Mandriva Linux Security Advisory - Sean Larsson of iDefense Labs discovered several vulnerabilities in X.Org/XFree86.
97b35c6e735b8d6c0b2ff08fe7eaad461cfd42fdcc735462b8497e968ed446ca
edit x suffers from a remote file inclusion flaw.
a6471d2b806439f646be5d7ba5cf26413a3ce5627c1da0b485097c803a379517
Technical Cyber Security Alert - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
049533d126d844ab93b97a0880f4a59c690d06715932ab7ecd0da72df1618967
Ubuntu Security Notice 404-1 - Laurent Butti, Jerome Razniewski, and Julien Tinnes discovered that the MadWifi wireless driver did not correctly check packet contents when receiving scan replies. A remote attacker could send a specially crafted packet and execute arbitrary code with root privileges.
e5d647388f32d6aae84a6bd05bc45f6e06ca672b4252d0241fd92a444119957a
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeSwapBuffers" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
1c0f3d7a8d4c80341e8081cffa1b9e7a4a90fb00e6381eafc8321dc771916c7a
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeGetVisualInfo" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
6f7d2967f3b57cf1a2e399b8cab64fc0ae97918e6823831c613f1400572609c9
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcRenderAddGlyphs" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the Render extension. Insufficient input validation exists when allocating memory for glyph management data structures. By sending a specially crafted X protocol request to the Render extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
a9a3e90e985e3a24f53e3b9c8dc3d5768294afdcfcc4efa07814157044fc6bb8
iDefense Security Advisory - Remote exploitation of an heap-based buffer overflow vulnerability in Microsoft Corp.'s Excel spreadsheet application format could allow an attacker to execute arbitrary code in the context of the user who started Excel. The vulnerability specifically exists in the handling of the PALETTE record in BIFF8 format spreadsheet files. By supplying a record with too many entries, an exploitable buffer overflow condition can occur. iDefense Labs have confirmed the existence of this vulnerability in Microsoft Excel 2003 with all service packs and security updates. Previous versions of Excel are also likely to be affected.
a09a1ef31e33e601c11365cacff19544e438ce5ef63265fb1c76e2d91aca7528
iDefense Security Advisory - Remote exploitation of an input validation error in Microsoft Corp.'s Excel spreadsheet application may allow the execution of arbitrary code. The vulnerability specifically exists in the handling of out of range values in the column field in several BIFF8 record types. By supplying an invalid Column field to one of these records, it is possible to cause the system to reference arbitrary memory. This can be exploited to gain control of the application. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 with all available service packs and security patches. Previous versions of Excel are also likely to be affected.
82665cc27896742407009fe948438d3f8776c22bbff1550937b6e70dd8a38eac
iDefense Security Advisory - Remote exploitation of an integer overflow vulnerability in the Vector Markup Language (VML) support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. This vulnerability exists due to insufficient input validation within vgx.dll. Two integer properties are multiplied together and no overflow check is performed. This could allow an attacker to force a memory allocation of a smaller amount of memory than is required. When copying user supplied data into the newly allocated memory, it is possible to overwrite a function pointer stored on the heap, which leads to the execution of arbitrary code. iDefense testing shows that Internet Explorer 6.0 bundled with Windows XP SP2 with all available security patches is vulnerable. Other versions of Internet Explorer, including those with all security updates applied, are also vulnerable. Older versions of Internet Explorer may also vulnerable.
cc02a2d31828272aa07f4e4211c32c642119a165cea1314af6ba67aedb689e40
MIT krb5 Security Advisory 2006-003 - The Kerberos administration daemon, "kadmind", can free uninitialized pointers, possibly leading to arbitrary code execution. This vulnerability results from memory management bugs in the "mechglue" abstraction interface of the GSS-API implementation. Third-party applications written using the GSS-API may also be vulnerable.
fe0c7983abc6fcc874c2ddd78be53dfa71e11c82dac8f76ce5847d09a230d0cb
MIT krb5 Security Advisory 2006-002 - The Kerberos administration daemon, "kadmind", can execute arbitrary code by calling through a function pointer located in freed memory. This vulnerability results from bugs in the server-side portion of the RPC library. Third-party server applications written using the RPC library provided with MIT krb5 may also be vulnerable.
87d587621f057226f60e716dfd1abc4d65dbd81c11c4a1edfa9d38e13eb53dcf
Ubuntu Security Notice 403-1 - The DBE and Render extensions in X.org were vulnerable to integer overflows, which could lead to memory overwrites. An authenticated user could make a specially crafted request and execute arbitrary code with root privileges.
8d8cb53782e2bfc00d93539ec3132f01e9ad6e46b2537922ea0a41e1eb46dee8
KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.
bbe226f8526b19cff802b45793648da93e38d02f08a6eb41783cd101bf62423d
Sina UC ActiveX is susceptible to multiple remote stack overflow vulnerabilities.
a9afe17447add80ad7ac871bd7a82d4c0ead1d050043917422ca2e7989f5c4cb
VMware Security Advisory - The VMware ESX server has new patches released that address a slew of security issues.
dc4dfe67a9b27831f0fffe3d8c6400d518a4c37b965e985d23a76ba126eb8357
ppc engine suffers from a remote file inclusion flaw.
699e0d1ff2d4aeb0321e16b94610e6290e9a724451a740c711c10f58ddadf8d7
Mandriva Linux Security Advisory - Dean Gaudet discovered the geoipupdate utility fails to do sanity checking on the filename returned by "GET /app/update_getfilename?product_id=%s".
305682e136e247033db3ac84c82be0befc05d6d06a47a4705dceb6bf0aca7f0b
createauction suffers from a remote file inclusion flaw.
f1196f9a4ee5eb63825427cc6771b387d1f875136ebd3e7cd0b4f6b42e27ab2c
Easy Banner Pro version 2.x suffers from a remote file inclusion vulnerability.
b004f2195a1f44a363b64725a298898026c0ba78acc8a4fe753a625c95d84a25
Mandriva Linux Security Advisory - The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
db653fedf0f97f8642f50ebd58b11367c38216a21c1f69bb31aa92d253c6c99e
Month of Apple Bugs - Exploit that demonstrates a denial of service in the UFS filesystem. A specially crafted UFS filesystem in a DMG image can cause the ufs_lookup() function to call ufs_dirbad() when a corrupted directory entry is being read, leading to a kernel panic (denial of service). This issue cannot be abused for remote code execution.
dec331376b73f489db107e8f7ee4bf1f2328d765af037288c196140b777ea5c1
Month of Apple Bugs - Exploit for the byte_swap_sbin() function. The byte_swap_sbin() function, one of the UFS byte swapping routines (this code is not present in FreeBSD and it's Mac OS X XNU-specific; used for compatibility of filesystem streams between little and big-endian systems) is affected by a integer overflow vulnerability, leading to an exploitable denial of service condition.
d7aac98581374e4ca26eb3859335af304a16c4df81db9bb0f90e811cc2b46fd6
Month of Apple Bugs - Exploit for the ffs_mountfs() function. The ffs_mountfs() function, part of the UFS filesystem handling code (shared between FreeBSD and Mac OS X XNU) is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution.
746e0bd8150cb61f86f671fe9e5f7939e7b56820033c9e5353bacadbe0247ca3
Month of Apple Bugs - Exploit for a vulnerability in Finder. Finder is affected by a memory corruption vulnerability, which leads to an exploitable denial of service condition and potential arbitrary code execution, that can be triggered by DMG images. One of two exploits.
641c56a3c3546d6881d7d441e3203e4a9130560679f14bc12df8f0bb36e7d662