[CLOSE] OSVDB ID : 68797 - Disclosed: 2010-10-12

Description:

Oracle VM Server contains a command injection flaw related to the Virtual Server Agent sub-component. The issue is triggered when a remote authenticated attacker sends shell meta characters to the 'utl_test_url' XML-RPC methodCall. This may allow an attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 68412 - Disclosed: 2010-10-05

Description:

Adobe Reader and Acrobat on Linux contain multiple flaws related to an insecure relative RPATH that may allow an attacker to gain access to unauthorized privileges. The issue can be exploited by malicious, local users to gain escalated privileges and execute arbitrary code by tricking a user into running the program in an attacker-controlled directory.

[CLOSE] OSVDB ID : 68423 - Disclosed: 2010-10-05

Description:

An unspecified memory corruption flaw exists in Adobe Reader and Acrobat for Mac OS X. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service.

[CLOSE] OSVDB ID : 68424 - Disclosed: 2010-10-05

Description:

Adobe Reader and Acrobat on Mac OS X contains an unspecified flaw that may allow a context-dependent attacker to execute arbitrary code via a crafted image. No further details have been provided.

[CLOSE] OSVDB ID : 68431 - Disclosed: 2010-10-05

Description:

Adobe Reader and Acrobat on Mac OS X contain a flaw related to the frame pointer. The issue is triggered when a remote attacker writes a null byte into memory. This may allow an attacker to modify the frame pointer and execute arbitrary code.

[CLOSE] OSVDB ID : 67674 - Disclosed: 2010-08-31

Description:

Microsoft Visual Studio ATL MFC Trace Tool (AtlTraceTool8.exe) is prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a TRC file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 67484 - Disclosed: 2010-08-26

Description:

Microsoft Groove is prone to a flaw in the way it loads dynamic-link libraries (e.g. GroovePerfmon.dll and mso.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a VCG or GTA file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 68123 - Disclosed: 2010-08-14

Description:

Microsoft SharePoint contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the application does not properly sanitise HTML code using SafeHTML. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

[CLOSE] OSVDB ID : 67099 - Disclosed: 2010-08-12

Description:

(Description Provided by CVE) : Cisco IOS 15.1(2)T allows remote attackers to cause a denial of service (resource consumption and TCP outage) via spoofed TCP packets, related to embryonic TCP connections that remain in the SYN_RCVD or SYN_SENT state, aka Bug ID CSCti18193.

[CLOSE] OSVDB ID : 66995 - Disclosed: 2010-08-10

Description:

Microsoft Office Word contains a flaw in the way that Microsoft Office Word parses rich text data. This may allow an attacker to gain the same user rights as the local user.

[CLOSE] OSVDB ID : 66996 - Disclosed: 2010-08-10

Description:

Microsoft Office Word contains a flaw in the way that Microsoft Office Word parses certain rich text data. This may allow an attacker to gain the same user rights as the local user.

[CLOSE] OSVDB ID : 66859 - Disclosed: 2010-08-04

Description:

(Description Provided by CVE) : Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.

[CLOSE] OSVDB ID : 66296 - Disclosed: 2010-07-13

Description:

Microsoft Office Outlook contains a flaw related to a failure to verify e-mail attachments properly. The issue is triggered when the program allows attachments to link to files other than what they appear to be. This may allow a context-dependent attacker to use a crafted message to execute arbitrary code.

[CLOSE] OSVDB ID : 66003 - Disclosed: 2010-07-05

Description:

Microsoft Windows contains a use-after-freeflaw that may allow a local attacker to gain access to unauthorized privileges. The issue is triggered when an attacker uses call saturation to the 'NtUserCheckAccessForIntegrityLevel' function to cause a failure in the 'LockProcessByClientId' function, allowing a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 65581 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR are prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. No further details have been provided.

[CLOSE] OSVDB ID : 65532 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65575 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contains multiple unspecified flaws that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 65577 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65578 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65580 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65583 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms allows attackers to cause a denial of service via unknown vectors.

[CLOSE] OSVDB ID : 65586 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65587 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65588 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65589 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65590 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input when parsing the URL. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65591 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65592 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR are prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. No further details have been provided.

[CLOSE] OSVDB ID : 65593 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65594 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR are prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. No further details have been provided.

[CLOSE] OSVDB ID : 65595 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contain a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, which causes a consumption of memory. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65596 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR are prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. No further details have been provided.

[CLOSE] OSVDB ID : 65597 - Disclosed: 2010-06-10

Description:

Adobe Flash Player and AIR contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error occurs, and will result in loss of availability for the program.

[CLOSE] OSVDB ID : 65598 - Disclosed: 2010-06-10

Description:

A memory corruption flaw exists in Adobe Flash Player and AIR. The program fails to sanitize user-supplied input resulting in memory corruption. This will result in a denial of service.

[CLOSE] OSVDB ID : 65572 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.

[CLOSE] OSVDB ID : 65573 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Array index error in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified "types of Adobe Flash code."

[CLOSE] OSVDB ID : 65574 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors related to improper length calculation and the (1) STSC, (2) STSZ, and (3) STCO atoms.

[CLOSE] OSVDB ID : 65576 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certain function."

[CLOSE] OSVDB ID : 65579 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to malformed (1) GIF or (2) JPEG data.

[CLOSE] OSVDB ID : 65582 - Disclosed: 2010-06-10

Description:

(Description Provided by CVE) : Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors related to SWF files, decompression of embedded JPEG image data, and the DefineBits and other unspecified tags, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.