Section: .. / 1001-advisories /
| /// File Name: |
ZDI-10-001.txt |
Description:
|
Zero Day Initiative Advisory 10-01 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell iManager. Authentication is not required to exploit this vulnerability. The flaw exists in an application called by the iManager in order to handle importing/exporting of schema information. While importing/exporting from the schema, the sub-application fails to validate the length of its arguments while copying user-supplied data into statically allocated stack buffer. This can result in code execution under the privileges of the application.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2649 | | Related CVE(s): | CVE-2009-4486 | | Last Modified: | Jan 7 18:01:10 2010 |
| MD5 Checksum: | 26747b5c0ae95b611556d82ee81a3ab2 |
|
| /// File Name: |
ZDI-10-002.txt |
Description:
|
Zero Day Initiative Advisory 10-02 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Oracle Secure Backup Services daemon observiced.exe listening on TCP port 10000 by default. Due to the lack of bounds checking on the reverse lookup of connections to the port a stack overflow can occur leading to a complete compromise of the affected system under the credentials of the SYSTEM account.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2616 | | Related CVE(s): | CVE-2010-0072 | | Last Modified: | Jan 12 18:46:30 2010 |
| MD5 Checksum: | 3f1f881e9f1eb23f604ac6d14f2d4c7b |
|
| /// File Name: |
ZDI-10-003.txt |
Description:
|
Zero Day Initiative Advisory 10-03 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENworks Asset Management. Authentication is not required to exploit this vulnerability. The specific flaw exists due to insufficient sanity checks on the documentID parameter to the docfiledownload component. A carefully crafted parameter can result in direct SQL access to the underlying SQL Server database which can be further leveraged by an attacker to potentially execute arbitrary code.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2833 | | Last Modified: | Jan 20 21:32:12 2010 |
| MD5 Checksum: | 1ab5ea886b0e9221c4d95cf4d79cf3ee |
|
| /// File Name: |
ZDI-10-004.txt |
Description:
|
Zero Day Initiative Advisory 10-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CiscoWorks Internetwork Performance Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of CORBA GIOP requests. By making a specially crafted getProcessName GIOP request an attacker can corrupt memory. Successful exploitation can result in a full compromise with SYSTEM credentials.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2625 | | Related CVE(s): | CVE-2010-0138 | | Last Modified: | Jan 22 01:34:02 2010 |
| MD5 Checksum: | ff68b23e9cdf3c6f83e9a67b08715259 |
|
| /// File Name: |
ZDI-10-005.txt |
Description:
|
Zero Day Initiative Advisory 10-05 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of files with improperly defined ASMRuleBook structures. A controllable memory allocation allows for an attacker to corrupt heap memory. Attacker controlled data from the corrupt heap is later used as an object pointer which can be leveraged to execute arbitrary code in the context of the currently logged in user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2714 | | Related CVE(s): | CVE-2009-4241 | | Last Modified: | Jan 22 01:34:17 2010 |
| MD5 Checksum: | 8d4967e6ceef4fa02e095d40fa8fd140 |
|
| /// File Name: |
ZDI-10-006.txt |
Description:
|
Zero Day Initiative Advisory 10-06 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of GIF files with forged chunk sizes. The player uses values from the file improperly when allocating a buffer on the heap. An attacker can abuse this to create and then overflow heap buffers leading to arbitrary code execution in the context of the currently logged in user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2684 | | Related CVE(s): | CVE-2009-4242 | | Last Modified: | Jan 22 02:20:58 2010 |
| MD5 Checksum: | cab4596b6a9f2e0377cb5ffc2ae16ff4 |
|
| /// File Name: |
ZDI-10-007.txt |
Description:
|
Zero Day Initiative Advisory 10-07 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the smlrender.dll library responsible for parsing SMIL files. A lack of proper string length checks can result in the overflow of a static heap buffer. Exploitation of this overflow can lead to arbitrary code execution under the context of the user running the process.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2702 | | Related CVE(s): | CVE-2009-4257 | | Last Modified: | Jan 22 02:39:11 2010 |
| MD5 Checksum: | c3af61509ed873c1a33b2321c4e86358 |
|
| /// File Name: |
ZDI-10-008.txt |
Description:
|
Zero Day Initiative Advisory 10-08 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must open a malicious file or visit a malicious web site. The specific flaw exists during the parsing of SIPR codec fields. Specifying a small length value can trigger an undersized heap allocation. This buffer can then subsequently be overflowed. This vulnerability can result in arbitrary code execution under the context of the currently logged in user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2664 | | Related CVE(s): | CVE-2009-4244 | | Last Modified: | Jan 22 02:39:24 2010 |
| MD5 Checksum: | b8e4cf7f1357b03fd9b9471c5003a37b |
|
| /// File Name: |
ZDI-10-009.txt |
Description:
|
Zero Day Initiative Advisory 10-09 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RealPlayer's parsing of IVR files. The process trusts size values present in the file and uses them unsafely in various file I/O and memory allocation operations. A specially crafted file can cause memory overflows to occur leading to arbitrary code execution under the context of the user running the player.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2741 | | Related CVE(s): | CVE-2009-0376 | | Last Modified: | Jan 22 02:40:00 2010 |
| MD5 Checksum: | 599d7c0d0b757847fa6ab511dd644a00 |
|
| /// File Name: |
ZDI-10-010.txt |
Description:
|
Zero Day Initiative Advisory 10-010 - This vulnerability allows remote attackers to execute code on vulnerable installations of RealNetworks RealPlayer. User interaction is required in that a user must visit a malicious website or open a malicious file and accept a dialog to switch player skins. The specific flaw exists during parsing of malformed RealPlayer .RJS skin files. While loading a skin the application copies certain variable length fields from the extracted file named web.xmb into a statically sized buffer. By crafting these fields appropriately an attack can cause the process to overflow the buffer. This can be leveraged to execute arbitrary code with the privileges of the application.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2857 | | Related CVE(s): | CVE-2009-4246 | | Last Modified: | Jan 22 02:47:10 2010 |
| MD5 Checksum: | 5684e1416719b096ff2cff3145abb9b1 |
|
| /// File Name: |
ZDI-10-011.txt |
Description:
|
Zero Day Initiative Advisory 10-011 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a Col element is used within an HTML table container. If this element is removed while the table is in use a cache that exists of the table's cells will be used after one of it's elements has been invalidated. This can lead to code execution under the context of the currently logged in user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2476 | | Related CVE(s): | CVE-2010-0244 | | Last Modified: | Jan 22 02:50:47 2010 |
| MD5 Checksum: | 2956634a04b6bfa5acca8e952d3e0ba7 |
|
| /// File Name: |
ZDI-10-012.txt |
Description:
|
Zero Day Initiative Advisory 10-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that an attacker must coerce a victim to visit a malicious page. The specific flaw exists due to the application rendering intertwined strike and center tags containing an element that manipulates the font baseline such as 'sub' or 'sup'. When this element pointer is removed the application will later dereference it even though it has been freed. Successful exploitation can lead to arbitrary code execution under the context of the currently logged in user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2787 | | Related CVE(s): | CVE-2010-0246 | | Last Modified: | Jan 22 03:01:37 2010 |
| MD5 Checksum: | b0331ec308d1fc2ef3aeb9a9ff5a3df8 |
|
| /// File Name: |
ZDI-10-013.txt |
Description:
|
Zero Day Initiative Advisory 10-013 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when specific elements are used within a table container. If one of these elements is removed the application will unlink the element from the layout tree incorrectly. When this tree is later traversed, the application will reuse the object that has been freed which can lead to code execution under the context of the current user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2536 | | Related CVE(s): | CVE-2010-0245 | | Last Modified: | Jan 22 03:07:34 2010 |
| MD5 Checksum: | fc58a0bcf18ee764dbcba209fa3d103c |
|
| /// File Name: |
ZDI-10-014.txt |
Description:
|
Zero Day Initiative Advisory 10-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of cloned DOM objects in JavaScript. A specially crafted sequence of object cloning can result in the use of a pointer after it has been freed. Successful exploitation can lead to remote system compromise under the credentials of the currently logged in user.
| | Author: | TippingPoint | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2753 | | Related CVE(s): | CVE-2010-0248 | | Last Modified: | Jan 22 03:10:31 2010 |
| MD5 Checksum: | 31e1b6333dc71ab67ed2f83112a489eb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
