Информационная безопасность
[RU] switch to English


Повышение привилегий через драйверы многих принтеров Hewlett Packard (privilege escalation)
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7022
Тип:локальная
Уровень опасности:
7/10
Описание:По-умолчанию локальные пользоватли имеют полный доступ к службе принтера "PML Driver HPZ12" через диспетчер служб, что позволяет сконфигурировать собственный файл для запуска с привилегиями локальной системы.
Затронутые продукты:HP : HP PSC 700
 HP : HP PSC 900
 HP : HP PSC 1100
 HP : HP PSC 1200
 HP : HP PSC 1300
 HP : HP PSC 2100
 HP : HP PSC 2200
 HP : HP PSC 2400
 HP : HP PSC 2500
 HP : HP Officejet D
 HP : HP Officejet G
 HP : HP Officejet K
 HP : HP Officejet 4100
 HP : HP Officejet 5100
 HP : HP Officejet 5500
 HP : HP Officejet 6100
 HP : Officejet 7100
 HP : LaserJet 4650
CVE:CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as used by multiple HP products, uses insecure SERVICE_CHANGE_CONFIG DACL permissions, which allows local users to gain privileges and execute arbitrary programs, as demonstrated by modifying the binpath argument, a related issue to CVE-2006-0023.)
Оригинальный текстdocumentSowhat ., HP Multiple Products PML Driver Local Privilege Escalation (09.01.2007)

Переполнение буфера в Microsoft VML
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7028
Тип:клиент
Уровень опасности:
8/10
Описание:Переполнение буфера и целочисленные переполнения при разборе Vector Markup Language. Может быть использовано для скрытой установки вредоносного кода.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Multiple Microsoft Products VML 'recolorinfo' Element Integer Overflow Vulnerability (09.01.2007)
Файлы:MS07-004 VML integer overflow exploit
 Microsoft Security Bulletin MS07-004 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)

Переполнение буфера в ActiveX службы мгновенных сообщений Sina UC (buffer overflow)
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7026
Тип:клиент
Уровень опасности:
5/10
Описание:переполнение буфера в методе SendChatRoomOpt().
Затронутые продукты:SINAUC : Sina UC 2006
CVE:CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ActiveX Control in Sina UC2006 and earlier allow remote attackers to execute arbitrary code via a long string in the (1) astrVerion parameter to the SendChatRoomOpt function or (2) the astrDownDir parameter to the SendDownLoadFile function.)
Оригинальный текстdocumentSowhat ., Sina UC ActiveX Multiple Remote Stack Overflow (09.01.2007)

Многочисленные уязвимости в Cisco Clean Access (multiple bugs)
дополнено с 4 января 2007 г.
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:6997
Тип:удаленная
Уровень опасности:
7/10
Описание:Разделяемый пароль доступ одинаков для всех устройств и не может быть изменен. Возможно угадать расположение и загрузить резервную копию (snapshot) базы данных.
Затронутые продукты:CISCO : Cisco Clean Access 3.5
 CISCO : Cisco Clean Access 3.6
 CISCO : Cisco Clean Access 4.0
CVE:CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.)
 CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.)
Оригинальный текстdocumentDamir Rajnovic, Re: [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access (09.01.2007)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Clean Access (04.01.2007)

DoS против Avahi
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7018
Тип:клиент
Уровень опасности:
5/10
Описание:Некорректный DNS-ответ приводит к вечному циклу.
Затронутые продукты:AVAHI : Avahi 0.6
CVE:CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.)
Оригинальный текстdocumentMANDRIVA, [ MDKSA-2007:003 ] - Updated avahi packages fix DoS vulnerability (09.01.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7020
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:GFORGE : gforge 4.5
 MKPORTAL : MKPortal 1.1
 ALEXGUESTBOOK : @lex Guestbook 4.0
 GEOIP : geoip 1.4
 AJLOGIN : AJLogin 3.5
 EMEMBERSPRO : EMembersPro 1.0
 HARIKAONLINE : HarikaOnline 2.0
 UGUESTBOOK : Uguestbook 1.0
 NUNE : nune 2.0
CVE:CVE-2007-0205 (Multiple directory traversal vulnerabilities in @lex Guestbook 4.0.2 and earlier allow remote attackers to (1) include and execute arbitrary local files via a relative pathname in the lang parameter to index.php, which is handled in livre_include.php, and (2) possibly access arbitrary directories via the aj_skin and skin_edit parameters to admin/skins.php.)
 CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter.)
 CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain sensitive information via a direct request with an MK_PATH=1 query string, which reveals the path in an error message.)
 CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained in an IFRAME element, aka the "All Guests are Admin" attack.)
 CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal allows remote attackers to inject arbitrary web script or HTML via two certain fields in a contents_new operation in the ad_contents section.)
 CVE-2007-0189 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value.)
 CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.)
 CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage website allows remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter.)
 CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php in GForge 4.5.11 allows remote attackers to inject arbitrary web script or HTML via the words parameter.)
 CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with other aliases, allow remote attackers to execute arbitrary PHP code via a URL in the INC parameter in (1) config_admin.php, (2) config_main.php, (3) config_member.php, and (4) mysql_config.php in config/; (5) admin.php and (6) index.php in admini/; (7) paypalipn/ipnprocess.php; (8) index.php and (9) registration.php in members/; and (10) ppcbannerclick.php and (11) ppcclick.php in main/.)
 CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.)
 CVE-2007-0156 (M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb.)
 CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for harikaonline.mdb.)
 CVE-2007-0154 (Webulas stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/db.mdb.)
 CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.)
 CVE-2007-0151 (MitiSoft stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for access_MS/MitiSoft.mdb.)
 CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attackers to execute arbitrary PHP code via a URL in the (1) page, (2) subject, and (3) q parameters.)
 CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb.)
 CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attackers to execute arbitrary PHP code via a URL in the custom_admin_path parameter to (1) index.php or (2) archives.php.)
 CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter.)
Оригинальный текстdocumentIbnuSina, magic photo storage website Multiple Remote File Inclusion (09.01.2007)
 documentjose.palanco_(at)_eazel.es, GForge Cross Site Scripting vulnerability (09.01.2007)
 documentIbnuSina, ppc engine Multiple file inclusion (09.01.2007)
 documentIbnuSina, createauction (cats.asp) Remote SQL Injection Vulnerability (09.01.2007)
 documentk1tk4t_(at)_newhack.org, magic photo storage website Remote File Inclusion (09.01.2007)
 documentinfo_(at)_burnhead.it, MKPortal Full Path Disclosure (09.01.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, GeoBB Georgian Bulletin Board Remote File Include Vuln. (09.01.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, Dayfox Blog Remote File Include Vuln. (09.01.2007)
 documentXORON, NUNE News Script (custom_admin_path) Remote File Include Vulnerablity (09.01.2007)
 documentbeks, Uguestbook Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, Webulas Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, HarikaOnline v2.0 Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, M-Core Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, MitiSoft Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, EMembersPro 1.0 Remote Password Disclosure Vulnerability (09.01.2007)
 documentbeks, AJLogin v3.5 Remote Password Disclosure Vulnerability (09.01.2007)
 documentMANDRIVA, [ MDKSA-2007:004 ] - Updated geoip packages fix geoipupdate vulnerability (09.01.2007)
Файлы:@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

DoS против клиента ksirc
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7021
Тип:удаленная
Уровень опасности:
4/10
Описание:Обращение по нулевому указателю при разборе ответа сервера.
Затронутые продукты:KDE : KDE 3.5
 KDE : ksirc 3.5
CVE:CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.)
 CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.)
Оригинальный текстdocumentKDE, [KDE Security Advisory] ksirc Denial of Service vulnerability (09.01.2007)

Многочисленные переполнения буфера в Packeteer PacketShaper (buffer overflow)
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7023
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнения буфера в Web-интерфейсе и интерфейсе коммандной строки.
Затронутые продукты:PACKETEER : PacketShaper 9500
CVE:CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote authenticated users to cause a denial of service (reset or reboot) via (1) a long traffic class argument to the "class show" command or (2) a long POLICY parameter value in clastree.htm.)
Оригинальный текстdocumentkian.mohageri_(at)_gmail.com, Packeteer PacketWise CLI overflow DoS (09.01.2007)

Освобождение неинициализированного указателя в библиотеке GSS-API / MIT Kerberos kadmind (uninitialized free)
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7029
Тип:удаленная
Уровень опасности:
8/10
Описание:Освобождение невыделенной области памяти при исползовании механизма mechglue GSS API.
Затронутые продукты:MIT : krb5 1.5
CVE:CVE-2006-6144 (The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers.)
Оригинальный текстdocumentMIT, MITKRB5-SA-2006-003: kadmind (via GSS-API lib) frees uninitialized pointers (09.01.2007)

Повреждение памяти в проверке грамматики Microsoft Office 2003 (memory corruption)
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7031
Тип:клиент
Уровень опасности:
5/10
Описание:Повреждение памяти при проверке грамматики бразильского и португальского языков.
Затронутые продукты:MICROSOFT : Office 2003
CVE:CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS07-001 Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585) (09.01.2007)

Многочисленные уязвимости в браузере Opera (multiple bugs)
дополнено с 6 января 2007 г.
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7006
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждение динамической памяти при разборе JPEG, вызов функции по контролируемому указателю в Javascript.
Затронутые продукты:OPERA : Opera 9.02
CVE:CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.)
 CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.)
Оригинальный текстdocumentposidron, Opera JPEG processing - Heap corruption vulnerabilities (09.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability (06.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability (06.01.2007)
Файлы:Exploits Opera ntdll.RtlAllocateHeap() DHT vulnerability
 Exploits Opera ntdll.RtlAllocateHeap() SOS vulnerability

Вызов функции по неинициализированному указателю в библиотеке RPC / MIT Kerberos kadmind (uninitialized pointer)
Опубликовано:9 января 2007 г.
Источник:
SecurityVulns ID:7025
Тип:удаленная
Уровень опасности:
9/10
Описание:Вызов функции по неинициализированному указателю в серверной части RPC позволяет выполнение кода.
Затронутые продукты:MIT : krb5 1.4
 MIT : krb5 1.5
CVE:CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.)
Оригинальный текстdocumentMIT, MITKRB5-SA-2006-002: kadmind (via RPC lib) calls uninitialized function pointer (09.01.2007)

Многочисленные целочисленные переполнения в X.org / XFree86 (integer overflow)
дополнено с 9 января 2007 г.
Опубликовано:10 января 2007 г.
Источник:
SecurityVulns ID:7024
Тип:локальная
Уровень опасности:
6/10
Описание:Целочисленные переполнения в расширениях DBE и Renderer
Затронутые продукты:XFREE : XFree86 4.3
 XFREE : XFree86 4.6
 X.ORG : X.org 6.8
 XFREE : XFree86 4.5
 XFREE : XFree86 4.4
CVE:CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.)
 CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.)
 CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeSwapBuffers Memory Corruption Vulnerability (10.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.09.07: Multiple Vendor X Server DBE Extension ProcDbeGetVisualInfo Memory Corruption Vulnerability (10.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.09.07: Multiple Vendor X Server Render Extension ProcRenderAddGlyphs Memory Corruption Vulnerability (10.01.2007)
 documentUBUNTU, [USN-403-1] X.org vulnerabilities (09.01.2007)

Многочисленные уязвимости в Microsoft Outlook (multiple bugs)
дополнено с 9 января 2007 г.
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7030
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнения буфера при разборе файлов .iCal, .oss. DoS.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability.")
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.)
 CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.)
Оригинальный текстdocumentComputer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability (11.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) (09.01.2007)
Файлы:Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

Обход защиты Steganography / Camouflage (protection bypass)
дополнено с 9 января 2007 г.
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7019
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Файл со скрытой информацией имеет явную сигнатуру, при этом парольная защита от дешифрования реализована интерфейсно.
Затронутые продукты:SECUREKIT : Steganography 1.8
 SECUREKIT : Steganography 1.7
 TWISTEDPEAR : Camouflage 1.2
CVE:CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.)
 CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.)
Оригинальный текстdocumentthesinoda_(at)_hotmail.com, A Major design Bug in Camouflage 1.2.1 (latest) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, Cracking Steganography Application in less than ONE minute (09.01.2007)

Многочисленные переполнения буфера в Microsoft Excel (buffer overflow)
дополнено с 9 января 2007 г.
Опубликовано:1 февраля 2007 г.
Источник:
SecurityVulns ID:7027
Тип:клиент
Уровень опасности:
7/10
Описание:Переполнение буфера динамической памяти в значениях столбцах типа BIFF8. Переполнение буфера при длинном значении палитра столбца типа BIFF8.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.)
 CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.)
 CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability.")
 CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.)
 CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.)
Оригинальный текстdocumentLifeAsaGeek_(at)_gmail.com, MS07-002 EXCEL Malformed Palette Record Vulnerability DOS POC (01.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198) (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Invalid Column Heap Corruption Vulnerability (09.01.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 01.09.07: Microsoft Excel Long Palette Heap Overflow Vulnerability (09.01.2007)
Файлы:Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород