Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
ba54e9780a47cbb9ac825fb26ba0fcde7c0734880a7eec64089b018ed29a2036Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
f9a9de57b6faceeb2d7116e3bbd81eb59d6cb237692bb06b5afcdb428702f9d2Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
29ad95481579f1764c96d5a3b905c173447d7638ad22ab0b3fad3310e1033f40Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
79ff156cf917fb691f4b17bdbfad5cb0a6cc061edf41a7bcd72b346f6913a832Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
c8af127dc81e18677064ef66428dd5b8386a0ce6358af637f1bbae03414a1ae4Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in AcroForm.api when parsing GIF image data. This can be exploited to bypass a size check to cause a heap-based buffer overflow when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
132e0aa8ecbd7c96905b34789b2bbad53e50f5a3acad72b9b20a5a3a66b81d08Secunia Research has discovered a vulnerability in Creative Software AutoUpdate Engine 2 ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in a callback function used when handling the "BrowseFolder()" method. This can be exploited to cause a stack-based buffer overflow via an overly long string argument. Successful exploitation allows execution of arbitrary code.
1a040ae272823bb9fc4aa52549e6a4a529563663d6e0d78a153410b3c765b0cfSecunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an uninitialised variable being used as size argument when copying data during parsing of certain record types. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
c7fcd27a138d8c91931ffa1bad82d555dfeda766e681520b3975edc5474fedb9Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to insufficient input validation when parsing a certain record type. This may lead to a variety of errors, including corruption of data on the stack. Successful exploitation may allow execution of arbitrary code. Microsoft Excel 2002 is affected.
3317b05f07d3375ba69a0a88550df747e13c68c010f5503c80c416ee969ba63aSecunia Research has discovered a vulnerability in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when handling file paths and can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Microsoft Powerpoint 2002 is affected.
4ab67aead2a10a87a263653a9e1d2c62ed128edce724d1df60f7bca4e22e07dcSecunia Research has discovered a vulnerability in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a use-after-free error when trying to display a blocked pop-up window while navigating away from the current site. Successful exploitation may allow execution of arbitrary code. Version 3.0.195.38 is affected.
ca51a53be3e2be60a135aef75af0e1b2b44ab80b91e0ccfa337b8c33ef7be350Secunia Research has discovered a vulnerability in Flash Player distributed with certain versions of Windows XP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.
e8fe4e0af5b93e0d9bbfa1967f643e5a9513e596229ed6ea1e8b573d47934a1cSecunia Research has discovered a vulnerability in PDF-XChange Viewer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in PDFXCview.exe when parsing certain content and can be exploited to corrupt memory via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code when a user views a malicious PDF document. Version 2.0.42.9 is affected.
36f2f06b262e07847556ef576c5b785fa57619456184ad7d88d279bc75e296b6Secunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the parsing of certain time information and can be exploited to cause a stack-based buffer overflow via overly long strings passed to certain parameters and methods. Successful exploitation allows execution of arbitrary code when a user e.g. views a malicious web page.
eda12f9edd3a280e8c371650a98aa6cb2763e17eee0ae0743c3b314aac748bbfSecunia Research has discovered a vulnerability in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in ienipp.ocx when parsing the "target-frame" parameter and can be exploited to cause a stack-based buffer overflow via an overly long parameter value. Successful exploitation allows execution of arbitrary code when a user e.g. views a malicious web page.
b4604ef429d5e02dec7ad4fc93d21a10093ecd4a51bd0650e12b69bef2b19eb3Secunia Research has discovered a vulnerability in Roxio Creator, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by an integer overflow error when allocating memory for an image based on its dimensions and can be exploited to corrupt memory via a specially crafted image. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 9.0.136. Other versions may also be affected.
aa1d7d38b3ac656754502464027ad8686c281e6dfc986744e5ee5e409c0baf60Secunia Research has discovered a vulnerability in Lateral Arts Photobox uploader ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error when parsing URLs. This can be exploited to cause a stack-based buffer overflow via an overly long string assigned to a number of properties (e.g. "LogURL", "ConnectURL", "SkinURL", "AlbumCreateURL", "ErrorURL", and "httpsinglehost"). Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. The vulnerability is confirmed in version 2.2.0.6. Other versions may also be affected.
9d8d86dda126c1b780b660c3791afd6754a9098c7af3833b073cd5be307b80beSecunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing the number of colours used in a bitmap image. This can be exploited to cause a heap-based buffer overflow via a specially crafted bitmap image. Successful exploitation may allow execution of arbitrary code.
7ac964e9487782914de260d54de860d87bab4cfc1cce6ada1a75a68e768c7a21Secunia Research has discovered a vulnerability in Firefox, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a race condition when accessing the private data of an NPObject JS wrapper class object if navigating away from a web page while loading a Java applet. This can be exploited via a specially crafted web page to use already freed memory. Successful exploitation may allow execution of arbitrary code. Firefox versions 3.0.7, 3.0.8, and 3.0.9 for Windows with JRE 6 Update 13 are affected.
59a414dd2e58d6c33945c4e0a4203f55a583994a9ddb89946f7965278edcebe0Secunia Research has discovered a vulnerability in Microsoft PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in the Microsoft PowerPoint Freelance Windows 2.1 Translator (FL21WIN.DLL) when parsing layout information and can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. PowerPoint versions 2000 and 2002 are affected.
22e975308c0ce027d9e39e4535bd0a9f2d93941d6c5b6b5aca2bf4ccf6d78cb0Secunia Research has discovered a vulnerability in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when processing the number of strings in a file and can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation allows execution of arbitrary code. Microsoft Office Excel 2003 is affected.
0251d077d2031e1be742cc7ddd46fb1a1e943fa6b34bd0b48d23aaf5025773a5Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an array-indexing error when processing certain records. This can be exploited to corrupt memory via a specially crafted Excel file. Successful exploitation may allow execution of arbitrary code. Microsoft Office Excel 2000 is affected.
7725b19dd8e3e0acbaaf264cb1ac14822f245b9d54a2da1fd520fa26383caf23Secunia Research has discovered a vulnerability in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the parsing of Sorenson Video 3 content. This can be exploited to corrupt memory by tricking a user into viewing a specially crafted movie file. Successful exploitation may allow execution of arbitrary code. Apple QuickTime version 7.60 is vulnerable.
2e8725bc5e81954431c94cc73cb01854f146743cc2a8cba41eb8c54fdb5a54c7Secunia Research has discovered two vulnerabilities in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors when processing certain atoms and can be exploited to cause stack-based buffer overflows via a specially crafted PowerPoint file. Successful exploitation allows execution of arbitrary code. Microsoft PowerPoint 2000 SP3 is affected.
565f67468c3c6a9e5fa87b11ec3c1f0615fbcd97493d26b020d6d08c6e7b34abSecunia Research has discovered a vulnerability in Danske Bank Danske e-Sec Control Module ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in DanskeSikker.ocx within an error logging function. This can be exploited to cause a stack-based buffer overflow by passing overly long input to certain methods when the ActiveX control has been initialised in a specific manner. Successful exploitation allows execution of arbitrary code when e.g. visiting a malicious web site. Version 3.1.0.48 of DanskeSikker.ocx is affected.
0c49f548014bf47c1e0f20a22462665573baebd5130752d4f8f8b83d773e45d4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed