Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to insufficient validation of an index value in the NAME record and can be exploited to corrupt memory via a specially crafted Excel Spreadsheet (XLS) file. Successful exploitation may allow execution of arbitrary code. Microsoft Office Excel 2000 SP3 and Microsoft Office Excel 2002 SP3 are affected.
c9de174ed71112e49d317cc07db7cacfb4dca6980459f45c5d90f9c3feb0a385Secunia Research has discovered a vulnerability in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when calculating the space required for the specified number of points in a polyline or polygon. This can be exploited to cause a heap-based buffer overflow during parsing of objects in Rich Text Format (.rtf) files e.g. when a user opens a specially crafted .rtf file with Word or previews a specially crafted e-mail. Successful exploitation may allow execution of arbitrary code. Microsoft Office Word 2003 SP3 and Microsoft Office Word Viewer 2003 SP3 are affected.
c660078d68293331438cefc112487a9fcec1415bee279c37d6d6e61a39eba659Secunia Research has discovered a vulnerability in Adobe Acrobat/Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" Javascript function and can be exploited to cause a stack-based buffer overflow via a specially crafted PDF. Successful exploitation may allow execution of arbitrary code when viewing a malicious PDF file. Adobe Acrobat / Reader version 8.1.2 is affected.
752ca6b79c83ae98d9fc8b1f8a86737dee9475f446bee614248a21427062b976Secunia Research has discovered a vulnerability in various HP products, which can be exploited by malicious people to cause a DoS (Denial of Service). The HP OpenView Trace Service exposes an RPC service on TCP port 5051 or 5053 that does not require authentication. By sending a particular sequence of RPC requests, an object is incorrectly referenced, which may cause a memory reference beyond an allocated buffer. HP OpenView Report version 3.70 and HP Performance Agent version 4.70 are both affected.
f1546a2e6eea29b72c45d9610eaa1c4e619fa7532f9d3795a6d74db5cebffeddSecunia Research has discovered a vulnerability in Trend Micro OfficeScan Server, which can be exploited by malicious people to compromise a vulnerable system. A boundary error when parsing CGI requests can be exploited to cause a stack-based buffer overflow via an HTTP POST request to an affected CGI executable with specially crafted form data. Successful exploitation allows execution of arbitrary code. Trend Micro OfficeScan version 7.3 patch 4 build 1367 is affected.
6260bed0c8ef3910412fa8bb89863553ce9240aa159314b903c6583fb3daddf0Secunia Research has discovered a vulnerability in HP SiteScope, which can be exploited by malicious people to conduct script insertion attacks. The SiteScope server performs agent-less monitoring of the IT infrastructure and can be configured to receive SNMP traps from devices. The status of the SNMP monitor and the content of received SNMP trap messages can be viewed in the web interface. The received SNMP messages are rendered in the context of the management interface with no filtering or sanitizing. This can be exploited to execute arbitrary HTML and script code in a user's browser session when viewing the information. HP SiteScope 9.0 build 911 is affected.
58b64bebe88c7d9ecc454e7c44918ddfccddbea43ef2062b4fc396569b32d5d0Secunia Research has discovered a vulnerability in Trend Micro OfficeScan, which can be exploited by malicious people to compromise a vulnerable system. A boundary error in cgiRecvFile.exe can be exploited to cause a stack-based buffer overflow via an HTTP request with a specially crafted, overly long "ComputerName" parameter. The "TempFileName", "NewFileSize", and "Verify" parameters must also be manipulated to exploit the vulnerability. Successful exploitation allows execution of arbitrary code. Trend Micro OfficeScan 7.3 patch 4 build 1362 is affected.
8d520d0c7ffd04e803c95544d22d52c683a93cdf6c864999b5b503b6c3caa181Secunia Research has discovered a vulnerability in certain Trend Micro products, which can be exploited by malicious people to bypass authentication. The vulnerability is caused by insufficient entropy being used to create a random session token for identifying an authenticated manager using the web management console. The entropy in the session token comes solely from the system time when the real manager logs in with a granularity of one second. This can be exploited to impersonate a currently logged on manager by brute forcing the authentication token. Successful exploitation further allows execution of arbitrary code via manipulation of the configuration.
ca4e60fcbf1cd56bcfc9d59316819297548491779e2e6b28a1bfa5e6428c35cdSecunia Research has discovered a vulnerability in RealPlayer, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a design error within the handling of frames in Shockwave Flash (SWF) files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. Affected is RealNetworks RealPlayer version 10.5 Build 6.0.12.1483.
85ea60ee6a68e6f33d5b4bdcc122dc5e0957dc9bfc2c3b7f6a8a25295470e2c8Secunia Research has discovered a vulnerability in Apple Quicktime which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error when parsing packed scanlines from a PixData structure in a PICT file and can be exploited to cause a heap-based buffer overflow via e.g. viewing a specially crafted image file. Apple QuickTime version 7.4.5 is affected.
b202366ac93c27b2e504e35e8d15cb784536258252d3d38696ee339174cc6c1fSecunia Research has discovered a vulnerability in the Red Swoosh client which can be exploited by malicious people to conduct cross-site request forgery attacks and compromise a user's system. Versions 3322 and below are affected.
4c1c94e64ef56ec7d276524f46e13d42871504c8a3f4fc2492eee724c354c6dcAkamai has become aware of a security vulnerability within the Akamai Client Software which can be exploited to conduct cross-site request forgery attacks. This vulnerability exists only in the Akamai Client Software and does not affect Akamai's other services in any way. Akamai has no evidence to date that any attempt has been made to exploit this vulnerability. Versions up to and including 3322 are affected.
72ff99c29e5128ebdff18a697f10091cc821a63f45ca30f4c8dbc6cce682c502Secunia Research has discovered a vulnerability in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing format strings containing a floating point specifier in the "util.printf()" JavaScript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. Foxit Reader 2.3 build 2825 is affected.
fd57e4bfb41939ad032f32cc8e3df6d5f80854b91d50488e0adfd932f788576eSecunia Research has discovered some vulnerabilities in Autonomy Keyview utilised in Lotus Notes, which can be exploited by malicious people to compromise a vulnerable system when viewing Applix documents. Lotus Notes versions 7.0.3 and 8.0 are affected.
00f2e51ed4830359243fa1bfb86acd7a0f998d30dca342fe5dc7e3a96b202d12Secunia Research has discovered some vulnerabilities in activePDF DocConverter, which can be exploited by malicious people to compromise a vulnerable system when converting Applix documents. A couple of boundary errors and an unsafe call may allow for arbitrary code execution. A logic error may cause a denial of service condition.
dc190986cd4c7921c1bdcde0c31b496378adf00e04df9e9fe662f9649a723437Secunia Research has discovered some vulnerabilities Symantec Mail Security, which can be exploited by malicious people to compromise a vulnerable system when scanning Applix documents. A couple of boundary errors and an unsafe call may allow for arbitrary code execution. A logic error may cause a denial of service condition.
2f4705e77c6dd5c59205d4e86c2b9d4586a86bcd535844e69e2abd1a520215e8Secunia Research has discovered 21 vulnerabilities in activePDF DocConverter, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows.
9d8e420b7524d1db8638920060eb95490e597f347afef6f0ff593fb85a893246Secunia Research has discovered 21 vulnerabilities in Symantec Mail Security, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows.
e06108e1e13e72d3d8404a3a7ee2cd244552baeecb87255b7066e8f3e2abf001Secunia Research has discovered some vulnerabilities in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. A couple of boundary errors and an unsafe call may allow for arbitrary code execution. A logic error may cause a denial of service condition.
942cab55b7731628fbea98f0716f6090bfef43941e7c7dba8f21769a8dd2a16bSecunia Research has discovered 21 vulnerabilities in Autonomy Keyview, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows. Autonomy Keyview version 10.3.0.0 is affected.
bf1531ccb3ad4a70c1f8f5fbe587f52ba23f47cdbbcf93a6b7dde0acb1c2ebeeSecunia Research has discovered 21 vulnerabilities in Lotus Notes, which can be exploited by malicious people to compromise a vulnerable system. Boundary errors within the "Folio Flat File" speed reader (foliosr.dll) when handling attribute values of a number of tags (eg. DI, FD, FT, JD, JL, LE, OB, OD, OL, PN, PS, PW, RD, QL, or TS) can be exploited to cause stack-based buffer overflows. Lotus Notes versions 7.0.3 and 8.0 are affected.
51d1e5b8843f54d687126f7bb4817b37560488c7634c0bd1abfa2c0bf6c5aa8fCA Security Advisory - Multiple vulnerabilities exist in BrightStor ARCserve Backup that can allow a remote attacker to cause a denial of service, execute arbitrary code, or take privileged action.
eeb6c53417ccc26b912aa3b7ee71b7c4d770d635ec4f613ec8a5036d63014596Secunia Research has discovered a vulnerability in McAfee E-Business Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the e-Business administration utility service when parsing authentication packets. Affected is McAfee E-Business Server for Linux version 8.1.1.
48d4afec2f5d9ccb7c0a2dfc502a2ae72692c50ed8690518870a45beb34c756dSecunia Research has discovered boundary errors in the detection of executable packers in libdayzero.dll as loaded by the Filter Hub (filter-hub.exe) of Symantec Mail Security for SMTP. The errors can be exploited to cause unhandled memory access violations causing the filter hub service to crash. Symantec Mail Security for SMTP 5.0 patch 176 is affected. Other versions may also be affected.
90518111806f2fd675c8d4fe74bd1e3483c420d80025c3a9a438ba4f7aad0ce5
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed