Section: .. / 0808-advisories /
| /// File Name: |
07.31.08-1.txt |
Description:
|
iDefense Security Advisory 07.31.08 - Remote exploitation of an integer overflow vulnerability in Apple Inc.'s Mac OS X could allow an attacker to execute arbitrary code with the privileges of the currently logged in user. This vulnerability exists due to the way PDF files containing Type 1 fonts are handled. When processing a font with an overly large length, integer overflow could occur. This issue leads to heap corruption which can allow for arbitrary code execution. iDefense has confirmed the existence of this vulnerability in Mac OS X version 10.5.2. Previous versions may also be affected.
| | Author: | Pariente Kobi | | Homepage: | http://www.idefense.com/ | | File Size: | 3325 | | Related CVE(s): | CVE-2008-2322 | | Last Modified: | Aug 1 17:52:41 2008 |
| MD5 Checksum: | 772937f408af6494ec81f8661b04c5fb |
|
| /// File Name: |
08.01.08-1.txt |
Description:
|
iDefense Security Advisory 08.01.08 - Local exploitation of a file permissions modification vulnerability in the "verifydb" utility, as included with Ingres Database 2006 Release 2 for Linux, allows attackers to modify the permissions of files owned by the Ingres database user. iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3546 | | Related CVE(s): | CVE-2008-3356 | | Last Modified: | Aug 4 15:09:54 2008 |
| MD5 Checksum: | b4842abb9856dd9ae17a232dc2e55588 |
|
| /// File Name: |
08.01.08-2.txt |
Description:
|
iDefense Security Advisory 08.01.08 - Local exploitation of a stack-based buffer overflow vulnerability in the "libbecompat" library, as included in Ingres Database 2006 Release 2 for Linux, allows attackers to execute arbitrary code with the privileges of the Ingres user. iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3363 | | Related CVE(s): | CVE-2008-3389 | | Last Modified: | Aug 4 15:10:47 2008 |
| MD5 Checksum: | 3e245dbeb69b94fb8690ee5b24eb7233 |
|
| /// File Name: |
08.01.08-3.txt |
Description:
|
iDefense Security Advisory 08.01.08 - Local exploitation of an untrusted library path vulnerability in the "ingvalidpw" utility, as included in Ingres Database 2006 Release 2 for Linux, allows attackers to execute arbitrary code with root privileges. iDefense has confirmed the existence of this vulnerability in Ingres 2006 Enterprise Edition Release 2 for Linux x86 (32-bit). Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3364 | | Related CVE(s): | CVE-2008-3357 | | Last Modified: | Aug 4 15:11:26 2008 |
| MD5 Checksum: | 72c889cff9b25fd669fe4cf7f94845d5 |
|
| /// File Name: |
08.04.08-1.txt |
Description:
|
iDefense Security Advisory 08.04.08 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Sun Microsystems Inc.'s snoop could allow an attacker to execute arbitrary code with the privileges of the nobody user. Multiple buffer overflow vulnerabilities exist within the code that parses and displays SMB traffic. In most cases, exploitation is trivial as an attacker has full control of the data copied. iDefense has confirmed the existence of these vulnerabilities in snoop for Solaris 10 8/07. Other versions may also be affected.
| | Author: | Gael Delalleau | | Homepage: | http://www.idefense.com/ | | File Size: | 3554 | | Related CVE(s): | CVE-2008-0964 | | Last Modified: | Aug 13 00:50:44 2008 |
| MD5 Checksum: | f6f449c624aa67fe0a2bc65ed9374e5e |
|
| /// File Name: |
08.04.08-2.txt |
Description:
|
iDefense Security Advisory 08.04.08 - Remote exploitation of multiple format string vulnerabilities in Sun Microsystems Inc.'s snoop could allow an attacker to execute arbitrary code with the privileges of the nobody user. Multiple format string vulnerabilities exist within the code that parses and displays SMB traffic. All of the vulnerabilities are present due to unsanitized user input being passed to printf-style formatting function. This allows an attacker to overwrite arbitrary addresses with arbitrary data, which can result in the execution of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in snoop for Solaris 10 8/07. Other versions may also be affected.
| | Author: | Gael Delalleau | | Homepage: | http://www.idefense.com/ | | File Size: | 3697 | | Related CVE(s): | CVE-2008-0965 | | Last Modified: | Aug 13 00:52:02 2008 |
| MD5 Checksum: | 3887db6ae5d9651ff19db882b1e1b6b4 |
|
| /// File Name: |
08.12.08-1.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of a heap buffer overflow vulnerability in the "BMPIMP32.FLT" filter module, as distributed with Microsoft Office, allows attackers to execute arbitrary code. The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code. iDefense confirmed that the "BMPIMP32.FLT" module installed with Microsoft Office XP SP3, including all patches as of May 24, 2006, is vulnerable. Other versions may also be vulnerable.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4216 | | Related CVE(s): | CVE-2008-3020 | | Last Modified: | Aug 13 02:09:58 2008 |
| MD5 Checksum: | 69ad5b955ac8bff0b5f1a10806009492 |
|
| /// File Name: |
08.12.08-2.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Office filter for WordPerfect Graphics Files, could allow an attacker to execute arbitrary code with the privileges of the victim. This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code. iDefense has confirmed this vulnerability in the following versions of Microsoft Office; Office XP SP3, Office 2003 SP2, Office 97. Other versions may also be affected.
| | Author: | Damian Put | | Homepage: | http://www.idefense.com/ | | File Size: | 3946 | | Related CVE(s): | CVE-2008-3460 | | Last Modified: | Aug 13 02:13:59 2008 |
| MD5 Checksum: | 73fc127e380cf480fb78edda5252dd91 |
|
| /// File Name: |
08.12.08-3.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of an out of boundary array index vulnerability in Microsoft Corp.'s PowerPoint Viewer 2003 could allow an attacker to execute arbitrary code in the context of the user running the application. This vulnerability specifically exists in PowerPoint Viewer 2003 when handling certain records in a PowerPoint presentation file. In some circumstances, an array index can be directly controlled by data from within the PowerPoint presentation file. Thus, a function pointer can be directly controlled by the attacker and leveraged for arbitrary code execution. iDefense has confirmed that pptview.exe file version 11.0.5703.0 is vulnerable. Previous versions are also likely to be affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3904 | | Related CVE(s): | CVE-2008-0121 | | Last Modified: | Aug 13 02:15:45 2008 |
| MD5 Checksum: | 2678fdce1c494b2f84914fc23378da20 |
|
| /// File Name: |
08.12.08-4.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s PowerPoint Viewer 2003 could allow an attacker to execute arbitrary code in the context of the user running the application. This vulnerability specifically exists when handling CString objects embedded in a PowerPoint presentation file. An issue in this object results in a very small amount of buffer being allocated while a very large amount of data is copied into it. This leads to an exploitable heap-based buffer overflow. iDefense has confirmed that pptview.exe file version 11.0.5703.0 and file version 11.0.6566.0, as included in Microsoft Office 2003 SP2, are vulnerable. Other versions are also likely to be affected.
| | Author: | Ruben Santamarta | | Homepage: | http://www.idefense.com/ | | File Size: | 3716 | | Related CVE(s): | CVE-2008-0120 | | Last Modified: | Aug 13 02:16:33 2008 |
| MD5 Checksum: | 396ecf4f3a5c65f6dd3bccd2fad6f1ef |
|
| /// File Name: |
08.12.08-5.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This issue exists in the handling of "AxesSet" records within a chart embedded in a spreadsheet. This record is typically used for setting the location and size of a set of axes on a chart. This particular record type is not included in Microsoft's official documentation for the Excel file format. However, the freely available source code for OpenOffice implements this record type. When processing this record, Excel does not validate a value that is used as an index into the array of chart axes. By crafting an Excel spreadsheet (XLS) that contains an out-of-bounds array value, an attacker can cause memory corruption. This leads to a potentially exploitable condition. iDefense has confirmed the existence of this vulnerability with Office 2000 SP-3 fully patched as of March 2008. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 4263 | | Related CVE(s): | CVE-2008-3004 | | Last Modified: | Aug 13 02:18:19 2008 |
| MD5 Checksum: | fd66d4fe0e4b8bda0129a57258ab261d |
|
| /// File Name: |
08.12.08-6.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel could allows attackers to execute arbitrary code with the privileges of the current user. This issue exists in the handling of "FORMAT" records within an Excel spreadsheet (XLS). By crafting a spreadsheet with an out-of-bounds array index, attackers are able to cause Excel to write a byte to arbitrary locations in stack memory. iDefense has confirmed the existence of this vulnerability with Office 2000 SP-3 fully patched as of March 2008. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3825 | | Related CVE(s): | CVE-2008-3005 | | Last Modified: | Aug 13 02:19:10 2008 |
| MD5 Checksum: | 8722104d70c635fcf1baff7c2c01cc3d |
|
| /// File Name: |
08.12.08-7.txt |
Description:
|
iDefense Security Advisory 08.12.08 - Remote exploitation of a heap-based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system allows an attacker to execute arbitrary code with the privileges of the current user. This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition. iDefense has confirmed the existence of this vulnerability in the following Microsoft products: Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2.
| | Author: | Jun Mao | | Homepage: | http://www.idefense.com/ | | File Size: | 4803 | | Related CVE(s): | CVE-2008-2245 | | Last Modified: | Aug 13 02:21:21 2008 |
| MD5 Checksum: | e4b2909ae010ac48512a585ecf2f6bb0 |
|
| /// File Name: |
alcatel-overflow.txt |
Description:
|
Layered Defense Research Advisory - A stack based buffer overflow was discovered within Alcatel OmniSwitch product line.
| | Author: | Deral Heiland | | Homepage: | http://www.layereddefense.com/ | | File Size: | 2069 | | Last Modified: | Aug 13 00:29:38 2008 |
| MD5 Checksum: | d632c3bfb8a911e3c8b7de41b38d44ac |
|
| /// File Name: |
armynchia.txt |
Description:
|
America's Army versions 2.8.3.1 and below suffer from a remote server termination vulnerability that results in a denial of service.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | armynchia.zip | | File Size: | 1811 | | Last Modified: | Aug 4 15:14:59 2008 |
| MD5 Checksum: | 7b23783a9d462aaaaf5e0b25c404c12f |
|
| /// File Name: |
caarcserve-backup.txt |
Description:
|
CA ARCserve Backup for Laptops and Desktops server contains a vulnerability that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerability. The vulnerability occurs due to insufficient bounds checking by the LGServer service. An attacker can make a request that can result in arbitrary code execution or crash the service.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5768 | | Related CVE(s): | CVE-2008-3175 | | Last Modified: | Aug 1 16:15:31 2008 |
| MD5 Checksum: | 4984818c410e517d95fdd9b3ce5eb496 |
|
| /// File Name: |
CAID-hips.txt |
Description:
|
The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 4523 | | Related CVE(s): | CVE-2008-2926, CVE-2008-3174 | | Last Modified: | Aug 13 01:41:53 2008 |
| MD5 Checksum: | 52701f67f2ab2c573adeaa9937ab8db8 |
|
| /// File Name: |
cisco-sa-20080814-webex.txt |
Description:
|
Cisco Security Advisory - An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx Meeting Manager contains a buffer overflow vulnerability that may result in a denial of service or remote code execution. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting. When users connect to the WebEx meeting service, the WebEx Meeting Manager is automatically upgraded to the latest version. There is a manual workaround available for users who are not able to connect to the WebEx meeting service.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14028 | | Related CVE(s): | CVE-2008-2737 | | Last Modified: | Aug 15 18:40:39 2008 |
| MD5 Checksum: | b37ad9f1f0ade1da7287081770808eb6 |
|
| /// File Name: |
CORE-2008-0103.txt |
Description:
|
Core Security Technologies Advisory - A zone elevation vulnerability has been discovered in Internet Explorer versions 5 through 7 under Windows 2000, 2003, and XP. It also affects Windows Vista on IE 7 when protected mode is turned off.
| | Author: | Jorge Luis Alvarez Medina | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 27082 | | Related CVE(s): | CVE-2008-1448 | | Last Modified: | Aug 13 19:27:23 2008 |
| MD5 Checksum: | 7bcec620f32e9905726c1a58cd81f323 |
|
| /// File Name: |
CORE-2008-0813.txt |
Description:
|
Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.
| | Author: | Federico Muttis | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 8589 | | Last Modified: | Aug 21 00:35:17 2008 |
| MD5 Checksum: | 762ace67edbf513d11ef873fdb4e0b14 |
|
| /// File Name: |
CVE-2008-1232.txt |
Description:
|
Tomcat versions 4.1.0 to 4.1.37, 5.5.0 to 5.5.26, and 6.0.0 to 6.0.16 all suffer from a cross site scripting vulnerability in HttpServletResponse.sendError().
| | Author: | Konstantin Kolinko | | Homepage: | http://tomcat.apache.org/security.html | | File Size: | 1984 | | Related CVE(s): | CVE-2008-1232 | | Last Modified: | Aug 1 16:25:15 2008 |
| MD5 Checksum: | d45c4ccb6b96a7561ee45c3175b4f0a8 |
|
| /// File Name: |
dsa-1597-2.txt |
Description:
|
Debian Security Advisory 1597-2 - In DSA-1597-1, an update was announced for multiple vulnerabilities in the mt-daapd audio server. One of the fixes introduced a regression preventing successful authentication to the administration interface. An updated release is available which corrects this problem.
| | Homepage: | http://www.debian.org/security | | File Size: | 5851 | | Related CVE(s): | CVE-2007-5824, CVE-2007-5825, CVE-2008-1771 | | Last Modified: | Aug 31 19:45:00 2008 |
| MD5 Checksum: | 87015fdb27a0d50b4637a0d087465bc6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
