EasyMail Active-X buffer overflow exploit that makes use of emmailstore.dll version 6.5.0.3.
6e361617fbcf262ed18aa616b515866a39d885acb9e6f76821064a3e45ca09b1Zero Day Initiative Advisory 08-087 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 7 on the Microsoft Vista operating system. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during a WebDAV fetch of a document from a path containing a large number of characters. Mishandling of cached content results in a heap corruption which can be leveraged to execute arbitrary code under the context of the current instance of Internet Explorer.
b7e31f5172a842f8f18ffa92303a19af6f2fd3be8bec591aff3b4c8e6630bf3fZero Day Initiative Advisory 08-086 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. Exploitation requires that the attacker coerce the target into opening a malicious .DOC file. The specific flaw exists when processing a malformed table property within a Microsoft Word document. User-supplied data is copied into a stack-based buffer using a size that is calculated from the contents of the property. Exploitation can result in arbitrary code execution under the context of the current user.
f9764e5f351f435e4a8b86a0afa405425f780aa19ce2223fce8c81e0df4b132bZero Day Initiative Advisory 08-085 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft products including Word, Outlook and WordPad. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of RTF documents containing multiple drawing object tags. First, code within wwlib.dll allocates a buffer for the tag object. Later, a result from a call into mso.dll is copied into the same buffer but with a larger size than was allocated by the callee. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
c5ea79961ce2e515e26e96dde47f09b7a8594e01a09011a9c5a3588cf2149a1aZero Day Initiative Advisory 08-084 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists when parsing malformed RTF documents. When processing consecutive "\\do" Drawing Object tags mso.dll does not properly verify the integrity of the object and frees a memory buffer twice, leading to heap corruption. Successful exploitation can lead to remote compromise of a system under the credentials of the currently logged in user.
061b1c87dd8c8c9625fcb32b2321deaa163679ec6e8c9facf4afbc86e5e44cabZero Day Initiative Advisory 08-083 - This vulnerability allows remote attackers to execute arbitrary code through vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the Microsoft Animation ActiveX control MSCOMCT2.OCX. When parsing a malformed AVI file through this control an exploitable heap corruption can occur. As the AVI file can be loaded over a UNC path this issue is remotely exploitable and can result in arbitrary code execution under the context of the current user.
1dbe0239c3e9b97f9f232b861323193b98c4820840f062fff2ed763720efb074Secunia Research has discovered some vulnerabilities in Microsoft Hierarchical FlexGrid Control bundled with various products, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to integer overflow errors in the ActiveX control (mshflxgd.ocx) when handling the "Rows" and "Cols" properties and the "ExpandAll()" and "CollapseAll()" methods. These can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code. Microsoft Hierarchical FlexGrid Control 6.0.88.4 is affected.
6e220530f9f2bbf0cc8d3277a36675fa7b06bf0bdfafeb2b69efb664ba2bbffaiDefense Security Advisory 12.09.08 - Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with the privileges of the current user. iDefense has confirmed that gdi32.dll file version 5.1.2600.3316, as included in fully patched Windows XP Service Pack 2 as of May 2008, is vulnerable. Other versions of Windows are suspected to be vulnerable.
68501cbdd911465db4d25283b8377fdde05b71c2c0c33e8d6509ecde49f62b47iDefense Security Advisory 12.09.08 -Remote exploitation of a stack buffer overflow vulnerability while handling specific HTML tags in Microsoft Corp.'s Internet Explorer web browser allows attackers to execute arbitrary code within the context of the affected user. As of September 2008, iDefense confirms that Internet Explorer 5.01 on Windows 2000 SP4, is vulnerable. It also causes denial of service for Internet Explorer 6 on Windows XP SP2. Internet Explorer 7 is not affected.
027f86f331e8ec116d59559fda203fd63d14492947a5f9a5df9279c236cc1782ELF binary shellcode encryptor that is NULL free for IDS payload bypassing.
7d6d93a6fc604b116de5293ac21af0daf772aaefb96c509fd6c1eeede743023bPHP Multiple Newsletters version 2.7 suffers from local file inclusion and cross site scripting vulnerabilities.
05ea466d21fd5975a8092aeeba15343b7a80452a1cebd87f008da7017bb85607PHPmyGallery version 1.5beta suffers from local and remote file inclusion vulnerabilities in common-tpl-vars.php.
0d0f6fd17f834d4813a68e6b6be49d06d7555ed6187e5e24a22e3264814030c3PostEcards suffers from remote SQL injection and database disclosure vulnerabilities.
fb4b509595b8189b6a8e187b3d944cc3d4eb7660d12ec966d62d94e7641b486dProQuiz version 1.0 suffers from a SQL injection vulnerability that allows for authentication bypass.
de1d1e9d2641d8a51f01561fa921f2128aaaeb96e3c08100ae2377f280f1baebCore Security Technologies Advisory - Vinagre is a VNC client for the GNOME Desktop. A format string error has been found on the 'vinagre_utils_show_error()' function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user. Proof of concept code included.Versions 2.24.1 and below are affected.
3e17538dd72cc925a9aa97a372aec9f82e566dd73c6ec01b5df998cf7ed1b783Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to insufficient validation of an index value in the NAME record and can be exploited to corrupt memory via a specially crafted Excel Spreadsheet (XLS) file. Successful exploitation may allow execution of arbitrary code. Microsoft Office Excel 2000 SP3 and Microsoft Office Excel 2002 SP3 are affected.
c9de174ed71112e49d317cc07db7cacfb4dca6980459f45c5d90f9c3feb0a385Secunia Research has discovered a vulnerability in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when calculating the space required for the specified number of points in a polyline or polygon. This can be exploited to cause a heap-based buffer overflow during parsing of objects in Rich Text Format (.rtf) files e.g. when a user opens a specially crafted .rtf file with Word or previews a specially crafted e-mail. Successful exploitation may allow execution of arbitrary code. Microsoft Office Word 2003 SP3 and Microsoft Office Word Viewer 2003 SP3 are affected.
c660078d68293331438cefc112487a9fcec1415bee279c37d6d6e61a39eba659The .Aware-Electrolicious-Zine Call For Paper for the Delta Edition has been announced. It will be released on the 1st of April, 2009.
fcf781c8ee8f140a3a6bf0f8df84471835e4a8149157566fe7f73af5a7db0923SEC Consult Security Advisory 20081209-0 - Microsoft SQL Server suffers from a limited memory overwrite vulnerability.By calling the extended stored procedure sp_replwritetovarbin, and supplying several uninitialized variables as parameters, it is possible to trigger a memory write to a controlled location. Depending on the underlying Windows version, it is / may be possible to use this vulnerability to execute arbitrary code in the context of the vulnerable SQL server process. In a default configuration, the sp_replwritetovarbin stored procedure is accessible by anyone. The vulnerability can be exploited by an authenticated user with a direct database connection, or via SQL injection in a vulnerable web application. Versions 8.00.2039 and below are affected.
a3cd08ebd8f3b29b9b481794aeae14f29fef4640ab1d53fdd05d480b010bfc47Netref version 4.0 suffers from multiple remote SQL injection vulnerabilities.
d4294c988da5ee3acd8b446378359309b79f82096f4d682ccd90707a440b28daPeel Shopping version 3.1 suffers from a remote SQL injection vulnerability in index.php.
ec49d7e0edd5d554d1e8fc2087a4e79cd0e1ad25da0e795d8da446b41de29c33Secunia Security Advisory - Debian has issued an update for streamripper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
00675c4589dea5ae70d3aa68bea8eacb7669bb8ca78273f1dba9a07715a01261Secunia Security Advisory - A vulnerability has been reported in Aruba Mobility Controller, which can be exploited by malicious people to cause a DoS (Denial of Service).
09ba82ba5d15e878b447a3a4b793a82d22c942474d75148d5430c4d7902d0c4bSecunia Security Advisory - Chris Castaldo has discovered some vulnerabilities in 3CX Phone System, which can be exploited by malicious people to conduct cross-site scripting attacks.
44800419357d812b40bc6c90b8c72d49965e1836d8d1579c505ddd515563408bSecunia Security Advisory - A weakness has been reported in HP DECnet-Plus for OpenVMS, which can be exploited by malicious, local users to bypass certain security restrictions.
322eae4e959aae718d089af4b6dc77e16ea0cbb8772bda23f4f4c2061fe0d264
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed