Network Security News – Friday, July 14, 2006 Events
Adobe Reader LoadFile() Method Local File Enumeration
Adobe Reader contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker calls the .LoadFile() method exposed by ActiveX in Internet Explorer via a malicious web page to trigger a flaw in Adobe Reader and disclose information on existence of local files in the target system resulting in a loss of confidentiality.. Read more at osvdb.org/15242
Sparklet agl_text.cpp Multiple Function Format String
A vulnerability has been identified in Sparklet. This flaw is due to a format string error in the 'WriteText()' and 'allegro_gl_printf_ex()' functions when handling user-supplied input (e.g. nickname), which could be exploited by remote attackers to crash or compromise a vulnerable client via a malicious nickname.. Read more at osvdb.org/27038
Microsoft IE Object.Microsoft.DXTFilter Enabled Property NULL Dereference
Internet Explorer 6 contains a flaw that may allow a local denial of service. The issue is triggered when the 'Object.Microsoft.DXTFilter' property 'Enabled' is set to true(1). This leads to a NULL pointer dereference and will result in loss of availability for the browser.. Read more at osvdb.org/27014
Microsoft IE RDS.DataControl SysAllocStringLen Invalid Length Issue
A local overflow exists in Internet Explorer 6. The browser fails to control length boundaries of the 'URL' attribute of the 'RDS.DataControl' object resulting in a page violation/heap overflow. This may allow an attacker to crash the browser or execute arbitrary code.. Read more at osvdb.org/26955
Microsoft IE TriEditDocument URL Property NULL Dereference
Internet Explorer 6 contains a flaw that may allow a remote denial of service. The issue is triggered when the "TriEditDocument.TriEditDocument" ActiveX object's 'URL' property of this object is set, triggering a NULL dereference. This may result in loss of availability for the browser.. Read more at osvdb.org/27056
Sport Slo Advanced Guestbook guestbook.php Multiple Field XSS
Advanced Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'form' variables upon submission to the guestbook.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27066
ATutor users/browse.php cat Variable XSS
ATRC ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' variable upon submission to the 'users/browse.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27022
Mac OS X CF_syslog Function Format String
Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the CF_syslog() function passes unchecked data to syslog(), allowing for a possible format string exploit. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/26933
Mac OS X ImageIO TIFF Processing Overflow
A local overflow exists in Mac OS X. The ImageIO library fails to validate TIFF image files resulting in a stack overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/26931
Mac OS X OpenLDAP Server Malformed Request Remote DoS
Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted request to the OpenLDAP server, and will result in loss of availability for the service.. Read more at osvdb.org/26932
Vuln: RW::Download Stats.PHP Remote File Include Vulnerability
RW::Download Stats.PHP Remote File Include Vulnerability. Read more at securityfocus.com/bid/18901
Vuln: Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability
Linux Kernel SMBFS CHRoot Security Restriction Bypass Vulnerability. Read more at securityfocus.com/bid/17735
Leave a Reply