Secunia Research has discovered two vulnerabilities in Microsoft Office, which can be exploited by malicious people to compromise a user's system. A boundary error in the FlashPix graphics filter when parsing certain tile data can be exploited to cause a data section buffer overflow via a specially crafted image. A boundary error in the FlashPix graphics filter when parsing certain tile data can be exploited to cause a stack-based buffer overflow via a specially crafted image. Successful exploitation of the vulnerabilities allows execution of arbitrary code.
b60f45ab7b6e2a2faa176e81b2106b9d5cd588df7175ba1241a68f372b354aac
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the FlashPix graphics filter when parsing certain property sets. This can be exploited to cause a stack-based buffer overflow via a specially crafted FlashPix image. Successful exploitation allows execution of arbitrary code.
da9db2c31643ad2ece4ad028a02978df527f30435b8d0a989495edb5b862b7cf
Secunia Research has discovered a vulnerability in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by insufficient validation when parsing an Office Art Drawing record, which contains "msofbtSp" records that specify certain flags. This can be exploited to corrupt memory via a specially crafted Office file. Successful exploitation allows execution of arbitrary code.
61dae7bedfeaf692cd9a528ab0ceaf23d9863ec3a159771e27ed645dbdcfc890
Secunia Research has discovered a vulnerability in Microsoft Outlook, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer underflow error when parsing certain content and can be exploited to cause a heap-based buffer overflow via e.g. a specially crafted e-mail message. Successful exploitation may allow execution of arbitrary code, but requires that Outlook is connected to an Exchange server with Online Mode (not default setting for Outlook 2003 and 2007).
3ac2fa8b03f7e0a1eb4436a2b09aa20d22e3ff238856861ce6ed1812b132fe1d
Secunia Research has discovered a vulnerability in Windows Movie Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by boundary errors when parsing strings in imported project files (.MSWMM) and can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code. Windows Movie Maker version 2.1.4027.0 is affected.
76eef5decde8a16a4b913aef17c165dae1584e546c0e39afd6c64ad00a613f0a
Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
5ed5b03e9a9bfac07541b8affc29df12ce6a114af5ce70de811e350abee24c4c
Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the "\\ls" keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected.
9f637d773e05147f5fddebca47d4f32eaa065525a4713e86117852b4fc62630c
Secunia Research has discovered some vulnerabilities in libmikmod, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow arbitrary code execution in the context of the process using the libmikmod library when opening a specially crafted module file. Version 3.1.12 is affected.
ffe2444e942bbb7f4e8c5effa7fc43640a7f9cca499c6911bd7cc5d8cc0be69f
Secunia Research has discovered a vulnerability in Flash Player distributed with certain versions of Windows XP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a use-after-free error in the bundled version of Flash Player when unloading Flash objects while these are still being accessed using script code. This can be exploited to corrupt memory via a specially crafted web page. Successful exploitation allows execution of arbitrary code.
e8fe4e0af5b93e0d9bbfa1967f643e5a9513e596229ed6ea1e8b573d47934a1c
Adobe Illustrator version 14.0.0 suffers from an encapsulated postscript parsing vulnerability.
36d51dc58013b2cfec6c4a0d576a497293e4d1c9930c31950856dfae5527b0bf
Secunia Research has discovered three vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused by boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) when parsing instrument definitions and can be exploited to cause heap-based buffer overflows via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.
ca49063a3ce1d04720b9450f40327282be08ce864b34b3207257c6a67a5ed246
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing samples and can be exploited to cause a heap-based buffer overflow via a specially crafted Impulse Tracker file. Successful exploitation may allow execution of arbitrary code.
07e9de28b9074addc7c2002be4bc50f5d8a928740507ce513ac4af97b163c2e6
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Ultratracker files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
da211724536ef1c0859a7361b4f4cf6b1b6866921c4d73d47b44411d27b7fdda
Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the Module Decoder Plug-in (IN_MOD.DLL) when parsing Oktalyzer files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
123cb62bfd01bb8e6554db8f9fa0a7da3e9f532dcd856406860c649b903bde01
Secunia Research has discovered a vulnerability in IBM Tivoli Storage Manager Client, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an input validation error in the CAD service. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet via TCP. Successful exploitation allows execution of arbitrary code. IBM Tivoli Storage Manager Express Client version 5.3.6.2 is affected.
d162501f8a502894ddca76f531d423886089eb16e3f1abdd39eaa04d684d2343
Secunia Research has discovered a vulnerability in OpenOffice.org, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused by a boundary error when parsing certain records and can be exploited to cause a heap-based buffer overflow via a specially crafted document. Successful exploitation may allow execution of arbitrary code. OpenOffice 3.1 is affected.
90e6db645ca455aa65ae418d028155762a95e0ab6391a35dbd3f51f346d3f90f
Secunia Research has discovered a vulnerability in OpenOffice.org, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer underflow error when parsing certain records in the document table. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. OpenOffice 3.1 is affected.
38dc610327869d15cfbd88f0c6efc251da54009e0b9921d028e0677b40b8979f
Secunia Research has discovered a vulnerability in Garmin Communicator Plug-In, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a synchronisation error in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control (npGarmin.dll). This can be exploited to bypass the domain locking and dialog box presented to the user asking for confirmation that the untrusted site may access private data. Successful exploitation allows full access (such as deleting data, retrieving personal information, or installing firmware updates) to any Garmin GPS products connected to the user's system. Garmin Communicator Plug-In (npGarmin.dll) version 2.6.4.0 is affected.
d2f086ac3f174a9241e5c568f24970ed3a5b1893adb4e0b56c252fa22c46ae09
Secunia Research has discovered two vulnerabilities in IBM Tivoli Storage Manager Agent Client (dsmagent.exe), which can be exploited by malicious people to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. IBM Tivoli Storage Manager Express Client version 5.3.6.2 is affected.
d1fd439a13669849768376606848a17212e6db600a796c6645664f2f34a6293b
Secunia Research has discovered a vulnerability in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow in ovalarmsrv.exe and can be exploited to cause a heap-based buffer overflow via specially crafted commands sent to port 2954/TCP. Successful exploitation may allow execution of arbitrary code. HP Network Node Manager version 7.53 is affected.
5c00bd4f8d352bd46081ccba370c76751442e5021a0ad1c78da44a1f3aa1c287
Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing certificates and can be exploited to cause a stack-based buffer overflow by supplying a specially crafted certificate. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.
5074d6ba3a66e64cbd2128beff95b591a78d8db4beb783f1de7c833c207d8698
Secunia Research has discovered a vulnerability in the Oracle BEA WebLogic Server plug-ins for web servers, which can be exploited by malicious people to compromise a vulnerable system. The Oracle BEA WebLogic Server can be configured to receive requests via an Apache, Sun, or IIS web server. In this case, a plug-in is installed in the Internet-facing web server that passes the request to a WebLogic server. An integer overflow when parsing HTTP requests can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Oracle BEA WebLogic Server Plug-ins version 1.0.1166189 is affected.
dc03394e303c7b0bb15553655fc95276584fa1a608c7c0de7c576dc9a80e81c2
Secunia Research has discovered two vulnerabilities in UltraISO, which can be exploited by malicious people to potentially compromise a user's system. A format string error when handling DAA file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. A format string error when handling ISZ file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. Successful exploitation may allow execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
e8b6b22234286c933c86caf76bc04d458d2b2cf5e2ee7ca1dd7d5c4daabe4ad8
Secunia Research has discovered three vulnerabilities in UltraISO, which can be exploited by malicious people to compromise a user's system. A boundary error when parsing CIF files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted CIF file. A boundary error when parsing C2D files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted C2D file. Insufficient validation when parsing GI files can be exploited to overflow a global buffer by tricking a user into opening a specially crafted GI file. Successful exploitation allows execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
4f0fdc8ac2f3df91d55d57dbd2bfbf7651b26b2c441c2ffb9e376cee3ea8cb9f
Secunia Research has discovered a vulnerability in BrightStor ARCserve Backup, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient validation of "handle_t" arguments passed to RPC endpoints. Passing object pointers to procedures that expect different types can result in arbitrary code execution. CA ARCserve Backup 11.5 SP4 build 4491 is affected.
e2a11f405220b9f29248d5ad13bb5f7b5c4b3427fdd20d80cf7519bac87cd5c3