Next Page >>
Memory Corruption
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Google SketchUp 'lib3ds' 3DS Importer Memory Corruption
1. *Advisory Information*
The Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500
Series switches and Cisco 7600 Series routers is affected by the
following vulnerabilities:
* Syslog Message Memory Corruption Denial of Service Vulnerability
* Authentication Proxy Denial of Service Vulnerability
* TACACS+ Authentication Bypass Vulnerability
* Sun Remote Procedure Call (SunRPC) Inspection Denial of Service
Vulnerabilities
* Internet Locator Server (ILS) Inspection Denial of Service
- 07/Apr/2011 -> Vendor releases a new version addressing the flaw.
- 12/Apr/2011 -> Advisory published.
[Bug Summary]
- Memory Corruption (likely code execution)
[Impact]
- Medium/High
[Affected Version]
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
VLC media player XSPF Memory Corruption
1. *Advisory Information*
Title: VLC media player XSPF Memory Corruption
* Rewrote var_export() to use smart_str rather than output buffering,
prevents data disclosure if a fatal error occurs (CVE-2010-2531).
* Fixed a possible resource destruction issues in shm_put_var().
* Fixed a possible information leak because of interruption of
XOR operator.
* Fixed a possible memory corruption because of unexpected call-time
pass by refernce and following memory clobbering through callbacks.
* Fixed a possible memory corruption in ArrayObject::uasort().
* Fixed a possible memory corruption in parse_str().
* Fixed a possible memory corruption in pack().
* Fixed a possible memory corruption in substr_replace().
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.
CVE-2009-1687
The JavaScript garbage collector in WebKit does not properly handle allocation
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Apache2 CSRF, XSS, Memory Corruption and Denial of Service Vulnerability ]
Author: sp3x
Date:
- - Written: 06.12.2007
- - Public: 09.01.2008
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687).
WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
(aka Qt toolkit), and possibly other products does not properly handle
Multiple vulnerabilities have been discovered in the Ruby interpreter
and its standard libraries. Drew Yao of Apple Product Security
discovered the following flaws:
* Arbitrary code execution or Denial of Service (memory corruption)
in the rb_str_buf_append() function (CVE-2008-2662).
* Arbitrary code execution or Denial of Service (memory corruption)
in the rb_ary_stor() function (CVE-2008-2663).
Joly of VUPEN Security reported multiple heap-based buffer overflows
in the JBIG2 filter (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511,
CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
* Arr1val reported that multiple methods in the JavaScript API might
lead to memory corruption when called with crafted arguments
(CVE-2009-1492, CVE-2009-1493).
* An anonymous researcher reported a stack-based buffer overflow
related to U3D model files with a crafted extension block
(CVE-2009-1855).
CVE-2007-5327, occur due to insufficient bounds checking by
multiple components. The second vulnerability, CVE-2007-5328,
occurs due to privileged functions being available for use without
proper authorization. The third set of vulnerabilities,
CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-5332,
are due to a memory corruption occurring with the processing of
RPC procedure arguments by multiple services. The vulnerabilities
allow an attacker to cause a denial of service, or potentially to
execute arbitrary code.
Note: Updated patches are available. The original patches did not
CVE-2007-5327, occur due to insufficient bounds checking by
multiple components. The second vulnerability, CVE-2007-5328,
occurs due to privileged functions being available for use without
proper authorization. The third set of vulnerabilities,
CVE-2007-5329, CVE-2007-5330, CVE-2007-5331, and CVE-2007-5332,
are due to a memory corruption occurring with the processing of
RPC procedure arguments by multiple services. The vulnerabilities
allow an attacker to cause a denial of service, or potentially to
execute arbitrary code.
Mitigating Factors:
[On-line version will be at http://www.postfix.org/CVE-2011-1720.html]
Summary
=======
The Postfix SMTP server has a memory corruption error when the Cyrus
SASL library is used with authentication mechanisms other than PLAIN
and LOGIN (the ANONYMOUS mechanism is unaffected but should not be
enabled for different reasons). See below for instructions to
determine what systems are affected.
CVE-2009-1687
The JavaScript garbage collector in WebKit, as used in qt4-x11 does not
properly handle allocation failures, which allows remote attackers to
execute arbitrary code or cause a denial of service (memory corruption
and application crash) via a crafted HTML document that triggers write
access to an "offset of a NULL pointer.
CVE-2009-1690
Hash: SHA1
Core Security Technologies - Corelabs Advisory
http://corelabs.coresecurity.com/
Microsoft Publisher 2007 Pubconv.dll Memory Corruption
1. *Advisory Information*
Title: Microsoft Publisher 2007 Pubconv.dll Memory Corruption
- -------------------------------------------------------------------------
1. Summary
Updated VMware Hosted products and patches for ESX and ESXi resolve
two security issues. The first is a critical memory corruption
vulnerability in virtual device hardware. The second is an updated
bzip2 package for the Service Console.
2. Relevant releases
The JavaScript garbage collector in WebKit in Apple Safari before
4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
through 2.2.1 does not properly handle allocation failures, which
allows remote attackers to execute arbitrary code or cause a denial
of service (memory corruption and application crash) via a crafted
HTML document that triggers write access to an offset of a NULL
pointer. (CVE-2009-1687)
Use-after-free vulnerability in WebKit, as used in Apple Safari
before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption, a different issue than CVE-2008-2663, CVE-2008-2664,
and CVE-2008-2725. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
execute arbitrary code or cause a denial of service via unknown
Multiple integer overflows in the rb_str_buf_append function in
Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before
1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2
allow context-dependent attackers to execute arbitrary code or
cause a denial of service via unknown vectors that trigger memory
corruption. (CVE-2008-2662)
Multiple integer overflows in the rb_ary_store function in Ruby
1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230,
and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to
execute arbitrary code or cause a denial of service via unknown
The following vulnerabilities were reported in all mentioned Mozilla
products:
* Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren, and
Paul Nickerson reported browser crashes related to JavaScript
methods, possibly triggering memory corruption (CVE-2008-0412).
* Carsten Book, Wesley Garland, Igor Bukanov, moz_bug_r_a4, shutdown,
Philip Taylor, and tgirmann reported crashes in the JavaScript
engine, possibly triggering memory corruption (CVE-2008-0413).
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com
Microsoft Office HtmlDlgHelper class memory corruption
1. *Advisory Information*
Title: Microsoft Office HtmlDlgHelper class memory corruption
Advisory Id: CORE-2010-0517
Problem Description:
A vulnerability was discovered and corrected in the Linux 2.6 kernel:
The X.25 implementation does not properly parse facilities, which
allows remote attackers to cause a denial of service (heap memory
corruption and panic) or possibly have
unspecified other impact via malformed data, a different vulnerability
than CVE-2010-4164. (CVE-2010-3873)
The bcm_connect function Broadcast Manager in the Controller Area
Network (CAN) implementation in the Linux creates a publicly accessible
a proxy and reading the error messages (CVE-2011-3670).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18
and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors (CVE-2012-0442).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey
before 2.7 allow remote attackers to cause a denial of service (memory
Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft's Internet Explorer.
Summary:
========
A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.
Impact:
Eric Sesterhenn reported a local DoS issue in the hfsplus
filesystem. Local users who have been granted the privileges
necessary to mount a filesystem would be able to craft a corrupted
filesystem that causes the kernel to overrun a buffer, resulting
in a system oops or memory corruption.
CVE-2008-4934
Eric Sesterhenn reported a local DoS issue in the hfsplus
filesystem. Local users who have been granted the privileges
(CVE-2009-3389).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1,
and Thunderbird allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute arbitrary
code via unknown vectors (CVE-2009-3979).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird
allow remote attackers to cause a denial of service (memory corruption
II. DESCRIPTION ---------------------
VUPEN Vulnerability Research Team discovered four critical vulnerabilities
affecting Microsoft Office Excel.
These vulnerabilities are caused by memory corruptions, invalid index,
and invalid pointer errors when processing malformed Excel documents,
which could allow attackers to execute arbitrary code via a specially
crafted XLS file.
VUPEN-SR-2008-10 - Microsoft Office Excel Records Parsing Memory Corruption
Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability
2009.June.10
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Adobe Reader / Acrobat.
Summary:
========
A memory corruption vulnerability exists when processing PDF documents and handling TrueType fonts, which could allow an attacker to execute arbitrary code with the privileges of the current user.
Impact:
arbitrary code via a crafted message, related to message indexing
(CVE-2009-0689).
Integer overflow in a base64 decoding function in Mozilla Firefox
before 3.0.12 and Thunderbird allows remote attackers to cause a
denial of service (memory corruption and application crash) or possibly
execute arbitrary code via unspecified vectors (CVE-2009-2463).
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers
to cause a denial of service (memory corruption and application crash)
Next Page>>
|
