Zero Day Initiative Advisory 12-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java Webstart handles the 'java-vm-args' parameter in the j2se tag within a jnlp file. Due to insufficient sanitation it is possible to add additional double quotes to the commandline argument string used to start a new java process. This can lead to remote code execution under the rights of the current user.
651b5441e65bd315cdda098b21e89a94A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles True Type Font files. When reading a font file, Java will use the MaxInstructionSize from the maxp table to create a heap memory location to store all the Instruction Definition found in the Font Program 'fpgm' table. However, when Java encounters an IDEF opcode (0x89) in the opcode stream it never checks the size of the MaxInstructionSize which can result in a heap buffer overflow. This can lead to remote code execution under the context of the current process.
6dc4b5f748c872b9f9d63515be17303aZero Day Initiative Advisory 12-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaFX, a downloadable Java extension. The JavaFX Jar file is signed by Oracle and can be installed without user interaction. Once installed it is possible to invoke the main method of any trusted class with arbitrary arguments and with a trusted call stack. This can be leveraged to remote code execution under the context of the user.
231f8aeef31f011725a480c0e021c24dZero Day Initiative Advisory 12-037 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java Webstart. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within javaws.exe . Java Web Start does not safely handle double quotes that are placed anywhere except the beginning of certain property names in JNLP files. As a result, double quotes can be used to inject arbitrary command-line arguments into a javaw.exe process. Leveraging this would allow a remote attacker to execute code under the context of the user.
77f756182433ac4c10ec79e5fc2dd7e9Zero Day Initiative Advisory 12-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of VML element positioning. When appending a VML element to a textArea element a reference to a cDispScroller object can be improperly freed. The object is can be reused, and due to this object being freed, a later allocation can be located in this memory region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
d520febd6ac5db41fa8f6c3cee7dd1c7Mandriva Linux Security Advisory 2012-023 - It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. The updated packages have been patched to correct this issue.
e90ebcfa22533ef068df780bc157e703Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
aca7c31cd83717483b28d457d97f425aZero Day Initiative Advisory 12-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ASX meta files. When the code within wmp.dll attempts to process the version string within a meta file, it copies it to a fixed-length buffer on the stack without checking that the destination can contain the input data. This can be abused remotely by attackers to execute arbitrary code under the context of the user running the media application.
7f261e288463a8955d67d85374f39877Mandriva Linux Security Advisory 2012-022 - Integer overflow in libpng allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. The updated packages have been patched to correct this issue.
e9834f6300d9f86f6014ae21d754d8c1Tremulous, a team based FPS game with RTS elements, suffers from a large amount of old Quake related vulnerabilities.
03204c6c3ec87dd81acfb566950a6eb7Zero Day Initiative Advisory 12-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem).
9c9f2852e344ce495a6eba94ae4668f6Zero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.
e918e5f728fffc6e2f50af6885efd54eRed Hat Security Advisory 2012-0325-01 - JBoss Web is a web container based on Apache Tomcat. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. Various other issues were addressed.
6eb28d7f9a95de3a481504d3d5b98050Gentoo Linux Security Advisory 201202-6 - A vulnerability in Asterisk could allow a remote attacker to cause a Denial of Service condition. Versions less than 1.8.8.2 are affected.
0b7cc4ed5480342246d3b307ae869b3bGentoo Linux Security Advisory 201202-5 - A boundary error in Heimdal could result in execution of arbitrary code. Versions less than 1.5.1-r1 are affected.
4f97f3ed6c49525bc2b87196fe49766bGentoo Linux Security Advisory 201202-4 - A vulnerability in PowerDNS could allow a remote attacker to create a Denial of Service condition. Versions less than 3.0.1 are affected.
22c1d7737e603bc0c840fcb5a0505a74Gentoo Linux Security Advisory 201202-3 - A hash collision vulnerability in MaraDNS allows remote attackers to cause a Denial of Service condition. Versions less than 1.4.09 are affected.
e82e0e67880d9da6650895babf1c13ffUbuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
58c0ec291dd4ffaca0e8825537eeeb5dDebian Linux Security Advisory 2415-1 - Several vulnerabilities that can lead to the execution of arbitrary code have been discovered in libmodplug, a library for mod music based on ModPlug.
69a1bae86b0dec3fce4165073d54970dDebian Linux Security Advisory 2414-1 - Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.
cb6bda9afb895bf2561eff3006741fd8Secunia Security Advisory - A vulnerability has been reported in libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service).
dfb36fb78b2c781a079c1edc1f802615Secunia Security Advisory - Red Hat has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
03b0f25ce5259533c007e82dd692b670Secunia Security Advisory - Debian has issued an update for fex. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
2be90207c060fdb0468428dccab1ab5fSecunia Security Advisory - Red Hat has issued an update for httpd. This fixes two weaknesses and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges and by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
1b249dae5c68b310f2fa7bf0b80d3470Secunia Security Advisory - A vulnerability has been reported in Dolphin, which can be exploited by malicious users to bypass certain security restrictions.
face98f6bb01af401318aace888b53d1
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed