This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials.
b97beb4e58e46d6a4719bd8417540a0d0f63bac1d2dbac31e1272e615cc3a6b5This vulnerability allows local attackers to execute arbitrary code in kernel space on vulnerable installations of Sophos Anti-Virus. Local access to the system is required to leverage the vulnerability. The specific flaw exists in the handling of the system call NtQueryAttributesFile by the filter driver savonaccessfilter.sys. Due to improper handling of parameters to the function pool corruption can occur in kernel space. A local attacker can leverage this to execute arbitrary code in ring 0.
fdbd68ea6a72bd82b979a735c87645b3df846a705d606712fa1d183fd49b65d4A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office PowerPoint Viewer. User interaction is required to exploit this vulnerability in that the target must open a malicious PowerPoint PPT file. The specific flaw exists in the handling of TextCharsAtom (0x0fa0) records contained in a PPT file. Due to the lack of bounds checking on the size argument an unchecked memcpy copies user-supplied data from the file to the stack, overflowing key exception structures. Exploitation of this vulnerability can lead to remote compromise of the affected system under the credentials of the currently logged in user.
8e1c23ac15700c930c9745ee6e55c11fbeb356f471c8041790add6cbebb32c65A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required on certain configurations to exploit this vulnerability. The specific flaw exists in the handling of RPC calls to the License Logging Service (llssrv.exe). When processing arguments to the LlsrLicenseRequestW method a character array is expected to contain a terminating null byte. By supplying data that does not end in a null it is possible to overlap a call to lstrcatW, resulting in a heap overflow. Successful exploitation of this vulnerability can lead to remote system compromise under the credentials of the SYSTEM account.
f21d1604d8e1e8c3be6574e22ae7b94c1af0646e4e4c46095c1aa5ccefb5b163This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Valid user credentials are required to exploit this vulnerability. The specific flaw exists in the Workstation RPC Service. When handling the arguments for the NetrGetJoinInformation function, memory is improperly freed and can lead to remote code execution. Successful exploitation can lead to a remote system compromise under SYSTEM credentials.
5393183c36ea88d2139644a6de4145537f2757f69041687b605c096b7e348484This is a complete write up discussing the technical details of the Microsoft Video Active-X control zero day vulnerability.
401a2d9b81eefa2c0c2ac392f7747f6168424ac4ad379b26e2a21835f1f2fa65A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows running the Message Queuing service (mqsvc.exe). User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of an RPC request to the Message Queuing Service (mqsvc.exe). By sending a specially crafted RPC request a heap calculation can be controlled and later overflowed during an unchecked string copy operation. By sending a similar request memory can be disclosed to the attacker. Exploitation of the heap overflow leads to full access of the affected system under the SYSTEM context.
008a6cf0f644c4e0b0ad926a906f68df24e68fb35f0f36ade8992b4114c4bf17CA Secure Content Manager contains multiple vulnerabilities in the HTTP Gateway service that can allow a remote attacker to cause a denial of service condition or execute arbitrary code.
47555d68b8e92edea082d71fedeb7d325edf58e7a50e1aaa6b62fd587d4992bbA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust SCM. Authentication is not required to exploit this vulnerability. The specific flaw exists in the HTTP Gateway service icihttp.exe running on port 8080. When issuing a request for a FTP service the process tries to decorate the contents of the transaction. In this particular case by specifying a overly long response to a LIST command a stack buffer can be overflowed. Successful exploitation can lead to complete system compromise under the SYSTEM context.
2b2f62d1683e52865e78f6f6f880a3489ddaed22b8cd6ba19e467337e9bb9828A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of a malformed tag a heap allocation can be adversely controlled. When user supplied data is copied to a heap buffer the resulting data results in a arbitrary memory overwrite. If successfully exploited this could lead to system compromise under the credentials of the currently logged in user.
2e0149de414dbd19418b0e2dd79c34f7052ed8d9bb1e9580fe845be55d9a65b2A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CTL Provider Service, CTLProvider.exe, which binds to TCP port 2444. The service operates over a SSL encrypted transport. Due to a logic flaw in the way data is received in a loop a heap allocation can be arbitrarily overflown resulting in the control of subsequent heap chunks. This can lead to arbitrary code execution. Version 4.1(3) is affected.
d1adddda0bed4abbd64d6b58766d7cbc90bbbd0ab44c72ddd31afb9f5483c8eeA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of malformed Image Descriptor (IDSC) atoms. Specifying a malicious atom size can result in an under allocated heap chunk and subsequently an exploitable heap corruption situation. QuickTime Player version 7.3 and QuickTime PictureViewer version 7.3 are affected.
ef7d96b0982ebabf7d4e87e2df2b476b5c438e320325d76b3b4f1d7df3d20a4cA vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. QuickTime version 7.2 is affected.
91b1ffe46fd1f70368d2fb33d6bc1c3f37be896dfa3d39f3f59c2c6183da3e1eVulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations of multiple Hewlett-Packard (HP) OpenView products, including: Performance Manager, Performance Agent, Reporter, Operations, Operations Manager, Service Quality Manager, Network Node Manager, Business Process Insight, Dashboard and Performance Insight. Authentication is not required to exploit these vulnerabilities. The specific flaws exists within the OpenView Shared Trace Service. A service that is distributed with multiple products as ovtrcsvc.exe and OVTrace.exe. The vulnerable service may be found bound to TCP port 5053 (ovtrcsvc.exe) or TCP port 5051 (OVTrace.exe). Specially crafted data through opcode handlers 0x1a and 0x0f can result in arbitrary code execution under the context of the SYSTEM user.
0f9b632a8194e66912be70699b2b63b542bb327aadc02228f6f4671e2435c7caA vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Borland Interbase. Authentication is not required to exploit this vulnerability. The specific flaw exists within the database service, ibserver.exe, which binds to TCP port 3050.
850c607e9262a42909f4e85e2338159268b92e0d74783621cf9880c4fab9ec83A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of software utilizing Centennial Software XferWan. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of overly long requests to the XferWAN process. When logging requests, user-supplied data is copied to the stack resulting in an exploitable buffer overflow condition.
f4d076517c9d4a4a593a8dfb89136ce5a9d6ebd7819ce5197210307b4def4b97A vulnerability allows attackers to execute arbitrary code on vulnerable installations of America Online with Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. Affected software is America Online 9.0 Security Edition.
6a16c6b2fa6bd6a2e4364fc3b2faf209928ece3e1f3ddb864eb76607692a74f8An arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the DirectAnimation.DATuple ActiveX control when improperly calling the Nth() method. By supplying a positive integer we can control a data reference calculation that is later used to control execution. The problem is due to the lack of sanity checking on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in danim.dll.
769bb97641bc409682a302fdc938fac3ae5a377904cf391babafeb05d9e2157cAn arbitrary code execution vulnerability exists in Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability can lead to code execution when instantiating the Internet.HHCtrl COM object through Internet Explorer. The flaw exists due to invalid freeing of heap memory when several calls to the "Image" property of the ActiveX control are performed. By abusing the jscript.dll CScriptBody::Release() function user supplied data can be executed.
0bc39862ef933a14031affb82e5ca6d358a21f94744cabd82cdadf1d60eea715
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed