Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.
1de96172989487fd3a6ea16f36030260ccf1f16e55224c94d2ef37c87fcf3425Zero Day Initiative Advisory 12-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request--which could ultimately lead to arbitrary code execution under the context of the SYSTEM user by invoking an exec function.
0e8f7ca268f389e2b1876c29d7b402d6145d28a3f54451240d6162b5bbe3dc50Zero Day Initiative Advisory 12-021 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). This will cause a heap-based buffer overflow, allowing an attacker to execute code under the context of the user.
24f0d26f31e6c8fcf24c50cab38a6f9c749dcbe2a5ff797f47cc95f3469fc940Zero Day Initiative Advisory 12-020 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc and PrintFile functions exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by setting the 'Header' member and calling PrintFile() with the same path argument. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.
0e61a6e226350f291abb2c1d035a02dd7b420e246ac20734c7e602223f151f77Zero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.
854bc2e262fff88ef741e78bf82fffb4832ad1b7eb87f4f13c662b94e8d6c14eZero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.
f2e5416cfb35582eb7bb064faa5f556740901c0c7936212dbaf2cc1269cea59bZero Day Initiative Advisory 12-017 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Outside In. Authentication is not required to exploit this vulnerability. The flaw exists within the sccfut.dll component which is used by multiple vendors, most notably the Novell Groupwise E-Mail Client. When opening the OOXML formatted mail attachment for preview the process copies the target of a Relationship tag to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
e80d123ed6250589b8b3eca15fa9b0da08e7c39a53637e169b2b5417d40f956eZero Day Initiative Advisory 12-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Diagnostics server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way the HP Diagnostics server handles incoming packets with 0x00000000 as the first 32-bit value. The magentservice.exe process listens on port 23472 by default. It will eventually take that first dword, decrease it by one and use it as a size value to copy data into a stack buffer. The resulting stack-based buffer overflow can result in remote code execution under the system user.
f89cf1cca7956e3476a79653108a775954c6207b163d593dad96b7179e74c5f5Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.
efef31e729581273d43acf86536cbf3cf65886fa8a51dab225bf70b406583cb8Zero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.
4c0d8147a4cc744a03c4b805f15c9dfd3c1b87e71dd48d95d2810e446ce52c6dZero Day Initiative Advisory 12-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLCacheMgr class ActiveX control (CLSID 6F255F99-6961-48DC-B17E-6E1BCCBC0EE3). The CacheDocumentXMLWithId() method is vulnerable to directory traversal and arbitrary write, which allows an attacker to write malicious content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.
fb8b831fc3f8ef0caabf7245c41d9901f42f711cc94d051774a0ba7e986d52a1Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.
fa83ba3ec153c2ff1c1cd62b2e99cbd60848c207d2f1408e77af54aaa5c616c2Zero Day Initiative Advisory 12-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 32779. When decoding the xdr encoded caller_name from an NLM_TEST procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
d0adfe915bdb4b5bd2f689ec61bba1dc633e2e638512cfdc80cb4f56d5f54ac1Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
6639c55c3938be7dce15b82072912ddf54486e00c1edb624e9e193ff0395441bZero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.
0255a4f2ef8b6316653251eeaf16b8b505a0a21c681598db533064319b5b09bdZero Day Initiative Advisory 12-08 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.
e5cec0d5fc3c15d052d61b16dbca622d563f1cb0132cd343599dd00b030e4c7cZero Day Initiative Advisory 12-07 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP and TCP port 32778. When decoding the xdr encoded data from an STAT_NOTIFY procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
ea96b549e09cd704a7b40d96634ef9cbe1cd292041c6582106a2ea09a6ab01d9Zero Day Initiative Advisory 12-06 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the xnfs.nlm component which is used when handling NFS RPC requests. This process listens on UDP port 2049. When decoding the xdr encoded filename from an NFS_RENAME procedure request the process uses the user supplied length as the bounds for its copy to a stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the system.
1b5e1a40d6210253da4b7c94959a2c7bb44c0bb8f0222374730afb689923cbdbZero Day Initiative Advisory 12-05 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application decodes video samples encoded with the RLE codec. When decompressing the sample, the application will fail to accommodate for the canvas the sample is rendered into. This can cause a buffer overflow and thus can be taken advantage of in order to gain code execution under the context of the application.
dd3b7d23e4891a7f15ce50c21b24b00e7bddcd2c6234ca87745299356ebbe00eZero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.
2edc88329e923b8a93d308b0138bc35600e08ff9cac81a54aeadcab08232019fZero Day Initiative Advisory 12-03 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within webappmon.exe CGI program. When processing crafted parameters, there exists an insufficient boundary check before supplying a format string with the values, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.
7280ee72fc8a2afbe65725493fa36e91a74ef66d4970ce823327f1cd22626da6Zero Day Initiative Advisory 12-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ov.dll. When processing a user supplied file name for the textFile option, there exists an insufficient boundary check before supplying the value to a format string within _OVBuildPath, causing a stack overflow. This can lead to memory corruption which can be leveraged to execute arbitrary code under the context of the target service.
f1580177567598e05d0e1d3eea87033ef77ed54ddde4cf3181022c29695f5d11Zero Day Initiative Advisory 12-01 - This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability.
2204a28829aaeec30ac377b5ce43990a7b27a82c98aa2c1a1fce51dc2fbd909dZero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.
f0495e468274c9e38b074f2dfd175ca4189b4a874d12ce564e49d2ef2f0d5c5dZero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.
5cb9d7c743d97359533a6a87e86ceb46ffdb1c08c4b3556a2c176533ab6a35a5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed