Eeye Advisory - Both Macromedia Coldfusion 6.0 and Macromedia JRun 4.0 along with their prior versions are vulnerable to various heap overflows when handling URI filenames larger than 4096 bytes..
90b2b823b8a467f8fa059878b381391c6e1fa419031b09b61b9981944581ebd7eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Apple's QuickTime Player. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. Versions affected are Apple QuickTime 6.5 and Apple iTunes 4.2.0.72.
23422f64bc4e7a74941faa7d950894e64994663ccbfd1bcf7dc0f7fbb51a6548eEye Security Advisory - eEye Digital Security has discovered a severe denial of service vulnerability in the Symantec Client Firewall products for Windows. The vulnerability allows a remote attacker to reliably render a system inoperative with one single packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the component that performs low level processing of TCP packets.
145ded9725a9da33875b70d37b0748495d13246a5489f58b4d40c3b08b3d3e92eEye Security Advisory - eEye Digital Security has discovered a security hole in Yahoo! Mail which allows a remote attacker to take over an account remotely by sending a specially crafted email.
ebcdad08b6b5b55406cc6abe44da9de0baab72d3294fc53e632ae9a3567d1e68eEye Security Advisory - A critical vulnerability has been discovered in the PAM component used in all current ISS host, server, and network device solutions. A routine within the Protocol Analysis Module (PAM) that monitors ICQ server responses contains a series of stack based buffer overflow vulnerabilities. If the source port of an incoming UDP packet is 4000, it is assumed to be an ICQ v5 server response. Any incoming packet matching this criterion will be forwarded to the vulnerable routine. By delivering a carefully crafted response packet to the broadcast address of a network operating RealSecure/BlackICE agents an attacker can achieve anonymous, remote SYSTEM access across all vulnerable nodes.
c6c0d8948e71c161a5add829f745ebab0f86413f58d23225b1380cf524cb01c0eEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in both RealSecure and BlackICE. The vulnerability allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code within the SYSTEM context. This attack will succeed with BlackICE using its most paranoid settings.
93cd5a0b4754b466a9453652642e3208192566bab669f59e2f78794309c03ac3eEye Security Advisory - Zonelabs Pro/Plus/Integrity versions 4.0 and above are susceptible to a stack based buffer overflow within vsmon.exe that can be exploited to execute code with the context of the SYSTEM account. The vulnerability exists within the component responsible for processing the RCPT TO command argument.
a0725e7ec08055483e5b54ac2703231057838074d0fb3f3ce1007b83e9fe049dCERT Advisory TA04-041A - Multiple integer overflow vulnerabilities in the Microsoft Windows ASN.1 parser library could allow an unauthenticated, remote attacker to execute arbitrary code with SYSTEM privileges. Related eEye advisory here.
d15efbcc2142bc5ef34ae1dde8178035fc9aac8c3983d2d7ee7acf880431603ceEye Security Advisory - eEye Digital Security has discovered a second critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that allows an attacker to overwrite heap memory with data he or she controls and cause the execution of arbitrary code. ASN.1 is an industry standard used in a variety of binary protocols, and as a result, this flaw in Microsoft's implementation can be reached through a number of Windows applications and services. Ironically, the security-related functionality in Windows is especially adept at rendering a machine vulnerable to this attack, including Kerberos (UDP/88) and NTLMv2 authentication (TCP/135, 139, 445).
8815b9231e3ce56295d951ce888973253d6699e1085fcffeabace7cd8f1ce3dfeEye Security Advisory - eEye Digital Security has discovered a critical vulnerability in Microsoft's ASN.1 library (MSASN1.DLL) that would allow an attacker to overwrite heap memory on a susceptible machine and cause the execution of arbitrary code. Because this library is widely used by Windows security subsystems, the vulnerability is exposed through an array of avenues, including Kerberos, NTLMv2 authentication, and applications that make use of certificates (SSL, digitally-signed e-mail, signed ActiveX controls, etc.).
1de333b1ddd32e19f140c70af8d8745df36130a84594833d58298734c09ce432eEye Digital Security has discovered a critical remote vulnerability in the way Microsoft Windows handles certain RPC requests. A vulnerability exists within the DCOM (Distributed Component Object Model) RPC interface. Sending a malformed request packet, it is possible to overwrite various heap structures and allow the execution of arbitrary code. Note: this vulnerability differs from the vulnerability publicized in Microsoft Bulletin MS03-026.
f689147bd2508bf3e6d1fbd617e83c294c0b6a73992a8551f67234a00531c929eEye Advisory - There is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed almost all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a web page as silently and as easily as Internet Explorer parses image files or any other safe HTML content. Version affected: Microsoft Internet Explorer 5.01, 5.5, 6.0, and 6.0 for Windows Server 2003.
dd79f9814eb5b13d2de07d11deb7d6f23493a7bf6e0bf540ffc5293f0568e45cEeye Advisory - The "SQL Sapphire" worm is spreading quickly among unpatched Microsoft SQL Server 2000 pre SP 2 systems on the internet with are accessible over port 1434 udp. Includes a detailed analysis of the worms payload.
1fd78f476cf00ccc0de6101ec49913f97a341524cce0732945250de296f1ea4cEEye Security Advisory - During a review of the PNG image format implemented in Microsoft Windows, pngfilt.dll, serious vulnerabilities were discovered related to the interpretation of PNG image data. The more serious bug is a heap overflow which can be exploited to execute code when the malicious PNG image is viewed. IE 5.01-6.0 is vulnerable, along with the IE web control for Outlook, Access 2000, Backoffice, Microsoft Visual Studio .NET 2002, Office 2000, Office XP pro, Project 2002 Professional, Publisher 98, SNA Server 4.0, SQL Server 7.0, Visio 2002, Visual Basic .NET Standard 2002, Visual C, Visual C++ .NET Standard 2002, Visual FoxPro 7.0, Visual Studio 6.0, Windows 2000, Windows 95, Windows 98, NT, and XP. Microsoft advisory is ms02-066.
f11b994b879980c3165d71f5cef07811d6d5feb5f65c16286a58a35a2b0cacf3Eeye Security Advisory - iPlanet Web Server 4.1 and 6.0 contains a remotely exploitable heap overflow in the transfer chunking which allows remote code execution as SYSTEM/root on all platforms.
d2375ece94681f4833e85dbe34daf64ab6bdd23cbce71013a58fa28a9d8b5faeEeye Advisory - All versions of Macromedia Shockwave Flash for Windows and Unix contains remotely exploitable overflows in the handling of SWF files. Since this is a browser based bug, it makes it trivial to bypass firewalls and attack the user at his desktop. Also, application browser bugs allow you to target users based on the websites they visit, the newsgroups they read, or the mailing lists they frequent.
ef61f5c7bb22a7f1570c610ede3c3d279065fdc8c0930aa34c2231c4cd2e2ea9Eeye Advisory - The NAI PGP Outlook plug-in in NAI PGP Freeware 7.0.3, PGP Personal Security 7.0.3, and PGP Desktop Security 7.0.4 contains a remotely exploitable heap overflow which can lead to code execution. NAI patch available here.
e7216236aa140bde90e0b6a185d4054a32eb6585e3527ebacfa7d3f1141d1b94Eeye Advisory - IIS 4.0 and 5.0 for Windows NT and 2000 contain a remotely exploitable heap overflow which allows remote code execution. The bug is in transfer chunking in combination with the processing of HTR request sessions.
48ccb83f54a8646059f912592e5f6d519b887ca5833838d10ec76f21014b6fa0A buffer overflow vulnerability has been found by eEye in the parameter handling of the MSN Messenger OCX and can allow remote code execution on affected systems.
76df0e68a796ea743a0cc568c84f1055d8df681f7945e0a436d49f5ed4e21b47Eeye Security Advisory - Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access). Affects Microsoft Windows 2000 Internet Information Services 5.0 + Service Pack 1. The vulnerability arises when a buffer of aprox. 420 bytes is sent within the HTTP Host: header for a .printer ISAPI request. Successful attacks are not logged in the IIS access logs.
823ece01e6bb14f8b3fbea2b4d268322ebb462e32c5dedd81802824820639ecfNMAP NT - eEye originally developed Nmapnt for Windows NT/2000 and had made it available in the past for download. Recently, eEye security no longer makes this program available and there does not seem to be any mention of anywhere else. No installation needed. Requires packet capture drivers, available here.
9ef4874e10534cb7a123df8e2da277b5b26d25f6239b7af35874824068d68b8dISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.
cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06cccUSSR Advisory #52 - Clarification. To clear up a few comments about USSR Advisory #52. One regarding the DoS against Iris 1.01 "BETA", and the other regarding "in this case Eeye".
d896e26836e7ab23f58fb1922907ce3ec2c70631df59172b191a984429cad68dUSSR Advisory #52 - The Ussr Team has found a problem in Eeye IRIS 1.01, There is a heap memory buffer overflow in IRIS 1.01 that causes not only this network sniffing program to crash, but also to take system resources up to 100% usage, until it crashes. The vulnerability arises after sending multiple udp connection to random ports on the host that IRIS or SpyNet CaptureNet is running.
e25834b44f953097671edf9008a232d79595b71f52b4a93e91e5a6cea8335b80Wingate.py is a dos exploit for Qbik wingate 3.0. Connects to tcp port 2080 and sends 2000 characters, causing all wingate services to crash. Origional bug found by eEye.
afd3c1b45990cec90d6d28919ea835f444a7fef236f733a9dc69806fde9832f3eeye.99-02-22.wingate
75296fecb26152a52ce6f1a407ca4f483e0f650876e01f1ed6aab6c41f3e99a5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
