Eeye Advisory - Both Macromedia Coldfusion 6.0 and Macromedia JRun 4.0 along with their prior versions are vulnerable to various heap overflows when handling URI filenames larger than 4096 bytes..
90b2b823b8a467f8fa059878b381391c6e1fa419031b09b61b9981944581ebd7Secunia Security Advisory - eEye Digital Security has reported a vulnerability in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system.
14e5ea561dfc82f0ded49864e2548dc73e4b8722e8662f0953b4a196250fcf39eEye Security Advisory - eEye Digital Security has discovered a vulnerability in Macromedia Flash Player versions 6 and 7 that will allow an attacker to run arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious SWF file in order to redirect execution into attacker-supplied data.
9fed5fc5b6f35c0a68064bb3eba38b089f2ea09373f01b1eca9cbef787d60c1feEye Security Advisory - eEye Digital Security has discovered a vulnerability in the Windows Media Player 9 AVI movie DirectX component that allows memory at an arbitrary address to be modified when a specially crafted AVI file is played. Exploitation of this vulnerability can allow the execution of attacker-supplied code on a victim's system with the privileges of the user who attempted to open the movie file. This vulnerability has been identified in a component of DirectX.
a87f037c194fc9f1bd764ccbf3d7b854412d07eb18190c6a967d1ebfe483a8abeEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way a Microsoft Design Tools COM object allocates and uses heap memory. An attacker could design a web page or HTML document that exploits the vulnerability in order to execute arbitrary code on the system of a user who views it.
b4712c870bdcac60468002316153f70a792b81b9fe6c673800af6b3c5d03b1bdeEye Security Advisory - eEye Digital Security has discovered a vulnerability in the Windows Plug and Play Service that would allow an unprivileged user to execute arbitrary code with SYSTEM privileges on a remote Windows 2000 or XP SP1 system. On Windows XP SP2, this vulnerability could be exploited by an unprivileged user to gain full privileges on a system to which he is logged in interactively.
846bcdcac256df0db0e4e7c5c0a2e07e6e237430fc7f1965fc0222d7ee188ed3eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in the Microsoft Distributed Transaction Coordinator (MSDTC) service that would allow an anonymous attacker to take complete control over an affected system. MSDTC listens on TCP port 3372 and a dynamic high TCP port, and is enabled by default on all Windows 2000 systems.
337058a7bf5cc5f2e313c072c885bd813f962b1a071b4babbe28a29cef9196a1eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. This specific flaw exists within the vidplin.dll file used by RealPlayer. By specially crafting a malformed .avi movie file, a direct heap overwrite is triggered, and reliable code execution is then possible. This vulnerability can be trigger when a user views a webpage, or opens an .avi file via email, instant messenger, or other common file transfer programs.
847a8e37f9bd046455e0c8e37d152a9ed8be41d8c966b8aced5ac3d1b07ef988eEye Security Advisory - eEye Digital Security has discovered a vulnerability in the way various versions of Windows handle Windows Help (.CHM) files. If exploited, this vulnerability allows arbitrary code to be executed by the remote attacker. A malicious .CHM file can be opened by Internet Explorer without user interaction by using the ms-its protocol specification.
8436f65d98a23317ef683d3d5247c324f8f9d5b1ccfee3217464b065fe672198eEye Security Advisory - eEye Digital Security has discovered multiple stack-based vulnerabilities within the licensing component that processes incoming network requests in the Computer Associates License Management software.
5797432c9b96dca5b15d0492af228f5700c812e44f776bf9de0dc187869c5343eEye Security Advisory - eEye Digital Security has discovered a vulnerability in Windows SMB client's handling of SMB responses. An attacker who can cause an affected system to connect to the SMB service on a malicious host may exploit this vulnerability in order to execute code on the victim's machine.
fb5cde16136522ffabad3105abe6c68b80f0e9d341455fd15d9d4f83ad98b828Findjmp2.c is a tool which scans for call/jmp/pushret offsets, and logs to a file. This is a modified version of the Eeye tool Findjmp.
ded944f6f1617a78aca173788e57b43956af8818eef58eb78f07ee8c81cc8baeeEye Security Advisory - eEye Digital Security has discovered a vulnerability in USER32.DLL's handling of Windows animated cursor (.ani) files that will allow a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code.
275e5b4949a24a8547c74682fdeec54126ea87b623d08487cd69e083d0ae8d7aeEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Kerio Personal Firewall product for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP, UDP, and ICMP packets. Kerio Personal Firewall 4.1.1 and prior.
fc6f56e7525fecf78e38a0422cab20e07b4c2aaa3e3c445f0184c3b32f6f9403eEye Security Advisory - eEye Digital Security has discovered a vulnerability in RealPlayer that allows a remote attacker to reliably overwrite the stack with arbitrary data and execute arbitrary code in the context of the user under which the player is running.
4228c29ddc8f4a770989a7a4523551435648a017959562fee57351d9d722789ceEye Security Advisory - eEye Digital Security has discovered a buffer overflow in DUNZIP32.DLL, a module that offers support for ZIP compressed folders in the Windows shell. An exploitable buffer overflow occurs when a user opens a ZIP folder that contains a long file name.
74498eeb938601ac386acca23e9c64ceb6dd02a5bcd6488628996a9f230da45beEye Security Advisory - Windows VDM #UD Local Privilege Escalation. Describes in more detail but with different terminology the "shatter" attacks corrected by MS04-032, and also discussed in a paper by Brett Moore.
6d969851dce47717c7c8d2b34a7d86e3e4b6339359ea1b5ff2767ce9961e7872eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player.
e93f778f26d18f33810800c16fef48bdb27aaf1a310a9f5adc949395b0e5296aeEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed eGatherer activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. This is installed by default on many popular IBM PC models.
6599862e14320181a6e068e3cea972c1e37c7c9c9660660f00865030c0c1566aeEye Security Advisory - eEye Digital Security has discovered a security vulnerability in IBM's signed acpRunner activex. Because this application is signed, it might be presented to users on the web for execution in the name of IBM. If users trust IBM, they will run this, and their systems will be compromised. This activex was designed by IBM to be used for an automated support solution for their PC's. An unknown number of systems already have this activex on their systems. Version affected is 1.2.5.0.
2b6bac2ea94d90530ba2aaba9296ae3ea83b7a8958d58406bb05f94b3b8ed1b6eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite heap memory with arbitrary data and execute arbitrary code in the context of the user who executed the player or application hosting the RealMedia plug-in. This specific flaw exists within the embd3260.dll file used by RealPlayer. By specially crafting a malformed movie file along with an HTML file, a direct heap overwrite is triggered, and reliable code execution is then possible. Systems Affected: RealOne Player, RealOne Player v2, RealPlayer 10, RealPlayer 8, RealPlayer Enterprise.
7947dd5f305ea9cdbbffb6a947c20d36de581d05306a574cdfa1fe8b8b697c67Remote denial of service exploit that makes use of the flaw eEye found in Symantec Norton Personal Firewall and other related products. Sends a malicious DNS response packet to a vulnerable host, causing the kernel to go into an infinite loop. Tested against Symantec Norton Personal Firewall 2004.
210a95aedb58ff218b08a68c2698d26d830137378183d72bec41e0c872f2d24deEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. There is a remote heap corruption vulnerability in SYMDNS.SYS, a driver that validates NetBIOS Name Service responses, which can lead to execution of arbitrary code for various Symantec products. Successful exploitation of this flaw yields remote kernel access to the system. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
bfe54b66a1fa04ed44f2d88c757986016681f5a3533be9a4667bf86c61c22664eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in the Symantec firewall product line that would allow a remote, anonymous attacker to execute arbitrary code on a system running an affected version of the product. By sending a single specially-crafted NetBIOS Name Service (UDP port 137) packet to a vulnerable host, an attacker could cause an arbitrary memory location to be overwritten with data he or she controls, leading to the execution of attacker-supplied code with kernel privileges and the absolute compromise of the target. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
8b0422b0cf3e0350cabdd99e47019446ad294a418bd75076bbf3b6a8ddc52f6feEye Security Advisory - eEye Digital Security has discovered a second vulnerability in the Symantec firewall product line that can be remotely exploited to cause a severe denial-of-service condition on systems running a default installation of an affected version of the product. By sending a single malicious DNS (UDP port 53) response packet to a vulnerable host, an attacker can cause the Symantec DNS response validation code to enter an infinite loop within the kernel, amounting to a system freeze that requires the machine to be physically rebooted in order to restore operation. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
9586423e4a36c89f9ed7bf1939b4d9b4bc57ec4d8c57dca66ad3372b2230d08beEye Security Advisory - eEye Digital Security has discovered a critical remote vulnerability within the Symantec firewall product line. A buffer overflow exists within a core driver component that handles the processing of DNS (Domain Name Service) requests and responses. By sending a DNS Resource Record with an overly long canonical name, a traditional stack-based buffer overflow is triggered. Successful exploitation of this flaw yields remote KERNEL access to the system. With the ability to freely execute code at the Ring 0 privilege level, there are literally no boundaries for an attacker. It should also be noted, that due to a separate design flaw in the firewalls handling of incoming packets, this attack can be successfully performed with all ports filtered, and all intrusion rules set. Systems Affected: Symantec Norton Internet Security 2002/2003/2004, Symantec Norton Internet Security Professional 2002/2003/2004, Symantec Norton Personal Firewall 2002/2003/2004, Symantec Client Firewall 5.01/5.1.1, Symantec Client Security 1.0/1.1/2.0(SCF 7.1), and Symantec Norton AntiSpam 2004.
e473df5134bac9a2cc199d33e7d6e380a34d5d87ed5086575e9a0e9f4c5e035f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed