[CLOSE] OSVDB ID : 89059 - Disclosed: 2013-01-13

Description:

Oracle Java contains a flaw that allows content combining JMX (Java Management Extensions) MBean components and sun.org.mozilla.javascript.internal objects to call the 'setSecurityManager()' function to elevate privileges. The com.sun.jmx.mbeanserver.MBeanInstantiator.findClass method allows an attacker to retrieve Class references of any package. Using a reflection method (API) recursively, an attacker can then bypass security checks and use this to run privileged code.

[CLOSE] OSVDB ID : 75389 - Disclosed: 2011-09-14

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input in the SharePoint Calender passed via the URL before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75390 - Disclosed: 2011-09-14

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input upon submission to the EditForm.aspx script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75391 - Disclosed: 2011-09-14

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via contact details before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75393 - Disclosed: 2011-09-14

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed via the URL before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75382 - Disclosed: 2011-09-14

Description:

Microsoft Windows is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .txt, .rtf or .doc file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 75379 - Disclosed: 2011-09-14

Description:

Microsoft Office is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .PPT file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 75383 - Disclosed: 2011-09-14

Description:

(Description Provided by CVE) : Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."

[CLOSE] OSVDB ID : 75384 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

[CLOSE] OSVDB ID : 75385 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."

[CLOSE] OSVDB ID : 75386 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability."

[CLOSE] OSVDB ID : 75387 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."

[CLOSE] OSVDB ID : 75380 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."

[CLOSE] OSVDB ID : 75444 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."

[CLOSE] OSVDB ID : 75381 - Disclosed: 2011-09-13

Description:

(Description Provided by CVE) : Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."

[CLOSE] OSVDB ID : 75201 - Disclosed: 2011-08-12

Description:

Adobe Flash Player contains a flaw that is triggered when an unspecified error occurs during the handling of SWF files. This may an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 74408 - Disclosed: 2011-08-10

Description:

Windows Data Access Tracing Component is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a Excel file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 74406 - Disclosed: 2011-08-10

Description:

Microsoft Windows Remote Desktop Web Access contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input to the Logon page before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74405 - Disclosed: 2011-08-10

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the Remote Desktop Protocol fails to properly parse RDP packets, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 74396 - Disclosed: 2011-08-10

Description:

Microsoft Report Viewer contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed to the Microsoft Report Viewer control before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74399 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."

[CLOSE] OSVDB ID : 74400 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 74403 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart Control for Microsoft .NET Framework 3.5 SP1, do not properly verify functions in URIs, which allows remote attackers to read arbitrary files via special characters in a URI in an HTTP request, aka "Chart Control Information Disclosure Vulnerability."

[CLOSE] OSVDB ID : 74402 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."

[CLOSE] OSVDB ID : 74401 - Disclosed: 2011-08-09

Description:

(Description Provided by CVE) : Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."

[CLOSE] OSVDB ID : 74439 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74482 - Disclosed: 2011-08-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when Tcpip.sys fails to properly parse ICMP messages, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 74483 - Disclosed: 2011-08-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when Tcpip.sys fails to properly parse URL requests when URL-based Quality of Service (QoS) is enabled, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 74495 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Microsoft Internet Explorer. The window.open() function fails to sanitize user-supplied input when the user performs specific sequences of clicks in different IE windows, resulting in memory corruption. With a specially crafted web page or ActiveX control, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74422 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Photoshop. The program fails to sanitize user-supplied input when handling GIF images, resulting in memory corruption. With a specially crafted GIF image, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74430 - Disclosed: 2011-08-09

Description:

Adobe RoboHelp contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the location.hash DOM property upon submission to the index.html script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74431 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Flash Media Server. The program fails to sanitize user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can cause a denial of service.

[CLOSE] OSVDB ID : 74438 - Disclosed: 2011-08-09

Description:

Adobe Flash Player contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified error occurs, which will disclose cross-domain information to an attacker.

[CLOSE] OSVDB ID : 74500 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input when an unspecified error occurs during the parsing of objects resulting in memory corruption. This may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 74423 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The program fails to sanitize unspecified user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74432 - Disclosed: 2011-08-09

Description:

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 74424 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The program fails to sanitize unspecified user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74425 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The IML32.dll component fails to sanitize unspecified user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74426 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The program fails to sanitize unspecified user-supplied input, resulting in memory corruption. Through unspecified means, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74427 - Disclosed: 2011-08-09

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The Dirapi.dll component fails to sanitize user-supplied input, resulting in memory corruption. With a specially crafted director (.dir) movie file, a context-dependent attacker can execute arbitrary code.