Research Team
(Copy of the Vendor Homepage: http://www.formatoz.com )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple Buffer Overflow Vulnerabilities in Format Factory v2.95 Software.
Report-Timeline:
================
2012-05-01: Public or Non-Public Disclosure
fraud attempts, and unwanted Web sites. It can filter your email messages
for spam as well.
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered multiple priviliege
escalation vulnerabilities in Trend Micro products.
The IOCTL handler in tmactmon.sys uses the METHOD_NEITHER communication
method for IOCTLs and does not properly validate buffer data associated with
the Irp object, which allows local users to gain SYSTEM privilieges.
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered a privilege escalation
vulnerability in Windows Message Queuing service (MSMQ).
The IOCTL handler in mqac.sys does not properly validate buffer data
associated with the Irp object, which allows local users to crash the system
or execute arbitrary code with SYSTEM privileges.
remove a disc, or prevent 'PC-friendly' software from automatically
launching when you insert a video DVD.
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered multiple memory
corruption vulnerabilities in SlySoft products.
The IOCTL handler in ElbyCDIO.sys 6.0.2.0 and earlier, shipped with AnyDVD,
Virtual CloneDrive, CloneDVD and CloneCD, uses the METHOD_NEITHER
communication method for IOCTLs and does not properly validate buffer data
(Copy of the Vendor Homepage: http://www.formatoz.com )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple Buffer Overflow Vulnerabilities in Format Factory v2.95 Software.
Report-Timeline:
================
2012-05-01: Public or Non-Public Disclosure
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered a denial of service (DoS)
vulnerability in CA Internet Security Suite.
The IOCTL handler in vetmonnt.sys does not properly validate buffer data
associated with the Irp object, which allows local users to crash the
system.
CA Advisory Date: 2008-10-09
Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a
TELUS Company
Greg Linares of eEye Digital Security
Hi there,
Just want to let you know, the Fortinet's FortiGuard Global Security
Research Team has provided an in-depth research on the recent PDF
zero-day exploit (CVE-2009-3459).
http://www.fortiguard.com/analysis/pdfanalysis.html
"Taking a look back over this 0-day attack as a whole, each single
part of it is somehow ingenious - whether it be the vulnerability,
(Copy of the Vendor Homepage: http://pritlog.com/fossil.cgi/taglist )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities in Pritlog v0.821 Content Management System.
Report-Timeline:
================
2012-04-29: Public or Non-Public Disclosure
(Copy of the Website: http://lanmsngr.sourceforge.net )
Abstract:
=========
The Vulnerability Laboratory Research Team discovered a remote Denial of Service vulnerability on LAN Messenger v1.2.28.
Status:
========
Published
The security risk of the cross site request forgery vulnerability is estimated as low(+).
Credits:
========
Vulnerability Laboratory [Research Team] - the_storm (the_storm@vulnerability-lab.com)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
The security risk of the web vulnerabilities are estimated as high(+).
Credits:
========
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
The security risk of the persistent input validation vulnerability is estimated as low(+).
Credits:
========
Vulnerability Laboratory [Research Team] - snup (snup@vulnerability-lab.com)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
The security risk of the null pointer (dos) vulnerability is estimated as medium(-).
Credits:
========
Vulnerability Laboratory [Research Team] - N/A Anonymous
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
The security risk of the persistent input validation vulnerability is estimated as low(+).
Credits:
========
Vulnerability Laboratory [Research Team] - snup (snup@vulnerability-lab.com)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
The Cisco PSIRT is not aware of any public announcements or malicious
use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by the Vulnerability
Research Team of Digital Defense, Inc.
Status of this Notice: Final
============================
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY
The security risk of the arbitrary file upload vulnerability is estimated as high.
Credits:
========
Vulnerability Laboratory [Research Team] - the_storm (storm@vulnerability-lab.com)
Disclaimer:
===========
http://www.pgp.com
---[ Vulnerability Description ]
Positive Technologies Research Team has discovered several vulnerabilities
in PGP Desktop.
1. The IOCTL handler in pgpdisk.sys does not properly validate buffer data
associated with the Irp object, which allows local users to crash the
system.
The security risk of the client side cross site scripting vulnerabilities are estimated as low(+).
Credits:
========
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
2011-12-13 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Nikita Tarakanov (CISS Research Team) and Alexey Sintsov (Digital
Security Research Group)
- -- About the Zero Day Initiative (ZDI):
|
