Eeye Advisory - The NAI PGP Outlook plug-in in NAI PGP Freeware 7.0.3, PGP Personal Security 7.0.3, and PGP Desktop Security 7.0.4 contains a remotely exploitable heap overflow which can lead to code execution. NAI patch available here.
e7216236aa140bde90e0b6a185d4054a32eb6585e3527ebacfa7d3f1141d1b94Secunia Security Advisory - A weakness has been reported in eEye Retina, which can be exploited by malicious, local users to gain escalated privileges.
1a9958f78eeddbaae1a85599ed6a4c6e298738c83f12071b8c8588e4e181b69aThis Metasploit module exploits a flaw in the McAfee Subscription Manager ActiveX control. Due to an unsafe use of vsprintf, it is possible to trigger a stack overflow by passing a large string to one of the COM-exposed routines, such as IsAppExpired. This vulnerability was discovered by Karl Lynn of eEye.
44fae6eeb87ba29bf60ae8c26b6d7c50f75e7bf5c2f4e1500856135c1f0e9b56This is an exploit for a previously undisclosed vulnerability in the bit string decoding code in the Microsoft ASN.1 library. This vulnerability is not related to the bit string vulnerability described in eEye advisory AD20040210-2. Both vulnerabilities were fixed in the MS04-007 patch. You are only allowed one attempt with this vulnerability. If the payload fails to execute, the LSASS system service will crash and the target system will automatically reboot itself in 60 seconds. If the payload succeeeds, the system will no longer be able to process authentication requests, denying all attempts to login through SMB or at the console. A reboot is required to restore proper functioning of an exploited system. This exploit has been successfully tested with the win32/*/reverse_tcp payloads, however a few problems were encounted when using the equivalent bind payloads. Your mileage may vary.
8d9c928e6cd1a6002436a9b5bc1e9d94a868525515b51e06f0839ad3d7e7a68eThis Metasploit module exploits a stack overflow in the LSASS service, this vulnerability was originally found by eEye. When re-exploiting a Windows XP system, you will need need to run this module twice. DCERPC request fragmentation can be performed by setting 'FragSize' parameter.
d1baeef5ba6b111771fa5d96efb4b64cd26d7afcd05bc41178efc9a7b7a52d22Secunia Security Advisory - Gjoko Krstic has discovered a vulnerability in eEye Retina WiFi Scanner, which can be exploited by malicious people to potentially compromise a user's system.
3a1fa98774427077b6371a1bcafb1da245996de1387b7bc197ba0ca439fbd8feeEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006.
fc1814d1cbae3769356bcebcdf2053773a16eac33866492d72627399464648fbeEye Digital Security has discovered 14 vulnerabilities in the processing of FLAC (Free-Lossless Audio Codec) files affecting various applications. Processing a malicious FLAC file within a vulnerable application could result in the execution of arbitrary code at the privileges of the application or the current user (depending on OS).
fd4435d88053e876b0e64335d16dd5e50c862e15e3ae435c244329d2b41a39f6eEye Digital Security has discovered a remote vulnerability in CA BrightStor ARCserve Backup Server that allows an attacker to execute arbitrary code as SYSTEM without any user interaction. The exploit is extremely reliable and can be successfully delivered either across the Internet or within local networks via a random TCP port that is disclosed by the BrightStor portmapper service on TCP/111.
009d71dfb29f2caa5ca0a43c3b72406ccf8c716bee6628c3e41f5d7cf66f485eeEye Digital Security has discovered multiple vulnerabilities within CA ARCserve for Laptops & Desktops (L&D), an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900.
2c3fbc7b2a14abfd5c6627658fb14d28b20b7c63ec81bf6bcd5dcc180cd1adfceEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows metafiles. If an application attempts to display a malicious metafile in a particular way, a heap overflow will occur and result in the execution of arbitrary code, with the privileges of the user who ran the application.
3daffd833b5209c94b6713eeff0438cd5613f4e5ca5821836f028d845c4dc3e8eEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.
9b1cfee5014a419ac428eac7004f0bbeb5caae72cf8de6073a0fb45a9a602d41eEye Digital Security has discovered a critical vulnerability in PUBCONV.DLL (version 12.0.4518.1014) included with Microsoft's Publisher 2007. PUBCONV.DLL is the Publisher conversion library used by Publisher to translate previous Publisher version files to be "properly" rendered in Publisher 2007. However, when attempting to load a malformed legacy Publisher document (i.e. Publisher 98), PUBCONV.DLL can be forced to call an arbitrary function pointer resulting in the execution of attacker supplied code in the context the of logged-in user.
45a807a94697efd0e37c0d7d7a9bd649800af626e2944fe004c61b8ddf4b51f7eEye Digital Security has discovered a stack buffer overflow in Java WebStart, a utility installed with Java Runtime Environment for the purpose of managing the download of Java applications. By opening a malicious JNLP file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Systems affected are Java Runtime Environment 6 update 1 and below and Java Runtime Environment 5 update 11 and below.
4634c67fe886c62ca9877c8e797c11203f134b24b6f4f56bbd706b71a5db40d7eEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x.
d9613dbb76bafe2f5a875521f8e0028a1306fdcd3e8bbff5b802d3921f26ac89eEye Digital Security has discovered a local privilege escalation vulnerability in Windows Vista that allows a program executing without privileges to fully compromise an affected system. A malicious user or malware program could exploit this vulnerability to execute arbitrary code with SYSTEM privileges within the CSRSS process, permitting the bypass of Vista's vaunted user privilege limitations and administrator approval mode. By establishing and closing multiple connections to CSRSS's "ApiPort", an application may cause a private data structure within CSRSS that describes its process to be used after it has been freed, creating an exploitable "dangling pointer" condition. This vulnerability is entirely separate from the CSRSS NtRaiseHardError message box flaw publicly disclosed in December 2006, although both affect code within the CSRSS process. It is interesting to note that this vulnerability only affects Windows Vista, due to new, flawed code added to CSRSRV.DLL in support of functionality introduced in Vista.
9e3f9423f653ac1b326017f5be448337555ba6f9473c7cb24c27270a9d983e2deEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that allows an unprivileged user with the ability to execute a program to fully compromise an affected system. All x86 versions of Windows up to and including Windows Server 2003 SP2 are vulnerable. The Windows kernel's Virtual DOS Machine (VDM) implementation features a race condition through which a malicious program can modify the first 4KB page of physical memory (also known as the "zero page"). The data in this region of memory is trusted and may be subsequently used by other Virtual DOS Machines, including a VDM instantiated by the Windows kernel as part of hibernating or effecting a blue-screen crash. Exploitation of this vulnerability therefore allows arbitrary code to run within other users' VDM processes, and even within the kernel if hibernation or a blue-screen can be provoked by any available means.
caf6c1119af3dab28ff1f2c0a10db34ba618823144b84c2fc3c5d0c70a778133Secunia Security Advisory - eEye Digital Security has reported a vulnerability in Windows Vista, which can be exploited by malicious, local users to gain escalated privileges.
1664650e5f0d3490b5de75aa8057baf6d3ab626676846348cb7d0c332565a757Secunia Security Advisory - eEye Digital Security has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
f493da8edf629f010c782c6041f3e3001f14cca49d02cae9c61f6c88dca5a871eEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.
6954f6306f926edd1c4a4b0dcac3b5fd90102d5b9255732d3a228f9efd4ef61aeEye Digital Security has discovered a stack buffer overflow in Adobe Download Manager, a utility typically installed for the purpose of downloading Adobe software such as Adobe (Acrobat) Reader. By opening a malicious AOM file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user. Adobe Download Manager versions 2.1.x and below are affected.
5fe805f75d967bc79ae983d8de02831c3dd55807784e321a24b62a1b32608e17eEye Digital Security has discovered a second heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Windows 2000, Windows XP SP1, and Windows 2003 SP0 systems running Internet Explorer 5 SP4 or Internet Explorer 6 SP1, with the MS06-042 patch applied, are vulnerable; unpatched and more recent versions of Internet Explorer are not affected.
69775c157322e3ccfd4e271a49bc2f9a19813713532ec62e509a70315569839ceEye Digital Security has discovered a heap overflow vulnerability in the MS06-042 cumulative Internet Explorer update that would allow an attacker to execute arbitrary code on the system of a victim who attempts to access a malicious URL. Only Windows 2000 and Windows XP SP1 systems running Internet Explorer 6 SP1 with the MS06-042 patch applied are vulnerable.
140740018944f8f8fb1cd1ce93819ababbcebc675a58daa37730a7bec43591c1eEye has confirmed that the Internet Explorer crash vulnerability as described in MS06-042 is indeed exploitable.
25511fcd2687aa34d588259c7d6ccedff89b97a4eb9e6853540042e50efcb196eEye Digital Security has discovered a security vulnerability in IBM's eGatherer ActiveX control. This is the second vulnerability found in this control by eEye Research, the first being from Drew Copley. This control is typically installed by default on IBM workstations and laptops, and is used by default for auto-finding drivers/updates on IBM's/Lenovo's support site.
9c84908e1b617bcd8bdf8c955b46130747f8f7e108a5d3bf442c32fe17b7a573eEye Digital Security has discovered a vulnerability in McAfee Security Center that ships with all McAfee consumer products. There is a remote code execution vulnerability that allows an attacker to take complete control of a remote computer by exploiting a vulnerability found in the Subscription Manager ActiveX control.
33f57785079720127a76ff9e72a1751b5ec39328493dd4c70ff158e5396f4cd4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed