Security Hero Rotating Header Image

Posts Tagged ‘Arbitrary Code’

0562 (isa_server, office, office_web_components)

CVE-2009-0562 (isa_server, office, office_web_components) The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting [...]

2469 (firefox)

CVE-2009-2469 (firefox) Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. [...]

VMware fixes security bugs

VMware fixes security bugs VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in [...]

VMWare Patches Released, (Fri, May 29th)

VMWare Patches Released, (Fri, May 29th) Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable [...]

Blackberry Server Vulnerability, (Fri, May 29th)

Blackberry Server Vulnerability, (Fri, May 29th) For all of you running around with a Blackberry, be careful of opening .pdf files. A vulnerability announced on Tuesday allows for specially crafted .pdf files when opened on your blackberry to potentially cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the [...]

New Windows zero-day

New Windows zero-day Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the [...]

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code <!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:19:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9Oew-0006Yj-QS for email@address; Wed, 27 May 2009 20:19:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 9BD6F236FF8; Wed, 27 [...]

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code Posted by Alex Legler on May 27 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux [...]

BlackBerry patches PDF flaws

BlackBerry patches PDF flaws Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt [...]

New cscope packages fix arbitrary code execution

[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution <!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:47:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8dKl-0000wJ-NC for email@address; Mon, 25 May 2009 17:47:31 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id C8835144259; Mon, 25 [...]

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code <!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:03:17 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8cdx-0000Fq-BQ for email@address; Mon, 25 May 2009 17:03:17 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 73F8314425B; Mon, 25 [...]

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code Posted by Pierre-Yves Rofes on May 24 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux [...]

New cscope packages fix arbitrary code execution

[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution Posted by Moritz Muehlenhoff on May 24 ———————————————————————— Debian Security Advisory DSA-1806-1 security_at_debian.org www.debian.org/security/ Moritz Muehlenhoff May 24, 2009 … URL: http://seclists.org/fulldisclosure/2009/May/0193.html

1759 (dtorrent, ctorrent)

CVE-2009-1759 (dtorrent, ctorrent) Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path. URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1759

[security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

Bugtraq: [security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) [security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) URL: http://www.securityfocus.com/archive/1/503429

Bad Behavior has blocked 352 access attempts in the last 7 days.