Posts etiquetados ‘buffer overflow vulnerability’

Adobe Acrobat and Reader CVE-2010-0201 Remote Code Execution Vulnerability

Adobe Acrobat and Reader CLOD Mesh Declaration Block Heap Buffer Overflow Vulnerability

Adobe Acrobat and Reader CVE-2010-1241 ‘CoolType.dll’ Remote Code Execution Vulnerability

Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability

Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability

Adobe Acrobat and Reader BMP Data Remote Buffer Overflow Vulnerability

Adobe Acrobat and Reader JPEG Data Remote Buffer Overflow Vulnerability

Adobe Reader CVE-2010-0200 Remote Code Execution Vulnerability

Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability

Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability

Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability

Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability

Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability

Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability

Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability

Adobe Acrobat and Reader Prefix Protocol Handler Remote Code Execution Vulnerability


BOLETIN DE SEGURIDAD PARA ACROBAT READER Y ACROBAT

fuente: securityfocus.org

Yahoo! Player is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Yahoo! Player versions 1.5.01.409 and 1.0; other versions may also be affected.

REFERENCIA DE LA VULNERABILIDAD

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones
necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com


Dos nuevas  vulnerabilidades afectan a productos Microsoft, ambas estan incluidas en el nuevo Boletin de Seguridad para el mes de marzo.

Published: Mar 09 2010   | Updated:  Mar 09 2010

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com | microsoft.com

Exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

Opera Web Browser 10.10 and 10.50 are vulnerable; other versions may also be affected.

REFERENCIA DE LA VULNERABILIDAD

Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.

fuente: securityfocus.com


fuente: securityfocus.com


 

fuente: securityfocus.com

firefox vs IE

Microsoft GDI+ is prone to a stack-based buffer-overflow vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE (March 25, 2009): Further investigation reveals that this issue is in fact a new issue and has been assigned its own BID. Information that was added on March 24, 2009 to BID 31019 (‘Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability’) is now provided in this BID.

Published:       Mar 24 2009 12:00AM
Updated:           Mar 25 2009 11:06PM

REFERENCIA DE LA VULNERABILIDAD

EXPLOIT

fuente: securityfocus.com

microsoft_logo23