ff1948e16de69370A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Authentication is not required to exploit this vulnerability. The specific flaw exists within dhost.exe, bound by default to TCP port 524. Flawed arithmetic applied to a user-supplied value results in an integer overflow and subsequently a complete stack smash allowing an attacker to execute arbitrary code via SEH redirection.
b8fab3a9c1fe5bdfe8b5490324976c46300330796237327dfa591f6ec5ca1bcbA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user.
199a27adda6f9b915cf6856311e07418574bbd6af52f57dd0a8956c4404ef6a1CA Secure Content Manager contains multiple vulnerabilities in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.
47555d68b8e92edea082d71fedeb7d325edf58e7a50e1aaa6b62fd587d4992bbA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service icihttp.exe running on port 8080. When issuing a request for a FTP service the process tries to decorate the contents of the transaction. In this particular case by specifying a overly long response to a LIST command a stack buffer can be overflowed. Successful exploitation can lead to complete system compromise under the SYSTEM context.
21e34cfd4839c547032ac5c2ccba71e32a4eaf4e2b2c53ce492ba25976122967iDefense Security Advisory 02.12.08 - Remote exploitation of multiple integer overflow vulnerabilities in Adobe Systems Inc.'s Flash Media Server 2 could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. iDefense has confirmed the existence of these vulnerabilities in Flash Media Server 2 version 2.0.4 on Windows. Previous versions, as well as the Linux version, may also be affected.
2e64e8df4dc7951f44406cdbed0622875b0af4ae13a8f0ace23f48943e8de520A vulnerability allows attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw resides in the TSM Express Backup Server service, dsmsvc.exe, which listens by default on TCP port 1500. The process trusts a user-supplied length value. By supplying a large number, an attacker can overflow a static heap buffer leading to arbitrary code execution in the context of the SYSTEM user. Tivoli Storage Manager Express version 5.3 is affected.
d3505a1cd6fd799ea1c25183890de56f606ba71453077a7b318259b08b71a0a0A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Tivoli Storage Manager Express. Authentication is not required to exploit this vulnerability. The specific flaw exists in the dsmcad.exe process bound by default on TCP port 1581. During HTTP header parsing, a host parameter of sufficient length will trigger an overflow through a call to vswprintf(). The call overflows into imported function pointers which are later called. Exploitation of this issue can result in arbitrary code execution.
41dc7af910d285e035e2db4b24819dddbe485c420937ecb6759edbce15736510A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Server Protect. Authentication is not required to exploit this vulnerability. The specific flaw exists within the routine TMregChange() exported by TMReg.dll which is reachable through the custom protocol subcode "\x15\x00\x00\x00". The TCP socket bound to port 5005 receives user-supplied data which is copied without proper bounds checking to a stack-based buffer. Thereby resulting in an exploitable condition.
a7262a963930d57504f98d7fcf0255177975b66c3efc6c0afbf9fb628615c4ffiDefense Security Advisory 07.24.07 - Remote exploitation of a design error vulnerability in Computer Associates International Inc.'s (CA) eTrust Intrusion Detection allows attackers to execute arbitrary code. iDefense has confirmed that CA eTrust Intrusion Detection version 3.0.5 on Windows is vulnerable. The file version of caller.dll tested was 3.0.5.55.
dd433f38cbabc80db9006ffd84b9047b05a53fde7911950b55cdcb6f78112bb8This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is required to exploit this vulnerability. The specific flaw exists due to a lack of bounds checking during the parsing of arguments to the SUBSCRIBE IMAP command sent to the IMAP daemon listening by default on TCP port 143. By providing an overly long string as the argument, an exploitable stack-based buffer overflow occurs.
8279df9e3f6628e382b2c7a5a6be9506ada270ff36959ade2e745ffecec11bc0A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Ipswitch IMail and ICS server. Authentication is not required to exploit this vulnerability. The specific flaw resides in IMailsec.dll while attempting to authenticate users. The affected component is used by multiple services that listen on a default installation. The authentication mechanism copies user-supplied data into fixed length heap buffers using the lstrcpyA() function. The unbounded copy operation can cause a memory corruption resulting in an exploitable condition.
593b634096faa8f05ad818060f65a33e6146a050e4d9a804b7f9cba05849a6d2ZDI-06-006: A buffer overflow exists in the Symantec VERITAS NetBackup Database Manager. Version 6.0 is affected.
3ee80a9ae01e2332c684f620224e12f3b480e4050910a21ee5244747047484baZDI-06-005: A buffer overflow exists in the Symantec VERITAS Volume Manager. Version 6.0 is affected.
8045b164de5ac478c3478881b5766a46f7f5e995c71a48f91d4b1b1c3423b0dciDEFENSE Security Advisory 02.10.06 - Remote exploitation of a denial of service vulnerability in IBM Corp.'s Lotus Domino LDAP server allows attackers to crash the service, thereby preventing legitimate access. iDEFENSE is currently unaware of exploits for this vulnerability other than those maintained by iDEFENSE Labs. iDEFENSE has confirmed the existence of this vulnerability in Lotus Domino Server version 6.5.4. It is suspected that earlier versions of Lotus Domino Server are also affected.
c45653cf3886d3f477b01cb3a76974e40c800c7765026772b1b9d2302717805fiDEFENSE Security Advisory 12.06.05 - Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service, thereby preventing legitimate use. The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit. iDEFENSE has confirmed the existence of this vulnerability in Ipswitch IMail 8.2.
e5d1bd2f932ad64040c064cb10b1600cfc02038904b8a0fd03bccc78a73df522ZDI-05-003: Novell Netmail IMAPD suffers from buffer overflows. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netmail. Authentication is required to exploit this vulnerability. Affected Products: Novell Netmail 3.5.2.
a6c8579fcaac421e0684e535024d5416f00bfb87093bdcb05e5735e03d9dc6c9
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed