<< Previous Next >>
interaction
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
applications that utilize DirectShow for rendering video on Microsoft
Windows. User interaction is required to exploit this vulnerability in
that the target must be coerced into decompressing a malicious video.
The specific flaw exists within the decompression of a specific type of
video stream contained in an .AVI file. The application misuses a length
field for an allocation causing the memory allocation to be too small to
-- Affected Products:
Apple Quicktime
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists in the parsing of mov video files in
QuickTimeH264.scalar. A maliciously crafted MDAT atom can cause a heap
-- Affected Products:
Apple Quicktime
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within the parsing of QuickTime files that
utilize the Indeo video codec. A lack of proper bounds checking within
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
systems with vulnerable installations of the RealNetworks RealPlayer.
User interaction is required to exploit this vulnerability in that the
target must visit a malicious page or open a malicious file.
The specific flaw exists in RealPlayer's rjbdll.dll module when handling
the deletion of media library files. An attacker could exploit this
vulnerability using an ActiveX control
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute code on vulnerable
installations of RealPlayer. User interaction is required in that a user
must visit a malicious web site.
The specific flaw exists in the rmoc3260 ActiveX control exposed through
the following CLSIDs:
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists during the rendering of an audio stream
utilizing QDesign's audio codec. The application will perform an
Mozilla Firefox 3.5.x
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that a user must be coerced to
viewing a malicious document.
The specific flaw exists within the way the application implements the
window.navigator.plugins array. Due to the application freeing the
VMWare, Inc. VMWare Server
VMWare, Inc. VMWare ACE
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of multiple VMWare products. User interaction
is required in that a user must visit a malicious web page or open a
malicious video file.
Upon installation VMWare Workstation, Server, Player, and ACE register
vmnc.dll as a video codec driver to handle compression and decompression
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Acrobat and Adobe Reader. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page or open a malicious file.
The specific flaw exists when the application parses a PDF file
containing a malformed Compact Font Format stream. While decoding the
font embedded in this stream, the application will explicitly trust a
Juniper Netscreen Firewall
ScreenOS version 5.4.0r9.0
==================================================
2) Severity Rating:
Low - Moderate
Impact: Potential system compromises but requires user interaction.
==================================================
3) Description of Vulnerability
A Cross-Site Scripting (XSS) Injection vulnerability was discovered within the Juniper Netscreen firewall NetOS version 5.4.0r9.0. The vulnerability is caused by failure to validate input from the web interface login, and telnet session login. This makes it possible for an attacker to inject javascript as part of the user name during login. The javascript is then stored in the device event logs. When the event logs are viewed within the Netscreen web console the javascript is executed. A successful attack would allow an attacker to run JavaScript on the computer system connecting to the netscreen web management console which could lead to system compromise.
==================================================
4) Solution
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to potentially execute
arbitrary code on vulnerable installations of Microsoft Internet
Explorer. User interaction is required to exploit this vulnerability in
that the target must visit a malicious page.
The specific flaw exists during a race condition while repetitively
clicking between two elements at a fast rate. When clicking back and
forth between these two elements a corruption occurs resulting in a call
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists in the handling of cloned DOM objects in
JavaScript. A specially crafted sequence of object cloning can result in
the use of a pointer after it has been freed. Successful exploitation
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists when processing, in XHTML strict mode, a CSS
stylesheet containing a specific combination of style directives one of
which must be a 'zoom'. The fault in processing results in a memory
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple's Webkit. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists within how the WebKit library handles
recursively defined Use elements. Upon expanding the target of the use
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to remove arbitrary XML files
on vulnerable installations of Skype. User interaction is required to
exploit this vulnerability in that the target must visit a malicious
page.
The specific flaw exists in Skype's handling of the 'skype-plugin:'
protocol. An attacker can specify a malicious URI, that upon clicking,
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not required to exploit this
vulnerability.
The specific flaws exist within the RPC protocol parsing library,
librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound
by default to TCP port 36890. During authentication, a lack of proper
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists when parsing the jscript keyword "arguments".
Because the arguments object is not available until a certain time,
invoking it can result in memory corruption. Successful exploitation of
scip AG Vulnerability ID 4143 (07/08/2010)
http://www.scip.ch/?vuldb.4143
I. INTRODUCTION
Grabbit is a popular freeware client for binary Usenet interaction.
More information is available on the official web site at the following URL:
http://www.shemes.com/index.php?p=download
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists during the parsing of samples from a malformed
.mov file utilizing the RLE codec. While decoding RLE data, the
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Trillian. User interaction is required to
exploit this vulnerability in that the target must open a malicious
image file.
The specific flaws exists during the parsing of messages with overly
long attribute values within the FONT tag. The value for any attribute
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists within the implementation of web worker
threads. Due to mishandling the array data type while processing posted
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
software utilizing a vulnerable version of Apple's Webkit. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists within the way that Apple's Webkit handles the
DOCUMENT_POSITION_DISCONNECTED attribute when a container is removed.
This attribute is responsible for ensuring that a node is disconnected
specially crafted Web page leveraging the vulnerability. While there is
no way to forcibly make a victim visit a website, exploitation may
occur through normal Web browsing.
This vulnerability greatly increases the attack surface accessible via
Internet Explorer by decreasing the amount of user interaction
necessary to access other initialization vulnerabilities.
IV. DETECTION
iDefense has confirmed the existence of this vulnerability inside
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sun Java Runtime Environment. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists in the processing of arguments to the
setBytePixels AWT library function. Due to the lack of bounds checking
on the parameters to the function a user controllable memcpy can result
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Flash Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious web page or open a malicious SWF file.
The specific flaw exists in the generation of ActionScript exception
handlers. In Verifier::parseExceptionHandlers(), a large value for
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not required to exploit this
vulnerability.
The specific flaw exists within the RPC protocol parsing library,
librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound
by default to TCP port 36890. During authentication, a lack of a proper
Description:
============
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of McAfee LinuxShield. User interaction is not
required to exploit this vulnerability but an attacker must be
authenticated.
The LinuxShield Webinterface communicates with the localy installed
"nailsd" daemon, which listens on port 65443/tcp, to do configuration
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious web page.
The specific flaw exists during deallocation of a circular dereference
for a CAttrArray object. If the CAttrArray object has been freed prior
to the tearing down of the webpage, the application will access the
Microsoft Internet Explorer
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer 8. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists during the rendering of an HTML page with
malformed row property references, resulting in a dangling pointer which
can be abused to execute arbitrary code. Internet Explorer 7 is not
-- Affected Products:
Microsoft Office Word
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Word. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page, open a malicious e-mail, or open a malicious file.
The specific flaw exists within the parsing of vulnerable tags inside a
Microsoft Word document. Microsoft Word trusts a length field read from
<<Previous Next>>
|
