Информационная безопасность
[RU] switch to English


Переполнение буфера в Capilano DesignWorks
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9492
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файла .CCT
Затронутые продукты:CAPILANO : DesignWorks Professional 4.3
Оригинальный текстdocumentXubucrus Djug, DesignWorks Professional 4.3.1 Local .CCT File Stack Buffer Overflow (PoC) (10.12.2008)
Файлы:Exploits DesignWorks Professional 4.3 buffer overflow

Многочисленные уязвимости безопасности в ActiveX-элементах Microsoft Visual Basic
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9494
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждения памяти в элементах DataGrid, FlexGrid, Hierarchical FlexGrid, Windows Common AVI, Charts, Masked Edit
Затронутые продукты:MICROSOFT : Frontpage 2002
 MICROSOFT : Visual Studio .Net 2003
 MICROSOFT : Project 2003
 MICROSOFT : Visual Studio .NET 2002
 MICROSOFT : Visual Basic 6.0 Runtime Extended Files
 MICROSOFT : Visual FoxPro 8.0
 MICROSOFT : Visual FoxPro 9.0
 MICROSOFT : Project 2007
CVE:CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability.")
 CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability.")
 CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability.")
 CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability.")
 CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability.")
 CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability.")
Оригинальный текстdocumentSECUNIA, Secunia Research: Microsoft Hierarchical FlexGrid Control Integer Overflows (10.12.2008)
 documentZDI, ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) (10.12.2008)
Файлы:Microsoft Security Bulletin MS08-070 - Critical Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)

Многочисленные уязвимости безопасности в библиотеке GDI Microsoft Windows
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9495
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение буфера и целочисленное переполнение при разборе WMF.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability.")
 CVE-2008-2249
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 12.09.08: Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802) (10.12.2008)
Файлы:Microsoft Security Bulletin MS08-071 – Critical Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Многочисленные уязвимости безопасности в Microsoft Windows Search
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9497
Тип:клиент
Уровень опасности:
8/10
Описание:Выполнение кода через сохраненные запросы и через URI search-ms:
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
CVE:CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability.")
 CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349) (10.12.2008)
Файлы:Microsoft Security Bulletin MS08-075 – Critical Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)

Многочисленные уязвимости безопасности в Microsoft Windows Media Player
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9498
Тип:клиент
Уровень опасности:
5/10
Описание:Утечка и релеинг учетных данных NTLM.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability.")
 CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS08-076 – Important Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) (10.12.2008)
Файлы:Microsoft Security Bulletin MS08-076 – Important Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Несанционированный доступ к Microsoft Sharepoint
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9499
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможен прямой доступ к URL администрирования без аутентификации.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
 MICROSOFT : Microsoft Search Server 2008
CVE:CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS08-077 - Important Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175) (10.12.2008)

Ошибка форматной строки в VNC-клиенте Vinagre
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9500
Тип:клиент
Уровень опасности:
5/10
Описание:Ошибка форматной строки в имени VNC.
Затронутые продукты:VINAGRE : Vinagre 2.24
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-1127 - Vinagre show_error() format string vulnerability (10.12.2008)

Ошибка форматной строки в BMC Patrol Agent
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9501
Тип:удаленная
Уровень опасности:
5/10
Описание:Ошибка форматной строки через номер версии при логгировании.
Затронутые продукты:BMC : PATROL Agent 3.7
Оригинальный текстdocumentZDI, ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability (10.12.2008)

Межсайтовая подмена запросов в DD-WRT
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9503
Тип:удаленная
Уровень опасности:
5/10
Описание:Отсутствует защита от перенаправления форм.
Затронутые продукты:DDWRT : DD-WRT 24
Оригинальный текстdocumentth3.r00k_(at)_gmail.com, Multiple XSRF in DD-WRT (Remote Root Command Execution) (10.12.2008)
Файлы:Exploits Multiple XSRF in DD-WRT

Обход аутентификации через распознавания лица
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9504
Тип:локальная
Уровень опасности:
5/10
Описание:Аутентифкация может быть проведена с помощью серии спецуиально подобраных фотографий или видеоизображения.
Затронутые продукты:TOSHIBA : Toshiba Face Recognition 2.0
 ASUS : Asus SmartLogon 1.0
 LENOVO : Lenovo Veriface III
Оригинальный текстdocumentSecurity Vulnerability Research Team, [SVRT-07-08] Vulnerability in Face Recognition Authentication Mechanism of Lenovo-Asus-Toshiba Laptops (10.12.2008)

DoS против HP OpenView Reporter / HP OpenView Performance Agent
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9505
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : OpenView Reporter 3.7
 HP : HP Performance Agent 4.70
 HP : HP Reporter 3.8
 HP : OpenView Performance Agent 4.60
 HP : OpenView Performance Agent 4.61
CVE:CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 (aka 4.70), HP OpenView Performance Agent C.04.60 and C.04.61, HP Reporter 3.8, and HP OpenView Reporter 3.7 (aka Report 3.70) allows remote attackers to cause a denial of service via an unspecified series of RPC requests (aka Trace Event Messages) that triggers an out-of-bounds memory access, related to an erroneous object reference.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02391 SSRT071481 rev.1 - HP OpenView Reporter and HP Reporter Running on Windows, Remote Denial of Service (DoS) (10.12.2008)
 documentHP, [security bulletin] HPSBMA02390 SSRT071481 rev.1 - HP OpenView Performance Agent, HP Performance Agent, Remote Denial of Service (DoS) (10.12.2008)

DoS против маршрутизатора Neostrada Livebox
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9506
Тип:удаленная
Уровень опасности:
4/10
Описание:DoS на обработке определенного HTTP-запроса.
Оригинальный текстdocument0in.email_(at)_gmail.com, Neostrada Livebox Remote Network Down PoC Exploit (10.12.2008)
Файлы:Neostrada Livebox Remote Network Down Exploit

DoS против беспроводных маршрутизаторов Aruba Mobility Controller
Опубликовано:10 декабря 2008 г.
Источник:
SecurityVulns ID:9507
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ на EAP-аутентификации.
Затронутые продукты:ARUBANETWORKS : ArubaOS 2.4
 ARUBANETWORKS : ArubaOS 2.5
 ARUBANETWORKS : ArubaOS 3.1
 ARUBA : ArubaOS 3.2
 ARUBANETWORKS : ArubaOS 3.3
Оригинальный текстdocumentRobbie (Rupinder) Gill, DoS Vulnerability in Aruba Mobility Controller Caused by Malformed EAP Frame (Aruba Advisory ID: AID-12808) (10.12.2008)

Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 10 декабря 2008 г.
Опубликовано:11 декабря 2008 г.
Источник:
SecurityVulns ID:9493
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти при разборе .doc и .xls
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability.")
 CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability.")
 CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability.")
 CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.)
 CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability.")
 CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.)
 CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.)
 CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability.")
 CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability.")
 CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability.")
 CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability.")
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, iDefense Security Advisory 12.10.08: Microsoft Excel Malformed Object Memoy Corruption Vulnerability (11.12.2008)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability (11.12.2008)
 documentZDI, ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability (10.12.2008)
 documentZDI, ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability (10.12.2008)
 documentZDI, ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability (10.12.2008)
 documentSECUNIA, Secunia Research: Microsoft Excel NAME Record Array Indexing Vulnerability (10.12.2008)
 documentSECUNIA, Secunia Research: Microsoft Word RTF Polyline/Polygon Integer Overflow (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) (10.12.2008)
Файлы:Microsoft Security Bulletin MS08-072 - Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)
 Microsoft Security Bulletin MS08-074 - Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 10 декабря 2008 г.
Опубликовано:14 декабря 2008 г.
Источник:
SecurityVulns ID:9502
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:EZ : ez publish 3.10
 EZ : ez publish 4.0
 PRESTASHOP : PrestaShop 1.1
 PHPEPPERSHOP : PHPepperShop 1.4
 XOOPS : XOOPS 2.3
Оригинальный текстdocumentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 с активацией учетной записи (14.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-041] Stored XSS Vulnerability in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-040] Multiple Local File Include Vulnerabilities in Xoops 2.3.x (10.12.2008)
 documentth3.r00k_(at)_gmail.com, XSS in PHPepperShop v 1.4 (10.12.2008)
 documentth3.r00k_(at)_gmail.com, Two XSS Flaws in PrestaShop 1.1.0.3 (10.12.2008)
 documentr3d.w0rm_(at)_yahoo.com, Joomla Component mydyngallery (10.12.2008)
 documentS4aVRd0w, Эксплоит для эксплуатации уязвимости EZSA-2008-003 (10.12.2008)
Файлы:eZ Publish privilege escalation exploit by s4avrd0w
 eZ Publish OS Commanding executing exploit by s4avrd0w
 EZ publish exploit with admin account activization

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 10 декабря 2008 г.
Опубликовано:29 декабря 2008 г.
Источник:
SecurityVulns ID:9496
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability.")
 CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability.")
 CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability.")
Оригинальный текстdocumentBrett Moore, [Full-disclosure] Insomnia : ISVA-081209.1 - IE Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentZDI, ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability (10.12.2008)
 documentIDEFENSE, iDefense Security Advisory 12.09.08: Microsoft Internet Explorer 5.01 EMBED tag Long File Name Extension Stack Buffer Overflow Vulnerability (iDefense Exclusive) (10.12.2008)
 documentMICROSOFT, Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215) (10.12.2008)
Файлы: Microsoft Internet Explorer XML Buffer Overflow Exploit
  Microsoft Security Bulletin MS08-073 - Critical Cumulative Security Update for Internet Explorer (958215)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород