Section: .. / 0905-advisories /
| /// File Name: |
05.12.09-1.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 4385 | | Related CVE(s): | CVE-2009-0227 | | Last Modified: | May 13 13:01:04 2009 |
| MD5 Checksum: | 3e5662125337722b41d5dd4752ed8550 |
|
| /// File Name: |
05.12.09-2.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses structures in the PowerPoint file. If the number of these structures is greater than a certain value, then memory corruption will occur. This memory corruption leads to the executing of arbitrary code. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 4403 | | Related CVE(s): | CVE-2009-0223 | | Last Modified: | May 13 13:03:19 2009 |
| MD5 Checksum: | dda70f10023cb45aa7a6ee81a4374bfd |
|
| /// File Name: |
05.12.09-3.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. In particular, there is code that parses a string in the PowerPoint file. If the size of this data is greater than a certain value, then memory corruption will occur. This memory corruption can lead to the vulnerable code executing an attacker supplied address. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 4376 | | Related CVE(s): | CVE-2009-0226 | | Last Modified: | May 13 13:05:04 2009 |
| MD5 Checksum: | e692b4d7451abbc5bd3f45ddfd820ac0 |
|
| /// File Name: |
05.12.09-4.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 4.0 format files. This functionality is contained within the PP4X32.DLL. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 5118 | | Related CVE(s): | CVE-2009-0220 | | Last Modified: | May 13 13:06:02 2009 |
| MD5 Checksum: | d5c973ceea6c154dddc4026ec264568c |
|
| /// File Name: |
05.12.09-5.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 95 format files. This functionality is contained within the PP7X32.DLL. The vulnerabilities occur when reading sound data from a PowerPoint file. In both cases, a value representing a record length is read in from the file. This value is then used to control the number of bytes read into a fixed size stack buffer. There is no check performed to ensure that the buffer can hold the number of bytes specified, which results in a stack buffer overflow. iDefense has confirmed the existence of these vulnerabilities in Office XP SP3, and Office 2000 SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 4115 | | Related CVE(s): | CVE-2009-1129 | | Last Modified: | May 13 13:07:03 2009 |
| MD5 Checksum: | 76895dd63db2cc075ee8e29b4f7dbc50 |
|
| /// File Name: |
05.12.09-6.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of multiple stack-based buffer overflow vulnerabilities in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerabilities exist within the importer for PowerPoint 95 format files. This functionality is contained within the PP7X32.DLL. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3 and XP SP3.
| | Author: | Marsu | | Homepage: | http://www.idefense.com/ | | File Size: | 5286 | | Related CVE(s): | CVE-2009-1128 | | Last Modified: | May 13 13:08:27 2009 |
| MD5 Checksum: | fdf8ea7a2c3d92692291d950f57e4a2f |
|
| /// File Name: |
05.12.09-7.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of the BuildList record. This record is a container for other records that describe charts and diagrams in the PowerPoint file. By inserting multiple BuildList records with ChartBuild containers inside of them, it is possible to trigger a memory corruption vulnerability during the parsing of the ChartBuild container's contents. This allows an attacker to control an object pointer, which can lead to attacker supplied function pointers being dereferenced. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3, 2002 XP SP3, 2003 SP2, 2003 SP3, 2007, 2007 SP1, and PowerPoint Viewer 2003.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4438 | | Related CVE(s): | CVE-2009-0224 | | Last Modified: | May 13 13:10:12 2009 |
| MD5 Checksum: | 7dc38eceb58b3065d0e436e8bc5477d2 |
|
| /// File Name: |
05.12.09-8.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing the Notes container inside of the PowerPoint Document stream. This container is used to hold records related to notes that appear on the slides. By inserting a value into a container, it is possible to trigger a memory corruption vulnerability. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3, 2002 XP SP3, 2003 SP2, and 2003 SP3.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4085 | | Related CVE(s): | CVE-2009-1130 | | Last Modified: | May 13 13:13:46 2009 |
| MD5 Checksum: | 39272c6d859b188a92c96a5b542e6040 |
|
| /// File Name: |
05.12.09-9.txt |
Description:
|
iDefense Security Advisory 05.12.09 - Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of two related PowerPoint record types. The first record type is used to specify collaboration information for different slides. One of the fields in this record contains a 32-bit integer that is used to specify the number of a specific type of records that are present in the file. This integer is used in a multiplication operation that calculates the size of a heap buffer that will be used to store the records as they are read in from the file. The calculation can overflow, resulting in an undersized heap buffer being allocated. By providing a large value for the record count, and inserting enough dummy records, it is possible to trigger a heap based buffer overflow. iDefense has confirmed the existence of these vulnerabilities in PowerPoint 2000 SP3, 2002 XP SP3, 2003 SP2, and 2003 SP3.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 4797 | | Related CVE(s): | CVE-2009-0221 | | Last Modified: | May 13 13:15:19 2009 |
| MD5 Checksum: | 5ad9d99d40157d8e8a69709ef123d5b3 |
|
| /// File Name: |
05.14.09-1.txt |
Description:
|
iDefense Security Advisory 05.14.09 -Local exploitation of an index validation vulnerability in Apple Inc.'s Mac OS X xnu kernel could allow an attacker to execute arbitrary code in the security context of the kernel. The Mac OS X xnu (Mach) kernel implements workqueues. This allows the kernel to schedule events to take place in a task. An input validation error exists within this implementation, which can lead to execution of arbitrary code in the kernel. Apple Inc.'s Mac OS X 10.5.2 and earlier is considered vulnerable to this issue.
| | Author: | mu-b | | Homepage: | http://www.idefense.com/ | | File Size: | 3519 | | Related CVE(s): | CVE-2008-1517 | | Last Modified: | May 15 14:22:58 2009 |
| MD5 Checksum: | 897b30a020a855a7a6ad6d4b57afe9ad |
|
| /// File Name: |
05.14.09-2.txt |
Description:
|
iDefense Security Advisory 05.14.09 - Remote exploitation of multiple integer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. These vulnerabilities exist in the handling of an optional data stream stored within various files. Both issues are integer overflows, and are within the same function. Within the vulnerable function, an integer value is read from the Microsoft Office file. This value is later used in several arithmetic integer calculations. Since no validation is performed, integer overflows can occur. The result is the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 6689 | | Related CVE(s): | CVE-2009-1011 | | Last Modified: | May 16 14:42:37 2009 |
| MD5 Checksum: | 12efe72201b82244d7c4803ab328d482 |
|
| /// File Name: |
05.14.09-3.txt |
Description:
|
iDefense Security Advisory 05.14.09 - Remote exploitation of an integer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists when handling specific records within a specially crafted Microsoft Excel spreadsheet file. Within the vulnerable function, an integer value is read from the file. This value is later used in an arithmetic integer calculation. Since no validation is performed, an integer overflow can occur. This results in the allocation of a buffer that is too small to hold the data that is subsequently read from the file. A heap buffer overflow occurs, leading to an exploitable condition.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 6433 | | Related CVE(s): | CVE-2009-1010 | | Last Modified: | May 16 14:45:17 2009 |
| MD5 Checksum: | 0c74f5b06565ed8fcba02ecb09ae882f |
|
| /// File Name: |
05.14.09-4.txt |
Description:
|
iDefense Security Advisory 05.14.09 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists due to the lack of bounds checking when processing certain records within a Microsoft Excel spreadsheet. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit. By crafting an Excel spreadsheet file properly, it is possible to write beyond the bounds of the stack buffer. The resulting stack corruption leads to arbitrary code execution.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 6687 | | Related CVE(s): | CVE-2009-1009 | | Last Modified: | May 16 14:46:42 2009 |
| MD5 Checksum: | 0434d4650043444db116551d83cd9288 |
|
| /// File Name: |
05.14.09-5.txt |
Description:
|
iDefense Security Advisory 05.14.09 - Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allow attackers to execute arbitrary code. Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken.
| | Author: | Joshua J. Drake | | Homepage: | http://www.idefense.com/ | | File Size: | 6764 | | Related CVE(s): | CVE-2009-1009 | | Last Modified: | May 16 14:48:21 2009 |
| MD5 Checksum: | 7404edb2a93993d499b176cc5254c4ab |
|
| /// File Name: |
05.19.09-1.txt |
Description:
|
iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3014 | | Last Modified: | May 21 02:26:05 2009 |
| MD5 Checksum: | f5df636d3549f48d5c7b51f6d5d3826e |
|
| /// File Name: |
Bkis-08-2009.txt |
Description:
|
MPLAB IDE Microchip suffers from a buffer overflow vulnerability.
| | Author: | Le Duc Anh | | Homepage: | http://security.bkis.vn/ | | Related Exploit: | mplap_ide_poc.zip | | File Size: | 1917 | | Last Modified: | May 11 12:50:12 2009 |
| MD5 Checksum: | b1ff7fd4d8b8ce3c70de27e63e853b92 |
|
| /// File Name: |
Bkis-09-2009.txt |
Description:
|
PRTG Traffic Grapher suffers from a cross site scripting vulnerability in Monitor_Bandwidth. Versions 6.2.2.977 and below are affected.
| | Author: | SVRT | | Homepage: | http://security.bkis.vn/ | | File Size: | 1832 | | Last Modified: | May 28 20:58:52 2009 |
| MD5 Checksum: | c88abe0c7ca8ae9d25d905f2911427e2 |
|
| /// File Name: |
cisco-sa-20090520-cw.txt |
Description:
|
Cisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12910 | | Related CVE(s): | CVE-2009-1161 | | Last Modified: | May 21 02:09:39 2009 |
| MD5 Checksum: | 36b09d3bf0be6807065752275ed88f69 |
|
| /// File Name: |
CORE-2009-0401.txt |
Description:
|
Core Security Technologies Advisory - Ston3D StandalonePlayer and WebPlayer are vulnerable to a command injection vulnerability, which can be exploited by malicious remote attackers. The vulnerability is due to the Ston3D scripting language. It provides the function 'system.openURL()' which does not properly sanitize the input before using it. This can be exploited to execute arbitrary commands with the privileges of the Stone3D player by opening a specially crafted file.
| | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 13301 | | Related CVE(s): | CVE-2009-1792 | | Last Modified: | May 28 22:00:23 2009 |
| MD5 Checksum: | 8cfc66146f5a00b7309bd90d85d38dff |
|
| /// File Name: |
DDIVRT-2009-25.txt |
Description:
|
The web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability.
| | Author: | David Marshall,r@b13$ | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 869 | | Last Modified: | May 21 19:32:14 2009 |
| MD5 Checksum: | a9e4c0a0fb5a55991acaf2f0e3c218fe |
|
| /// File Name: |
dsa-1784-1.txt |
Description:
|
Debian Security Advisory 1784-1 - Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file.
| | Homepage: | http://www.debian.org/security | | File Size: | 18876 | | Related CVE(s): | CVE-2009-0946 | | Last Modified: | May 2 21:24:42 2009 |
| MD5 Checksum: | da1f938b69b5e6cc91fb4d34fbe88cbf |
|
| /// File Name: |
dsa-1785-1.txt |
Description:
|
Debian Security Advisory 1785-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service or the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11449 | | Related CVE(s): | CVE-2009-1210, CVE-2009-1268, CVE-2009-1269 | | Last Modified: | May 2 22:41:01 2009 |
| MD5 Checksum: | 13eba416377eca9f5b6330cdf8140dcf |
|
| /// File Name: |
dsa-1786-1.txt |
Description:
|
Debian Security Advisory 1786-1 - It was discovered that acpid, a daemon for delivering ACPI events, is prone to a denial of service attack by opening a large number of UNIX sockets, which are not closed properly.
| | Homepage: | http://www.debian.org/security | | File Size: | 4662 | | Related CVE(s): | CVE-2009-0798 | | Last Modified: | May 2 22:41:37 2009 |
| MD5 Checksum: | d3c8e7dcb29cd3dd0d2673bb7526c9e9 |
|
| /// File Name: |
dsa-1787-1.txt |
Description:
|
Debian Security Advisory 1787-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 31494 | | Related CVE(s): | CVE-2008-4307, CVE-2008-5079, CVE-2008-5395, CVE-2008-5700, CVE-2008-5701, CVE-2008-5702, CVE-2009-0028, CVE-2009-0029, CVE-2009-0031, CVE-2009-0065, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0745, CVE-2009-0834, CVE-2009-0859, CVE-2009-1046, CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1337, CVE-2009-1338, CVE-2009-1439 | | Last Modified: | May 5 00:02:21 2009 |
| MD5 Checksum: | d22c6644790c36302ceafd3fb1b066c2 |
|
| /// File Name: |
dsa-1788-1.txt |
Description:
|
Debian Security Advisory 1788-1 - It was discovered that Quagga, an IP routing daemon, could no longer process the Internet routing table due to broken handling of multiple 4-byte AS numbers in an AS path. If such a prefix is received, the BGP daemon crashes with an assert failure, leading to a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 4963 | | Last Modified: | May 5 00:25:11 2009 |
| MD5 Checksum: | bce40d4850617d17f14755dfc100f69e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
