[CLOSE] OSVDB ID : 65141 - Disclosed: 2010-06-04

Description:

Adobe Flash Player contains a flaw in the ActionScript Virtual Machine 2 (AVM2). The issue is triggered when incorrectly calculating a pointer while handling the 'newfunction' instruction. With a specially crafted SWF file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 43980 - Disclosed: 2008-04-16

Description:

A buffer overflow exists in Safari. The WebKit component fails to validate JavaScript regular expressions resulting in a heap overflow. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58865 - Disclosed: 2009-10-13

Description:

(Description Provided by CVE) : Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."

[CLOSE] OSVDB ID : 75625 - Disclosed: 2011-09-21

Description:

Adobe Flash Player contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71254 - Disclosed: 2011-03-14

Description:

A memory corruption flaw exists in Adobe Flash Player and AIR, and the Authplay.dll component in Reader and Acrobat. The ActionScript Virtual Machine 2 component fails to sanitize user-supplied input when handling certain instruction sequences, resulting in memory corruption. With a specially crafted .swf file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 43870 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

[CLOSE] OSVDB ID : 68127 - Disclosed: 2010-09-14

Description:

Microsoft .NET Framework contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the component provides detailed error codes during decryption attempts, which will disclose View State form data to a remote attacker via a padding oracle attack. This may also potentially allow for the forging of cookies or reading of application files.

[CLOSE] OSVDB ID : 77529 - Disclosed: 2011-12-07

Description:

A memory corruption flaw exists in Adobe Reader and Acrobat . The program fails to sanitize user-supplied input when handling U3D data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 39126 - Disclosed: 2007-12-11

Description:

A buffer overflow exists in DirectX. The DirextShow SAMI parser fails to validate SAMI files resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58874 - Disclosed: 2009-10-13

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530.

[CLOSE] OSVDB ID : 53668 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability."

[CLOSE] OSVDB ID : 44143 - Disclosed: 2008-04-06

Description:

libfishsound contains an array-indexing error condition in the Speex decoder component. The issue is triggered as user-supplied input is not properly validated when handling header structures. With a specially crafted header structure with a negative offset, a context-dependent attacker can cause data to be written to an arbitrary memory location, resulting in arbitrary code execution.

[CLOSE] OSVDB ID : 65264 - Disclosed: 2010-06-10

Description:

Microsoft Windows contains a flaw related to the 'MPC::HexToNum()' function in 'helpctr.exe' failing to properly handle escape sequences. This may allow a remote attacker to bypass the trusted documents whitelist and execute arbitrary commands via a crafted hcp:// URL directed to the sysinfomain.htm help document.

[CLOSE] OSVDB ID : 70443 - Disclosed: 2011-01-11

Description:

Microsoft Data Access Components and Windows Data Access Components are prone to an overflow condition. The 'SQLConnectW' function fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted long string in the Data Source Name and a crafted szDSN argument, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 55845 - Disclosed: 2009-07-14

Description:

Microsoft Windows DirectDraw contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when Internet Explorer renders a malicious web page. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality and/or availability.

[CLOSE] OSVDB ID : 47410 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."

[CLOSE] OSVDB ID : 49068 - Disclosed: 2008-10-14

Description:

An overflow exists in Host Integration Server. The RPC interface fails to validate SNA RPC messages resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 44880 - Disclosed: 2007-11-16

Description:

A remote overflow exists in Microsoft Jet (msjet40.dll). The DLL fails to bounds check user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 47406 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."

[CLOSE] OSVDB ID : 44623 - Disclosed: 2008-04-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 52519 - Disclosed: 2009-03-11

Description:

Windows contains a flaw that may allow a malicious user to spoof a WPAD (Web Proxy Auto-Discovery) DNS record. The issue is caused by the DNS server allowing any client to register a WPAD entry in DNS. It is possible that the flaw may allow a malicious proxy to redirect Internet traffic resulting in a loss of integrity.

[CLOSE] OSVDB ID : 72234 - Disclosed: 2011-05-11

Description:

A memory corruption flaw exists in Microsoft Windows. The Windows Internet Name Service reuses certain data structures which contain data controlled by the attacker when handling socket send exceptions, resulting in memory corruption. With a specially crafted replication packet, a remote attacker may cause a LeaveCriticalSection call to operate on a controlled memory location, allowing them to execute arbitrary code.

[CLOSE] OSVDB ID : 37289 - Disclosed: 2007-08-14

Description:

(Description Provided by CVE) : Linux kernel 2.4.35 and other versions allows local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

[CLOSE] OSVDB ID : 56723 - Disclosed: 2009-08-01

Description:

(Description Provided by CVE) : Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.

[CLOSE] OSVDB ID : 46779 - Disclosed: 2008-07-08

Description:

Microsoft OWA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate email fields from withing a users session. This could allow an attacker the ability to execute malicious script in the security context of the victims OWA session via a specially crafted email, and read, send, and delete emails as the logged-on user leading to a loss of integrity.

[CLOSE] OSVDB ID : 58876 - Disclosed: 2009-10-13

Description:

Windows contains a flaw that may allow a malicious user to execute remote code. The issue is triggered when a malicious user sends a specially crafted SMB Multi-Protocol Negotiate Request packet with a command value which Windows cannot process. It is possible that the flaw may allow execute remote code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49061 - Disclosed: 2008-10-14

Description:

Windows contains a flaw that may allow a malicious local user to gain access to unauthorized privileges. The issue is triggered by a flaw in the Ancillary Function Driver (afs.sys), and may lead to a loss of integrity.

[CLOSE] OSVDB ID : 58855 - Disclosed: 2009-10-13

Description:

(Description Provided by CVE) : The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.

[CLOSE] OSVDB ID : 46065 - Disclosed: 2008-06-10

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."

[CLOSE] OSVDB ID : 41423 - Disclosed: 2008-02-08

Description:

(Description Provided by CVE) : The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.

[CLOSE] OSVDB ID : 54129 - Disclosed: 2009-04-28

Description:

(Description Provided by CVE) : The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 9.1, 8.1.4, 7.1.1, and earlier on Linux and UNIX allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.

[CLOSE] OSVDB ID : 72236 - Disclosed: 2011-05-10

Description:

Microsoft Office PowerPoint is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted PowerPoint file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 55836 - Disclosed: 2009-07-14

Description:

ISA Server 2006 contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when the server receives a request from a user agent that indicates a fall-back to HTTP-Basic authentication and ISA does not properly authenticate the request. It is possible that the flaw may allow unauthenticated access resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 39124 - Disclosed: 2007-12-11

Description:

Windows Vista contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified in Windows Advanced Local Procedure Call (ALPC). This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 47962 - Disclosed: 2008-09-09

Description:

A buffer overflow exists in Windows. The wmex.dll ActiveX control fails to validate data passed to the GetDetailsString method resulting in a stack overflow. With a specially crafted web site, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 57421 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

[CLOSE] OSVDB ID : 68932 - Disclosed: 2010-10-28

Description:

Adobe Acrobat, Flash and Reader contains a flaw that may allow a remote attacker to execute arbitrary commands or code. An unspecified error can be exploited to execute arbitrary code

[CLOSE] OSVDB ID : 56699 - Disclosed: 2009-07-28

Description:

(Description Provided by CVE) : The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."

[CLOSE] OSVDB ID : 46786 - Disclosed: 2008-07-09

Description:

Multiple Cisco products contain a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.

[CLOSE] OSVDB ID : 49060 - Disclosed: 2008-10-14

Description:

A buffer overflow exists in Windows. The Message Queuing Service fails to validate RPC calls resulting in a heap buffer overflow. With a specially crafted RPC call, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.