The TypeLib Information object library, implemented in TlbInf32.dll, suffers from a code execution vulnerability.
e427ba1543206c21303e6311555a57d53749181577fe5dec7f3d533a7b88bb9b
Microsoft Interactive Training suffers from a buffer overflow vulnerability when accessing files with .cbo extensions.
ea92dd141ee858165b4262471ac6a3e5cdc1e188ccf30be4703e290ce93ca574
Microsoft Project Server 2003 suffers from a credential disclosure flaw.
fa2f2f3f3bb5a0c92a34f512db769d4e413bbac140300aea7fa40b9cc9ff0ddc
Hyper Access version 8.4 suffers from multiple command execution vulnerabilities.
f80fc49dfe1d0c19441f024ce5707fa40f9889fac4146b376d88524c20396f30
IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.
5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20a
SiteKiosk versions below 6.5.150 suffer from a validation input flaw that allows for cross site scripting and arbitrary filesystem access.
9ea3f03a84207ff83790149a9ca0b630607738fb4f06654ce25f61c61a9518ee
ColdFusion MX7 suffers from path disclosure, internal IP address disclosure, and cross site scripting vulnerabilities.
55f86e7929a884f0b6dd3f764aaf710b98410a62ad57cf00d38bfc635592b514
A buffer overflow exists in ASP.DLL that can be exploited by creating a .asp file containing a parameter for the include SSI command. Software affected include IIS 5.0, 5.1, and 6.0.
15106fae66f1a64dd28018a095af362d82f101972557818a0a6c8f94dfd36787
During the typical installation of the Windows Skype client, several URI handlers are installed. This allows for easy access to the Skype client through various URI types. Due to a flaw in the handling of one of these types, it is possible to include additional command line switches to be passed to the Skype client. One of these switches will initiate a file transfer, sending the specified file to an arbitrary Skype user. All releases prior to and included 2.0.*.104 and releases 2.5.*.0 to and including 2.5.*.78 are affected.
fe8684d0edbac32afb8e4bff76ec9538762c80234c607c689d1420885cc275e9
Prior to September 6th 2005, the activeX component would install and mark itself 'safe for scripting'. The component offers various methods that when instantiated by a malicious web site, can be used to read files from, or write files to the local computer.
205c2061f89ca6554517260bf21c4e9b70e17a80b61ff8f9dc384b72dfc2fa40
Example predebug code execution exploit, demonstrating how programmers being loaded into debuggers can attack the machine running the debugger. Example showing simple command execution.
76d7d2479d8d488badcb0576ec9f7d6ca96d0d10a0e52cd27298f200805cd49e
Example predebug code execution exploit, demonstrating how programmers being loaded into debuggers can attack the machine running the debugger.
33ca07cc4db8f94578af6e6aae40cf6f4c90465438674f0c1438b9825c9a1273
Bugger the Debugger is a whitepaper written by Brett Moore / Security Assessment describing how malicious code can be forced to run when a binary is loaded into a debugger / disassembler for analysis.
7851a9b8ea114b418d8c7b7f3062dfb64509d5da16aa5223a072c4f2c5333223
A vulnerability in Microsoft HyperTerminal due to a boundary error in the handling of session files and telnet URLs can cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.
d5f48a0b9578759b5f20f38c3291107ddbb5f6e43f50da443fe60a814a424542
Detailed analysis and overview of the Winamp 5.05 vulnerability recently patched.
0f5de7b9ebfaf2752d6409fddc9fe0ca060c3f20c2977f51e0bb33c53aa41958
SecureCRT versions 4.1 and 4.0 suffer from flaws that allow for remote compromise due to links automatically launching the application.
23f493ba4fa09931d770c4c1e637bbc6b6dda5d8dd4f0c52a75179eeb017df5a
SecureCRT v4.1 and below contains a remotely exploitable command execution vulnerability. Patch available here.
80795399469e1e338277c2f037190ee6918aae65b2a141bfe5ab27d0d50dbaf9
A remotely exploitable stack overflow has been found in Winamp version 5.05 and below which allows malformed m3u playlists to execute arbitrary code. Fix available here.
99d0d7a37a9704572d57022f0d3742f404776b272e3755e80703ceb58318934b
When thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.
d3572a90acc842149e47149c8cbb247cdee198ab4f24cd4795627dd7cfba6637
This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.
b85c177e413daeba0b079bcf4270af5caa8ea90d4ca38f90165174415a48ef12
A remote code execution vulnerability exists in the Task Scheduler (mstask.dll) because of an unchecked buffer. Affected Software: Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1.
b178c0fb6e2cf5a365096e5e090fe21dc3fe55636e18842f57f2b7cdfc145164
The HtmlHelp application (hh.exe) in Microsoft windows read a value from a .CHM file to set a length parameter. By setting this to a large value, it is possible to overwrite sections of the heap with attacker supplied values. Affected software includes: Microsoft Windows 98, 98SE, ME, Microsoft Windows NT 4.0, Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1, Microsoft Windows Server 2003.
ac7c55f929b9e971cc8376ae4bda17d5f164652d10bf394f6db55a9ddb4eacb6
White paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.
e3b3b4f30a2a0648c126c82e8737baf56f8691cabd9319b9cf8a4dd23890ba6f
Original research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.
afe2bc49b17ee13959bb70c510b9169e409491f6f6bef971239d00a18a2e3d4f
Inside the PostThreadMessage API, any user of any security level can give a WM_QUIT message causing the process to terminate. Sample exploit code included.
dae92371caa61085fff77e818f7e1bd44af495374120d1706c46fb9deee38189