<< Previous Next >>
Vulnerability Research Team
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability in
Adobe Acrobat and Reader.
This vulnerability is caused by a memory corruption error when processing
the "newfunction" operator (bytecode 0x44) while parsing Flash content
within
CVE-2011-4785 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks the Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has provided the following firmware to resolve the vulnerability.
2009-10-20 Vendor response
2011-01-26 Coordinated public disclosure
8. Credits
Junaid Bohio of Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0111
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
affecting Microsoft Office Excel.
The vulnerability is caused by a heap corruption error when processing
malformed WOPT (recType 0x80B) records, which could be exploited by
attackers to execute arbitrary code by tricking a user into opening
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Microsoft Office Word.
The vulnerability is caused by a stack overflow error when processing
certain structures in a Word document, which could be exploited by remote
attackers to execute arbitrary code by tricking a user into opening a
---------------
February 23rd, 2009
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r@b13$
Vulnerability Description
-------------------------
ActiveMQ 5.2.0’s /admin interface gathers input from the user in numerous forms which are not properly sanitized. Attackers may insert script tags to have them execute when a user browses the affected areas of the page.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1564 and CVE-2009-1565 to these
issues.
VMware would like to thank iDefense, Sebastien Renaud of VUPEN
Vulnerability Research Team (http://www.vupen.com) and Alin Rad Pop
of Secunia Research for reporting these issues to us.
To remediate the above issues either install the stand alone movie
decoder or update your product using the table below.
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft
Windows.
The vulnerability is caused by a use-after-free error in the "mshtml.dll"
module when handling a specific Time behavior, which could be exploited by
remote attackers to compromise a vulnerable system via a specially crafted
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Acrobat and Reader.
The vulnerability is caused by a memory corruption error within the
Matrix3D class when processing malformed 3D data within SWF files, which
could be exploited by attackers to potentially compromise a vulnerable
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered critical vulnerabilities
affecting OpenOffice.org.
The first vulnerability is caused by a heap overflow error when
processing malformed "sprmTDefTable" records in a Word document,
which could be exploited by attackers to execute arbitrary code.
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability in
Adobe Acrobat and Reader.
This vulnerability is caused by a buffer overflow error when processing
malformed GIF (Graphics Interchange Format) data, which could be exploited
by attackers to execute arbitrary code by tricking a user into opening
---------------
July 15, 2011
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: sxkeebler and r@b13$
Vulnerability Description
-------------------------
The Axway SecureTransport device contains a directory traversal in
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
affecting Microsoft Internet Explorer.
The vulnerability is caused by a use-after-free error when processing
"CIframeElement" objects, which could be exploited by remote attackers to
execute arbitrary code by tricking a user into visiting a specially crafted
---------------
November 3, 2009
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Alex Kaszczuk, Alan Chin, Jose R. Hernandez and r@b13$
Vulnerability Description
-------------------------
The rpc.cmsd service contains an integer overflow which can allow a malicious unauthenticated user to cause a denial of service, or remotely execute arbitrary code with root privileges.
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Flash Player.
The vulnerability is caused by an invalid object being used when parsing
a malformed video via "NetStream.appendBytes", which could allow remote
attackers to leak memory and execute arbitrary code despite ASLR and DEP
CVE-2008-4419 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks the Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) for reporting this vulnerability to security-alert@hp.com.
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
RESOLUTION
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Acrobat and Reader.
The vulnerability is caused by a heap overflow error when processing
malformed PCX data within a PDF document, which could be exploited by
attackers to compromise a vulnerable system by tricking a user
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Quicktime.
The flaw is caused by an integer overflow error when processing PICT files
with malformed data and atoms, which could be exploited by attackers to
execute arbitrary code by tricking a user into visiting a specially
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Microsoft Office Publisher.
The vulnerability is caused by a heap corruption error in "pubconv.dll"
while
trusting a size value from a Publisher document, which could be exploited by
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in
Apple iTunes.
The flaw is caused by an integer overflow error in ColorSync when
processing certain images with an embedded color profile, which
could be exploited by attackers to potentially execute arbitrary
Reference Base Vector Base Score
CVE-2008-4419 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks the Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
CVE-2008-4419 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks the Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) for reporting this vulnerability to security-alert@hp.com.
Note: For further information on Secure Printing and Imaging please refer to http://www.hp.com/go/secureprinting
RESOLUTION
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in Adobe Acrobat and Reader.
The vulnerability is caused by a heap overflow error when processing
malformed IFF data within a PDF document, which could be exploited by
attackers to compromise a vulnerable system by tricking a user
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in Google
Chrome.
The vulnerability is caused by a stale pointer in the WebKit engine when
deleting a Ruby tag and its children in a specific order, which could be
exploited by remote attackers to compromise a vulnerable system via a
---------------
March 10th, 2009
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and princeofnigeria and r@b13$
Vulnerability Description
-------------------------
Certain Precidia Ether232 devices contain memory overwrite and authentication flaws.
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in
VMware products.
The flaw is caused by a heap overflow error in the VMnc media codec
when processing malformed AVI files, which could be exploited by
attackers to potentially execute arbitrary code by tricking a user
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
affecting Adobe Acrobat and Reader.
This vulnerability is caused by an integer overflow error in the U3D module
when processing malformed data, which could be exploited by attackers to
execute arbitrary code by tricking a user into opening a specially crafted
Reference Base Vector Base Score
CVE-2008-4419 (AV:N/AC:L/Au:N/C:C/I:N/A:N) 7.8
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks the Digital Defense, Inc. (DDI) Vulnerability Research Team (VRT) for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has provided firmware updates and preliminary firmware updates to resolve this vulnerability. The firmware updates and preliminary firmware updates are available as described below.
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in RealPlayer.
The vulnerability is caused by a heap overflow error when handling sound
data within media files, which could be exploited by remote attackers to
execute
II. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a critical vulnerability
in RealPlayer.
The vulnerability is caused by a heap overflow error when handling malformed
AAC files, which could be exploited by remote attackers to execute arbitrary
code by tricking a user into visiting a specially crafted web page.
<<Previous Next>>
|
