Zimbra Desktop version 7.1.2 suffers from multiple input validation vulnerabilities that allow for malicious script insertion and cross site scripting attacks.
f41a8370a742c9ba69d11bec4c115ee6b45a6a6b38c04d12fbfb729803b337e2
The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
0fa10f8bd72eefcf41477492323bf1a29066a62a63f7c0287de0cac6b2c9a5ef
This Metasploit module exploits a vulnerability found in the AutoVue.ocx ActiveX control. The vulnerability, due to the insecure usage of an strcpy like function in the SetMarkupMode method, when handling a specially crafted sMarkup argument, allows to trigger a stack based buffer overflow which leads to code execution under the context of the user visiting a malicious web page. The module has been successfully tested against Oracle AutoVue Desktop Version 20.0.0 (AutoVue.ocx 20.0.0.7330) on IE 6, 7, 8 and 9 (Java 6 needed to DEP and ASLR bypass).
d858c8b6d6fe0d0ffc9d06afc12e482599a5ca2b027ef372734fa46886a66c4d
Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
ef5af1d4129c97a023a0cc2e74caaa7ad86b3ab37d19926858984185cae82c3c
Zero Day Initiative Advisory 12-098 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of America Online's Toolbar, Desktop, IM, and winamp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dnUpdater ActiveX Control. When initializing the ActiveX control object, dnu.exe assumes the 5th argument being used for the Init() method, to be a legitimate pointer to a function. This vulnerability can be leveraged to execute code under the context of the user.
a43f556f3d5f1fb2f42adb830bd5d07dc569dc14ea9ec83ad846c3de1fe60ccb
MyDesktop suffers from a remote SQL injection vulnerability.
b483fc4a413ecf61218995b5a31ab35d3a76cd27173b00ae7bb801caf250abb5
Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.
6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
Secunia Security Advisory - Two vulnerabilities have been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
e0fdb9f7c33b5703a29340209d510b8b6eead3975c286d792e8c5b0a8a4fe19d
Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.
9a0a4f543457fc7348795ef6b90c507f9cb100611358fcad986b6f701a4bd297
Pakyu Cenloder Microsoft Remote Desktop python denial of service exploit.
6679e3355cf673033887af137fcccfdd01c59d366258732210ba0294f9b2d753
This archive encompasses an advisory about the MS12-020 use-after-free vulnerability in Microsoft Remote Desktop, details about the leaked exploit in relation to this report, and a proof of concept exploit.
9a94d068fd0f6a8f044593bfb8ff8e4f4527cff18adacfeaddb785decdbbaa82
Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.
10864a15ca77b98406254b2f35007bb2b449eabd2c3ebff0d116a3416159f77e
Red Hat Security Advisory 2012-0349-01 - On March 01, 2012, all Red Hat Enterprise Linux 4-based products listed transition from the Production Phase to the Extended Life Phase: Red Hat Enterprise Linux AS 4, Red Hat Enterprise Linux ES 4, Red Hat Enterprise Linux WS 4, Red Hat Desktop 4, Red Hat Global File System 4, Red Hat Cluster Suite 4.
e326550afcdeea4064006170ceef17b1544525cfcecf9f031e3dac47bae27ec1
Red Hat Security Advisory 2012-0324-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
5523df1edf9b9bf00698149c5299eca8f8b5e0c4b4ab304f7d57cc4905cc9491
Red Hat Security Advisory 2012-0136-01 - The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
a7c0d3490864f1b414b91819fc65ca0f07506a135da1b6cae025b0ee2e2d093c
Yoono Desktop add-on version 1.8.16 suffers from a cross site scripting vulnerability.
a8417c2a0833fd85e7aa35fa63e272e82bb16abb6d03a52d1c45f412dc36d3b1
Red Hat Security Advisory 2012-0104-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
9165e3b50d8f4caa9cb36bcfa88ebf90af850df3617220c0b88374cbdcb36f8f
Secunia Security Advisory - A vulnerability has been reported in Hitachi JP1/IT Desktop Management, which can be exploited by malicious people to conduct cross-site scripting attacks.
1b2f71e90e48f6606d68d802b26eca7e8d8f8f1cdd148b495ea8d6480cf21c7b
This Metasploit module exploits a heap overflow vulnerability in the Windows Multimedia Library (winmm.dll). The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using Windows Media Player's ActiveX control. Exploitation is done by supplying a specially crafted MIDI file with specific events, causing the offset calculation being higher than how much is available on the heap (0x400 allocated by WINMM!winmmAlloc), and then allowing us to either "inc al" or "dec al" a byte. This can be used to corrupt an array (CImplAry) we setup, and force the browser to confuse types from tagVARIANT objects, which leverages remote code execution under the context of the user. At this time, for IE 8 target, JRE (Java Runtime Environment) is required to bypass DEP (Data Execution Prevention). Note: Based on our testing, the vulnerability does not seem to trigger when the victim machine is operated via rdesktop.
2fdc9c5c7f7d444b003b94e6d9ac9413e9711bc63c367b5bb555b0a3a0fecd1c
Secunia Security Advisory - A vulnerability has been reported in Oracle Virtual Desktop Infrastructure, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data.
e6408b38d5e784713714d1800fe371c1a8a3a6c6a45c5db98f55841780396832
Citrix XenDesktop, XenServer, Receiver version 5.6 SP2 suffer from a pass-the-hash attack vulnerability due to not using SSL.
1cdc447222c2b4047d47fb0a65039267225b922c70e82b599759e03fa6d8207b
A small collection of scanners using SCAPY that scan for Remote Desktop, VNC, SSH and Telnet servers on networks. It can be used to build target lists or discover rogue services running on your networks. Written in Python.
af46bf1f61d6ac25ffe9a21f178bbd9262eb64e48d53371b8aa3e0e2721606b2
Secunia Security Advisory - Oracle has acknowledged two vulnerabilities in Oracle Secure Global Desktop, which can be exploited by malicious people to cause a DoS (Denial of Service).
2073f14cdfac1a26e0df65e4bbb589a41a00a352d283fbd4a604bda50bf3a0f2
Secunia Security Advisory - A security issue has been reported in Citrix XenDesktop, which can be exploited by malicious, local users to bypass certain security restrictions.
e5c70fa37eb5ee4ce9f6e58516221bdb40507893f97fe509ffdc313bd2e4d1a3
Red Hat Security Advisory 2011-1385-01 - The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment. An input sanitization flaw was found in the KSSL API. An attacker could supply a specially-crafted SSL certificate to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
93d3a041d26b448ebf9aa48719ed1b488137fda9ab4c9f89b9db8e97b49be46d