iDefense Security Advisory 04.17.08 - Remote exploitation of multiple buffer overflow vulnerabilities in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The first vulnerability occurs when parsing "Attribute" records from the file. Due to a lack of bounds checking during a loop that reads these records, an attacker can trigger a heap overflow by inserting more than 256 records. The second vulnerability is nearly identical to the first one, but involves the "Font Description" record instead of the "Attribute" record.
d5c1e54a528aecc168f3f719c15a64b4d477ce0d70a91094ce2679f1c914e587Secunia Security Advisory - Fedora has issued an update for rsync. This fixes a vulnerability, which can potentially be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system.
69f4c7ee3333ad361529570116d861270afaf96ab6a9b639602352e03e3d6b09iDefense Security Advisory 04.17.08 - Remote exploitation of an integer underflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for converting the QPRO file into an internal representation used by OpenOffice. A 16-bit integer is read in from the file, and later used as a loop counter that controls how many values are stored into local stack buffers. When verifying the value of this counter, the code decrements the counter without checking to see if this operation will underflow. This results in the loop running for many iterations, which leads to a stack based buffer overflow. This allows for the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
f84858db4e28dc1273900ceb08e2ed51b2cf68abf337f43d22cc8d9b211cb5d2iDefense Security Advisory 04.17.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for parsing the EMR_STRETCHBLT record in an EMF file. This code reads in two 32-bit integers from the file, and then uses them in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This calculation can overflow, resulting in an insufficiently sized buffer being allocated. Subsequently, this buffer is overflowed with data from the file. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
eaae57c05bcec835031fde7ebd775e2f4c0fa5c780568b5735acc91a31609cbbiDefense Security Advisory 04.17.08 - Remote exploitation of a heap based buffer overflow vulnerability in OpenOffice.org's OpenOffice, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the importer for files stored using the OLE format. When parsing the "DocumentSummaryInformation" stream, the vulnerable code does not correctly verify the size of a destination buffer before copying data from the file into it. This results in an exploitable heap overflow. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3.1. Other versions may also be affected.
beba06a82f3c37e625f8a5390af46b7f3dcc88612314ae0518e218e18547ff9eUbuntu Security Notice 603-2 - USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice. It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
3fcd5e4740674011b06b40a1ad46454941f4d681ea10dab23af3edfee1e3489bUbuntu Security Notice 603-1 - It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
4f46d3895907df5f8df60181ff60bf2f620bccc8f4737c3354eac9d4b0987e0fOracle provides database export functionality in various modes. One of the export modes is called Direct Path. This mode uses a special protocol message to extract table data rather than SQL queries. Using this special protocol message an attacker can extract information from tables and views to which she has not been granted access. Oracle 9 and 10 versions prior to April 2008 CPU are affected.
27fd858007efcc4d96013f89c6bf95157db14b1144ae3d65a90feb1ddc63f49bThis Metasploit module exploits a stack overflow in the w22n51.sys driver provided with the Intel 2200BG integrated wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Probe response frame is received that contains multi vendor specific tag and "\x00" as essid and essid length element. This exploit was tested with version 8.0.12.20000 of the driver and an Intel Centrino 2200BG integrated wireless adapter.
abd019c52643a22cde8cd84dcaa500474c643265057b4aed5651a541e999c587Debian Security Advisory 1550-1 - It was discovered that suphp, an Apache module to run PHP scripts with owner permissions handles symlinks insecurely, which may lead to privilege escalation by local users.
d35796ed2fb7e720a2fa4054537e825039a11e8e783d57b7e73a2fe15fc537dbDebian Security Advisory 1549-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit.
62314529e6b2a8961fdc62903be5852f877050f67464c71cc61ae72898d496b1Debian Security Advisory 1548-1 - Kees Cook discovered a vulnerability in xpdf, set set of tools for display and conversion of Portable Document Format (PDF) files.
235a47cd18fb9984d68817b8239aad99176bdcef51f920aeff5bcaf305ed06c0Secunia Security Advisory - S@BUN has reported a vulnerability in Koobi, which can be exploited by malicious people to conduct SQL injection attacks.
5a35c60a78d9cdf97ffc8fc727b01545514f9883c789ce833f293ebf4311b267Secunia Security Advisory - Sebastien gioria has reported a vulnerability in BusinessObjects XI, which can be exploited by malicious people to conduct cross-site scripting attacks.
1818d5146b2c2970f2540fd6677b2d57c9222a88cf3fe6215390d2b7ec92dee8Secunia Security Advisory - Red Hat has issued an update for speex. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
f13ec82fef0dc7ab9bf585ed0bae217a34c70f098068185e6df1517a9d75965eSecunia Security Advisory - Guido Landi has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system.
7d4c035b16b033e14c21bbe0ecfce2775c79203f65b48eac7a8fe12e29f79dc4Secunia Security Advisory - Fedora has issued an update for speex. This fixes a security issue, which can potentially be exploited by malicious people to compromise an application using the library.
52d273585d1a0dc29f16b22fe4ee8143c5213ebb17205a4add794afa224847b4Secunia Security Advisory - Fedora has issued an update for otrs. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
64301f36bf4053f64bb162c4dc029f6ff388d1c216210c9ae0e118b9015fc65aSecunia Security Advisory - Some vulnerabilities have been reported in Kolab Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
422e5c2be4495f4cfd7db8564badbb2bc9499d4ed57fb31695671317c2cd0193Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
baae563d8d77935be2faa6c61839fd9a3d4d9f98975f4853fa015d873add3cc0xine-lib versions 1.1.12 and below suffer from a stack-based buffer overflow vulnerability in the NES sound format demuxer (demux_nsf.c).
091bbf5d39beb0c8cf8db84e31934c03fcce9f420df92d712585dade81a50370The E107 Chat module 123FlashChat version 6.8.0 suffers from a remote file inclusion vulnerability.
a2e1bbee70342d3d6e4a2e87fdde34fd15740e940272077089f485efa0211beaMicrosoft Works 7 crash proof of concept exploit that makes use of WkImgSrv.dll.
5f85f952e577de03ad55b796a0f89e467803815f3d1289a2a63b56809088e35cHP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
7e8e1d78e17f8e2c8cebe94b47d4f5787aefbb8ecc9db10233817eb43e2c4654Secunia Security Advisory - AmnPardaz Security Research Team have reported a vulnerability in Carbon Communities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
5e869d4480e7a745e49f41308663ccb1141ab1864d481fbf765e3236e7061c5d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed