iDefense Security Advisory 01.12.09 - Remote exploitation of an uninitialized memory vulnerability in Research In Motion Ltd.'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, which is usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. Due to a logic error, it is possible to allocate an array of object pointers that is never initialized. This array is located on the heap. When the object that contains this array is destroyed, each pointer in the array is deleted. Since the memory is never properly initialized, whatever content was previously there is used. It is possible to control the chunk of memory that gets allocated for this array, which can lead to attacker-controlled values being used as object pointers. This results in the execution of arbitrary code when these pointers are deleted. iDefense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected.
a32f982c4395b7c5889ee78df68e43c9f167aa38acbfef060b123138bc180740iDefense Security Advisory 01.12.09 - Remote exploitation of a heap overflow vulnerability in Research In Motion Ltd. (RIM)'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerability occurs when parsing a data stream inside of a PDF file. During parsing, a dynamic array is filled up with pointers to certain objects without properly checking to see whether the array is large enough to hold all of the pointers. By inserting a large number of pointers, it is possible to overflow the array, and corrupt object pointers. This can lead to the EIP register being controlled, which results in the execution of arbitrary code. Defense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected.
dbe2aeee0bfa5c0e9f6834239449ed5ed6148298a9df75a7d58c36cf6bcd68b9iDefense Security Advisory 01.12.09 - Remote exploitation of a heap overflow vulnerability in Research In Motion Ltd. (RIM)'s BlackBerry Enterprise Server could allow an attacker to execute arbitrary code with the privileges of the affected service, usually SYSTEM. The vulnerability occurs when parsing a certain stream inside of a PDF file. During parsing, a heap buffer is filled up with without properly checking to see whether the buffer is large enough to hold the current value. By inserting a large number of values, it is possible to overflow the buffer, and corrupt object pointers. This can lead to pointers being controlled, which results in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in BlackBerry Enterprise Server version 4.1.5 and 4.1.6 (4.1 SP5, SP6). 4.1.6 is the most current version, as of the publishing of this report. This vulnerability was confirmed in BlackBerry Enterprise Server for Microsoft Exchange, but is believed to affect the Lotus and Novell versions as well. Previous versions may also be affected.
088ad6b29c5080b1d10d96f654db6a53804b4e7c72ffc0fb13352281510e21abUbuntu Security Notice USN-708-1 - It was discovered that an installation script in the HPLIP package would change permissions on the hplip config files located in user's home directories. A local user could exploit this and change permissions on arbitrary files upon an HPLIP installation or upgrade, which could lead to root privileges.
a87b5f5cc0b5e0edf8fd432f4969fde2751ffca159c5f9430f137d79195ef0f6Ciansoft PDFBuilderX version 2.2 arbitrary file overwrite exploit.
37db1d43946f246c01083d433f8f460825147b9a44a33bd5eb0c2f39b50586d8Secunia Research has discovered two vulnerabilities in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "iGetHdrHeader()" function in src-IL/src/il_hdr.c. These can be exploited to cause a stack-based buffer overflow when processing specially crafted Radiance RGBE files. Successful exploitation allows execution of arbitrary code. Version 1.7.4 is affected.
2db7537f7ae4f1844e1079774d8e106853f8bddb5ad266889cca2a1bd47eac1ahttpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
68a75cc1bf60cd7a1e065cba4b5d538b7ec8a7dd32b4eaa3c6cd27d8d038391dNofeel FTP Server version 3.6 remote memory consumption denial of service exploit.
47f5bdb1305a39ddd54615aa5285fe6d5834788a177b7c5897fbfcf6e1027cf5VUPlayer version 2.49 local buffer overflow universal exploit that creates a malicious .asx file.
1690fe77d23785ea58414f3925d7eeb52df5e371336934d98f2420796a5163edPowerPoint Viewer OCX version 3.1 remote file execution exploit.
903296c8afc563b719c81ee2f3fe86c2d2671f0a7853d3a4b34a908aea843075
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed