Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Core FTP Server
Опубликовано:8 июня 2010 г.
Источник:
SecurityVulns ID:10904
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные переполнения буфера, обратный путь в каталогах, DoS-условия.
Затронутые продукты:COREFTP : Core FTP Server 1.0
 COREFTP : Core FTP mini-sftp-server 1.19
Оригинальный текстdocumentleinakesi_(at)_gmail.com, Core FTP mini-sftp-server Several DoS and Directory Traversal Vulnerabilities (08.06.2010)
 documentleinakesi_(at)_gmail.com, Core FTP Server(SFTP module) 'open' and 'stat' Commands Remote Denial of Service Vulnerability (08.06.2010)

Проблема жестких ссылок в Exim
Опубликовано:8 июня 2010 г.
Источник:
SecurityVulns ID:10905
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема жестких ссылок при работе с почтовыми директориями и файлами локировки.
Затронутые продукты:EXIM : Exim 4.71
CVE:CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.)
 CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.)
Оригинальный текстdocumentDan Rosenberg, Multiple vulnerabilities in Exim (08.06.2010)

Инъекция SQL в RSA Key Manager
Опубликовано:8 июня 2010 г.
Источник:
SecurityVulns ID:10906
Тип:библиотека
Уровень опасности:
5/10
Описание:Инъекция SQL в процесс декодирования данных.
Затронутые продукты:EMC : RSA Key Manager Client 1.5
Оригинальный текстdocumentKyle Quest, RSA Key Manager SQL injection Vulnerability ( CVE-2010-1904 ) (08.06.2010)

Утечка информации в CA ARCserve Backup
Опубликовано:8 июня 2010 г.
Источник:
SecurityVulns ID:10907
Тип:локальная
Уровень опасности:
5/10
Затронутые продукты:CA : ARCserve Backup 11.5
 CA : ARCserve Backup 12.0
 CA : ARCserve Backup 12.5
CVE:CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.)
Оригинальный текстdocumentCA, CA20100603-01: Security Notice for CA ARCserve Backup (08.06.2010)

Повреждения памяти при разборе media-файлов в Microsoft Windows
Опубликовано:8 июня 2010 г.
Источник:
SecurityVulns ID:10910
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти при разборе JPEG / MJPEG
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability.")
 CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902) (08.06.2010)
Файлы:Microsoft Security Bulletin MS10-033 - Critical Vulnerabilities in Media Decompression Could Allow Remote Code Execution (979902)

Многочисленные уязвимости безопасности Microsoft Internet Explorer
Опубликовано:8 июня 2010 г.
Источник:
SecurityVulns ID:10912
Тип:клиент
Уровень опасности:
8/10
Описание:Межсайтовый скриптинг, утечка информации, многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a free of the root container, aka "Memory Corruption Vulnerability.")
 CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability.")
 CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-12579
 CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.)
 CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448.)
Оригинальный текстdocumentZDI, ZDI-10-102: Microsoft Internet Explorer Stylesheet Array Removal Remote Code Execution Vulnerability (08.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-035 - Critical Cumulative Security Update for Internet Explorer (982381) (08.06.2010)
Файлы:Microsoft Security Bulletin MS10-035 - Critical Cumulative Security Update for Internet Explorer (982381)

Выполнение кода через многочисленные ActiveX компоненты Microsoft Windows
дополнено с 8 июня 2010 г.
Опубликовано:9 июня 2010 г.
Источник:
SecurityVulns ID:10911
Тип:клиент
Уровень опасности:
7/10
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) WebScan ActiveX controls, as distributed on the CA Global Advisor web site until May 2009, allow remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2010-0811 (Unspecified vulnerability in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 and R2, and Windows 7 allows remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state.")
 CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability.")
Оригинальный текстdocumentCA, CA20100608-01: Security Notice for CA PSFormX and WebScan ActiveX Controls (09.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits (980195) (08.06.2010)
Файлы:Microsoft Security Bulletin MS10-034 - Critical Cumulative Security Update of ActiveX Kill Bits (980195)

Многочисленные уязвимости безопасности в Apple Webkit / Safari / Google Chrome
дополнено с 8 июня 2010 г.
Опубликовано:11 июня 2010 г.
Источник:
SecurityVulns ID:10908
Тип:библиотека
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, выполнение кода.
Затронутые продукты:APPLE : Safari 4.0
 GOOGLE : Chrome 3.0
 GOOGLE : Chrome 4.0
 APPLE : Safari 5.0
CVE:CVE-ID:CVE-2010-1391
 CVE-ID:CVE-2010-1390
 CVE-ID:CVE-2010-1389
 CVE-ID:CVE-2010-1388
 CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.)
 CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving fonts.)
 CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue.")
 CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.)
 CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.)
 CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML document subtrees.)
 CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Node.normalize method.)
 CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving DOM Range objects.)
 CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.)
 CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.)
 CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle changes to keyboard focus that occur during processing of key press events, which allows remote attackers to force arbitrary key presses via a crafted HTML document.)
 CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict remote execution of clipboard commands, which allows remote attackers to modify the clipboard via a crafted HTML document.)
 CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.)
 CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via a FRAME element with a SRC attribute composed of a javascript: sequence preceded by spaces.)
 CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.)
 CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly restrict the reading of a canvas that contains an SVG image pattern from a different web site, which allows remote attackers to read images from other sites via a crafted canvas, related to a "cross-site image capture issue.")
 CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue.")
 CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.)
 CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.)
 CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.)
 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.)
 CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service port.)
 CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099.)
 CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.)
 CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.)
 CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.)
 CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.)
 CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.)
 CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.)
 CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.)
 CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.)
 CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.)
 CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to removing container elements.)
 CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue.")
 CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.)
 CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.)
 CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.)
 CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.)
 CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.)
 CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.)
 CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.)
 CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.07.10: Multiple Vendor WebKit HTML Caption Use After Free Vulnerability (11.06.2010)
 documentZDI, ZDI-10-092: Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-095: Apple Webkit DOCUMENT_POSITION_DISCONNECTED Attribute Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-100: Apple Webkit ConditionEventListener Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-099: Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-094: Apple Webkit SelectionController via Marquee Event Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-096: Apple Webkit Recursive Use Element Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-098: Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-097: Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability (08.06.2010)
 documentZDI, ZDI-10-091: Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability (08.06.2010)
 documentAPPLE, VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392) (08.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392) (08.06.2010)

Повышение привилегий через win32k в Microsoft Windows
дополнено с 8 июня 2010 г.
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10909
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability.")
 CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability.")
 CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Kernel "GetDCEx()" Memory Corruption Vulnerability (CVE-2010-0484) (14.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-032 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) (08.06.2010)
Файлы:Microsoft Security Bulletin MS10-032 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород