iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted loop bounds vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests to control the number of iterations of several loops. Inside these loops, various memory operations are performed. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
7f196c84113ddcc385c5d70b854af7778a013336ae974c92f3479d023fc233d8iDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer offset vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as offsets added to valid pointers. The resulting pointer values are then used in various memory operations. Since attackers can control these offset values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
0d4e1180975b5622df56fb55155580852ab845d3afcc3f51f3a7d74e8eddf4eeiDefense Security Advisory 01.15.08 - Remote exploitation of multiple untrusted pointer vulnerabilities in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. When processing requests, SmartSockets uses values from the requests as pointers. These pointer values are then used in various memory operations. Since attackers can control these values, potentially exploitable conditions arise. iDefense has confirmed the existence of these vulnerabilities in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
3786ba1f2c0d443c5ba142c9250af385bc9b7d612652583004e74f0b46076165iDefense Security Advisory 01.15.08 - Remote exploitation of a heap overflow vulnerability in TIBCO Software Inc.'s SmartSockets RTserver may allow an attacker to crash the service or execute arbitrary code with SYSTEM privileges. A heap overflow vulnerability exists within the code responsible for processing requests. Two distinct values from the request are used for the allocation size and the amount of data copied. Since both values are attacker controlled, this can lead to a heap overflow, potentially resulting in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in TIBCO SmartSockets version 6.8.0. Previous versions may also be affected.
d1f2b39e4549949cfc2ea044ba91948441a2d453f40b6a0acbaf1209018892a3iDefense Security Advisory 04.16.07 - Remote exploitation of a buffer overflow vulnerability in Akamai Technologies, Inc's Download Manager ActiveX Control could allow an attacker to execute arbitrary code within the security context of the targeted user. iDefense has confirmed the existence of this vulnerability within version 2.2.0.5 of Akamai Technologies Inc's DownloadManagerV2.ocx. All older versions are suspected to be vulnerable.
bd7c8b62df5ed63b528af4059e2e8c5a5b7a896e5b3d9bc44b6a53e6e38cb804
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed