Информационная безопасность
[RU] switch to English


Перенаправление запроса в Clear iSpot / Clearspot
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11298
Тип:удаленная
Уровень опасности:
4/10
Описание:Подмена запросов в интерфейсе администрирования.
CVE:CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.)
Оригинальный текстdocumentTrustwave Advisories, TWSL-2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities (15.12.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11303
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:BLOGCMS : BLOG:CMS 4.2
 SLICKMSG : slickMsg 0.7
 BEDITA : BEdita 3.0
Оригинальный текстdocumentHigh-Tech Bridge Security Research, XSRF (CSRF) in BEdita (15.12.2010)
 documentHigh-Tech Bridge Security Research, Stored Cross Site Scripting vulnerability in BEdita (15.12.2010)
 documentHigh-Tech Bridge Security Research, cross site scripting vulnerability in BLOG:CMS (15.12.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in BLOG:CMS (15.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in BLOG:CMS (15.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in BLOG:CMS (15.12.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in BEdita (15.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "url" BBCode XSS in slickMsg (15.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "post" - Non-persistent XSS in slickMsg (15.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : "post" - Non-persistent XSS in slickMsg (15.12.2010)
 documentAliaksandr Hartsuyeu, www.eVuln.com : BBCode CSS XSS in slickMsg (15.12.2010)

DoS против Microsoft Hyper-V
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11302
Тип:локальная
Уровень опасности:
5/10
Описание:Проблемы с обработкой сообщений VMBus
Затронутые продукты:MICROSOFT : Windows 2008 Server
CVE:CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability.")
Файлы:Microsoft Security Bulletin MS10-102 - Important Vulnerability in Hyper-V Could Allow Denial of Service (2345316)

Выполнение кода в Microsoft Sharepoint
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11308
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода в Document Conversions Launcher Service при обработке запроса SOAP.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
CVE:CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability.")
Файлы:Microsoft Security Bulletin MS10-104 - Important Vulnerability in Microsoft SharePoint Could Allow Remote Code Execution (2455005)

Переполнение буфера в IBM Tivoli Storage Manager
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11306
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера в suid root клиенте резервного копирования dsmtca
Затронутые продукты:IBM : Tivoli Storage Manager 5.5
 IBM : Tivoli Storage Manager 6.1
Оригинальный текстdocumentKryptos Logic Secure, Kryptos Logic Advisory: IBM Tivoli Storage Manager (TSM) Local Root (15.12.2010)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11301
Тип:удаленная
Уровень опасности:
9/10
Описание:Повреждения памяти при разборе OpenType Font, повышение привилегий через планировщик заданий, небезопасная загрузка динамических библиотек, многочисленные уязвимости в ядре, повышение привилегий через Consent User Interface, DoS против Netlogon.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability.")
 CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability.")
 CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability.")
 CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability.")
 CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability.")
 CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability.")
 CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability.")
 CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability.")
 CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability.")
 CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability.")
 CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability.")
 CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability.")
 CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability.")
 CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability.")
 CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.)
 CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability.")
 CVE-2010-3144 (Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability.")
 CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability.")
Оригинальный текстdocumentACROS Security, ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book (15.12.2010)
Файлы:Microsoft Security Bulletin MS10-093 - Important Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (2424434)
 Microsoft Security Bulletin MS10-094 - Important Vulnerability in Windows Media Encoder Could Allow Remote Code Execution (2447961)
 Microsoft Security Bulletin MS10-096 - Important Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089)
 Microsoft Security Bulletin MS10-097 - Important Insecure Library Loading in Internet Connection Signup Wizard Could Allow Remote Code Execution (2443105)
 Microsoft Security Bulletin MS10-092 - Important Vulnerability in Task Scheduler Could Allow Elevation of Privilege (2305420)
 Microsoft Security Bulletin MS10-095 - Important Vulnerability in Microsoft Windows Could Allow Remote Code Execution (2385678)
 Microsoft Security Bulletin MS10-098 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2436673)
 Microsoft Security Bulletin MS10-099 - Important Vulnerability in Routing and Remote Access Could Allow Elevation of Privilege (2440591)
 Microsoft Security Bulletin MS10-100 - Important Vulnerability in Consent User Interface Could Allow Elevation of Privilege (2442962)
 Microsoft Security Bulletin MS10-101 - Important Vulnerability in Windows Netlogon Service Could Allow Denial of Service (2207559)
 Microsoft Security Bulletin MS10-091 - Critical Vulnerabilities in the OpenType Font (OTF) Driver Could Allow Remote Code Execution (2296199)

Подмена адреса в Apple Safari / Google Chrome
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11304
Тип:клиент
Уровень опасности:
4/10
Оригинальный текстdocumentMichal Zalewski, minor browser UI nitpicking (15.12.2010)

DoS против HP OpenVMS Integrity Servers
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11305
Тип:локальная
Уровень опасности:
4/10
Затронутые продукты:HP : OpenVMS 8.3
 HP : OpenVMS 8.4
CVE:CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform on Integrity servers allows local users to gain privileges or cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBOV02618 SSRT100354 rev.1 - HP OpenVMS Integrity Servers, Local Denial of Service (DoS), Gain Privileged Access (15.12.2010)

DoS против Microsoft Exchange Server
Опубликовано:15 декабря 2010 г.
Источник:
SecurityVulns ID:11309
Тип:удаленная
Уровень опасности:
5/10
Описание:Бесконечный цикл при обработке RPC-запроса.
Затронутые продукты:MICROSOFT : Exchange Server 2007
CVE:CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability.")

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 15 декабря 2010 г.
Опубликовано:16 декабря 2010 г.
Источник:
SecurityVulns ID:11300
Тип:клиент
Уровень опасности:
9/10
Описание:Межсайтовый доступ к данным, многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Element Memory Corruption Vulnerability.")
 CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of cached content as HTML, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Cross-Domain Information Disclosure Vulnerability," a different vulnerability than CVE-2010-3348.)
 CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer Animation Use-after-free Vulnerability (VUPEN-SR-2010-199) (16.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability (15.12.2010)
 documentIDEFENSE, iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability (15.12.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer (2416400) (15.12.2010)
Файлы:Microsoft Security Bulletin MS10-090 - Critical Cumulative Security Update for Internet Explorer (2416400)

Закладка в HP StorageWorks MSA2000
дополнено с 15 декабря 2010 г.
Опубликовано:17 декабря 2010 г.
Источник:
SecurityVulns ID:11299
Тип:удаленная
Уровень опасности:
6/10
Описание:Скрытая неуправляемая учетная запись admin с паролем !admin.
Затронутые продукты:HP : StorageWorks MSA2000
CVE:CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.)
Оригинальный текстdocumentHP, [security bulletin] HPSBST02620 SSRT100356 rev.1 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access (17.12.2010)
 documentPavel Kankovsky, Re: hidden admin user on every HP MSA2000 G3 (15.12.2010)
 documenthpdisclosure_(at)_anonmail.de, hidden admin user on every HP MSA2000 G3 (15.12.2010)

Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 15 декабря 2010 г.
Опубликовано:28 декабря 2010 г.
Источник:
SecurityVulns ID:11307
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти в Publisher, многочисленные повреждения памяти в графических фильтрах.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Works 9
 MICROSOFT : Office 2010
CVE:CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability.")
 CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability.")
 CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability.")
 CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability.")
 CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability.")
 CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability.")
 CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability.")
 CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability.")
 CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability.")
 CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability.")
 CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability.")
 CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability.")
Оригинальный текстdocumentSECUNIA, Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability (28.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office FlashPix Property Set Parsing Buffer Overflow (22.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office TIFF Image Converter Endian Conversion Vulnerability (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office Document Imaging Endian Conversion Vulnerability (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office FlashPix Tile Data Two Buffer Overflows (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office PICT Filter Integer Truncation Vulnerability (21.12.2010)
 documentSECUNIA, Secunia Research: Microsoft Office TIFF Image Converter Two Buffer Overflows (21.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher Memory Corruption Vulnerability (VUPEN-SR-2010-041) (16.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher Size Value Heap Corruption Vulnerability (VUPEN-SR-2010-200) (16.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher Record Array Indexing Vulnerability (VUPEN-SR-2010-201) (16.12.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Publisher "pubconv.dll" Array Indexing Vulnerability (VUPEN-SR-2010-206) (16.12.2010)
Файлы:Microsoft Security Bulletin MS10-103 - Important Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2292970)
 Microsoft Security Bulletin MS10-105 - Important Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород