The TypeLib Information object library, implemented in TlbInf32.dll, suffers from a code execution vulnerability.
e427ba1543206c21303e6311555a57d53749181577fe5dec7f3d533a7b88bb9bMicrosoft Interactive Training suffers from a buffer overflow vulnerability when accessing files with .cbo extensions.
ea92dd141ee858165b4262471ac6a3e5cdc1e188ccf30be4703e290ce93ca574Microsoft Project Server 2003 suffers from a credential disclosure flaw.
fa2f2f3f3bb5a0c92a34f512db769d4e413bbac140300aea7fa40b9cc9ff0ddcHyper Access version 8.4 suffers from multiple command execution vulnerabilities.
f80fc49dfe1d0c19441f024ce5707fa40f9889fac4146b376d88524c20396f30IIS 5.1 suffers from a flaw where it allows an ASP shell to be spawned via execute rights for IUSR_Machine.
5a7c990b18f1d8d2164f708100f81623d7bd6a8ef8350f992cd9f06143afe20aSiteKiosk versions below 6.5.150 suffer from a validation input flaw that allows for cross site scripting and arbitrary filesystem access.
9ea3f03a84207ff83790149a9ca0b630607738fb4f06654ce25f61c61a9518eeColdFusion MX7 suffers from path disclosure, internal IP address disclosure, and cross site scripting vulnerabilities.
55f86e7929a884f0b6dd3f764aaf710b98410a62ad57cf00d38bfc635592b514A buffer overflow exists in ASP.DLL that can be exploited by creating a .asp file containing a parameter for the include SSI command. Software affected include IIS 5.0, 5.1, and 6.0.
15106fae66f1a64dd28018a095af362d82f101972557818a0a6c8f94dfd36787During the typical installation of the Windows Skype client, several URI handlers are installed. This allows for easy access to the Skype client through various URI types. Due to a flaw in the handling of one of these types, it is possible to include additional command line switches to be passed to the Skype client. One of these switches will initiate a file transfer, sending the specified file to an arbitrary Skype user. All releases prior to and included 2.0.*.104 and releases 2.5.*.0 to and including 2.5.*.78 are affected.
fe8684d0edbac32afb8e4bff76ec9538762c80234c607c689d1420885cc275e9Prior to September 6th 2005, the activeX component would install and mark itself 'safe for scripting'. The component offers various methods that when instantiated by a malicious web site, can be used to read files from, or write files to the local computer.
205c2061f89ca6554517260bf21c4e9b70e17a80b61ff8f9dc384b72dfc2fa40Example predebug code execution exploit, demonstrating how programmers being loaded into debuggers can attack the machine running the debugger. Example showing simple command execution.
76d7d2479d8d488badcb0576ec9f7d6ca96d0d10a0e52cd27298f200805cd49eExample predebug code execution exploit, demonstrating how programmers being loaded into debuggers can attack the machine running the debugger.
33ca07cc4db8f94578af6e6aae40cf6f4c90465438674f0c1438b9825c9a1273Bugger the Debugger is a whitepaper written by Brett Moore / Security Assessment describing how malicious code can be forced to run when a binary is loaded into a debugger / disassembler for analysis.
7851a9b8ea114b418d8c7b7f3062dfb64509d5da16aa5223a072c4f2c5333223A vulnerability in Microsoft HyperTerminal due to a boundary error in the handling of session files and telnet URLs can cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.
d5f48a0b9578759b5f20f38c3291107ddbb5f6e43f50da443fe60a814a424542Detailed analysis and overview of the Winamp 5.05 vulnerability recently patched.
0f5de7b9ebfaf2752d6409fddc9fe0ca060c3f20c2977f51e0bb33c53aa41958SecureCRT versions 4.1 and 4.0 suffer from flaws that allow for remote compromise due to links automatically launching the application.
23f493ba4fa09931d770c4c1e637bbc6b6dda5d8dd4f0c52a75179eeb017df5aSecureCRT v4.1 and below contains a remotely exploitable command execution vulnerability. Patch available here.
80795399469e1e338277c2f037190ee6918aae65b2a141bfe5ab27d0d50dbaf9A remotely exploitable stack overflow has been found in Winamp version 5.05 and below which allows malformed m3u playlists to execute arbitrary code. Fix available here.
99d0d7a37a9704572d57022f0d3742f404776b272e3755e80703ceb58318934bWhen thinking about buffer overflow vulnerabilities, a file can sometimes be as harmful as a packet. Even though past security issues have taught us that it is unwise to use an unvalidated value from a file/packet as a text length parameter, that is what happened with Microsoft Excel.
d3572a90acc842149e47149c8cbb247cdee198ab4f24cd4795627dd7cfba6637This paper gives an example of the variety of shatter attack which should be corrected by MS04-032 (KB840987). This sort of attack can typically be used for local privilege escalation.
b85c177e413daeba0b079bcf4270af5caa8ea90d4ca38f90165174415a48ef12A remote code execution vulnerability exists in the Task Scheduler (mstask.dll) because of an unchecked buffer. Affected Software: Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1.
b178c0fb6e2cf5a365096e5e090fe21dc3fe55636e18842f57f2b7cdfc145164The HtmlHelp application (hh.exe) in Microsoft windows read a value from a .CHM file to set a length parameter. By setting this to a large value, it is possible to overwrite sections of the heap with attacker supplied values. Affected software includes: Microsoft Windows 98, 98SE, ME, Microsoft Windows NT 4.0, Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1, Microsoft Windows Server 2003.
ac7c55f929b9e971cc8376ae4bda17d5f164652d10bf394f6db55a9ddb4eacb6White paper covering the topic of upload systems written in ASP. Many upload systems written in ASP suffer from a common problem whereby a NULL byte can be inserted into the filename parameter leading to any extension, after the null byte, being ignored when writing the file. This means that in some cases it is possible to bypass checks for valid extensions, even if one is appended by the application.
e3b3b4f30a2a0648c126c82e8737baf56f8691cabd9319b9cf8a4dd23890ba6fOriginal research advisory for the Listbox And Combobox Control buffer overflows announced by Microsoft Advisory here. Affected Software: Microsoft Windows NT4.0, 2000, XP, and 2003.
afe2bc49b17ee13959bb70c510b9169e409491f6f6bef971239d00a18a2e3d4fInside the PostThreadMessage API, any user of any security level can give a WM_QUIT message causing the process to terminate. Sample exploit code included.
dae92371caa61085fff77e818f7e1bd44af495374120d1706c46fb9deee38189
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed