Weekly Vulnerabilities Reports > December 8 to 14, 2008

Overview

159 new vulnerabilities reported during this period, including 73 critical vulnerabilities and 28 high severity vulnerabilities. This weekly summary report vulnerabilities in 160 products from 95 vendors including Microsoft, IBM, SUN, Adobe, and Symantec. Vulnerabilities are notably categorized as "Improper Input Validation", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Link Following", and "Cross-site Scripting".

  • 131 reported vulnerabilities are remotely exploitables.
  • 26 reported vulnerabilities have public exploit available.
  • 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 147 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 66 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 49 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

73 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-11 CVE-2008-5415 Broadcom
CA
The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.
10.0
2008-12-10 CVE-2008-5419 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Control Center 5.2/6.0

Stack-based buffer overflow in SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center 5.2 SP5 and 6.0 allows remote attackers to execute arbitrary code via multiple SST_CTGTRANS requests.

10.0
2008-12-10 CVE-2008-3010 Microsoft Information Exposure vulnerability in Microsoft Windows Media Player 6.4

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1 and 9 incorrectly associate ISATAP addresses with the Local Intranet zone, which allows remote servers to capture NTLM credentials, and execute arbitrary code through credential-reflection attacks, by sending an authentication request, aka "ISATAP Vulnerability."

10.0
2008-12-10 CVE-2008-3009 Microsoft Credentials Management vulnerability in Microsoft products

Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."

10.0
2008-12-10 CVE-2008-5404 Grid2000 Unspecified vulnerability in Grid2000 Flexcell Grid Control 5.7.0.1

Insecure method vulnerability in the FlexCell.Grid ActiveX control in FlexCell.ocx 5.7.0.1 in FlexCell Grid ActiveX Component allows remote attackers to create and overwrite arbitrary files via the HttpDownloadFile method.

10.0
2008-12-10 CVE-2008-5403 Cerulean Studios
Ceruleanstudios
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.

10.0
2008-12-10 CVE-2008-5402 Cerulean Studios
Ceruleanstudios
Resource Management Errors vulnerability in multiple products

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."

10.0
2008-12-10 CVE-2008-5401 Cerulean Studios
Ceruleanstudios
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."

10.0
2008-12-10 CVE-2008-5414 IBM Multiple Unspecified vulnerability in IBM Websphere Application Server 7.0

Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."

10.0
2008-12-10 CVE-2008-5412 Microsoft
IBM
Multiple Unspecified vulnerability in IBM WebSphere Application Server

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs.

10.0
2008-12-10 CVE-2008-5305 Twiki Code Injection vulnerability in Twiki

Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.

10.0
2008-12-09 CVE-2008-5393 Privacy CD Permissions, Privileges, and Access Controls vulnerability in Privacy-Cd Unbuntu Privacy Remix

UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.

10.0
2008-12-09 CVE-2008-4390 Cisco Information Exposure vulnerability in Cisco Wvc54Gc 1.15

The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing the network.

10.0
2008-12-10 CVE-2008-5407 Symantec Improper Authentication vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5

Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and read or delete files, via unknown vectors.

9.4
2008-12-12 CVE-2008-5548 Virusbuster
Microsoft
Improper Input Validation vulnerability in Virusbuster 4.5.11.0

VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5547 Hauri Improper Input Validation vulnerability in Hauri Virobot 2008.12.4.1499/2008.9.12.1375

HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5546 Virusblokada
Microsoft
Improper Input Validation vulnerability in Virusblokada Vba32 Antivirus 3.12.8.5

VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5545 Trend Micro
Microsoft
Improper Input Validation vulnerability in Trend Micro Trend Micro Antivirus 8.700.0.1004

Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5544 Hacksoft
Microsoft
Improper Input Validation vulnerability in Hacksoft the Hacker 6.3.0.9.081/6.3.1.2.174

Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5543 Symantec
Microsoft
Improper Input Validation vulnerability in Symantec Antivirus 10.0

Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5542 Sunbeltsoftware
Microsoft
Improper Input Validation vulnerability in Sunbeltsoftware Vipre 3.1.1633.1/3.1.1832.2

Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5541 Sophos
Microsoft
Improper Input Validation vulnerability in Sophos Anti-Virus 4.33.0

Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5540 Secure Computing
Microsoft
Improper Input Validation vulnerability in Secure Computing Secure web Gateway and Webwasher

Secure Computing Secure Web Gateway (aka Webwasher), when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5539 Rising Global
Microsoft
Improper Input Validation vulnerability in Rising-Global Rising Antivirus 20.61.42.00/21.06.31.00

RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5538 Prevx
Microsoft
Improper Input Validation vulnerability in Prevx Prevx1 2

Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5537 Pctools
Microsoft
Improper Input Validation vulnerability in Pctools Antivirus 4.4.2.0

PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5536 Pandasecurity
Microsoft
Improper Input Validation vulnerability in Pandasecurity Panda Antivirus 9.0.0.4

Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5535 Norman
Microsoft
Improper Input Validation vulnerability in Norman Antivirus & Antispyware 5.80.02

Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5534 Eset
Microsoft
Improper Input Validation vulnerability in Eset Nod32 Antivirus 3440/3662

ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5533 K7Computing
Microsoft
Improper Input Validation vulnerability in K7Computing Antivirus 7.10.454/7.10.541

K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5532 Ikarus
Microsoft
Improper Input Validation vulnerability in Ikarus Antivirus T3.1.1.34.0/T3.1.1.45.0

Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5531 Fortinet
Microsoft
Improper Input Validation vulnerability in Fortinet Fortiguard Antivirus 3.113.0.0

Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5530 AVG
Ewido
Microsoft
Improper Input Validation vulnerability in multiple products

Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5529 CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
9.3
2008-12-12 CVE-2008-5528 Aladdin
Microsoft
Improper Input Validation vulnerability in Aladdin Esafe 7.0.17.0

Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5527 Eset
Microsoft
Improper Input Validation vulnerability in Eset Smart Security 3.0

ESET Smart Security, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5526 Drweb
Microsoft
Improper Input Validation vulnerability in Drweb Anti-Virus 4.44.0.09170

DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5525 Clamav
Microsoft
Improper Input Validation vulnerability in Clamav 0.93.1/0.94.1

ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5524 Quickheal
Microsoft
Improper Input Validation vulnerability in Quickheal CAT Quickheal 10.00/9.50

CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5523 Avast
Microsoft
Improper Input Validation vulnerability in Avast Antivirus 4.8.1281.0

avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5522 AVG
Microsoft
Improper Input Validation vulnerability in AVG Antivirus 8.0.0.161

AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5521 Free AV
Microsoft
Improper Input Validation vulnerability in Free-Av Antivir 7.8.1.28/7.9.0.36

Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5520 Ahnlab
Microsoft
Improper Input Validation vulnerability in Ahnlab V3 Internet Security 2008.12.4.1/2008.9.13.0

AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.

9.3
2008-12-12 CVE-2008-5495 Gungho Unspecified vulnerability in GungHo LoadPrgAx ActiveX Control

Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control 1.0.0.6 and earlier allows remote attackers to execute arbitrary Java applications via unknown vectors.

9.3
2008-12-12 CVE-2008-5492 Verypdf Buffer Errors vulnerability in Verypdf Verydoc PDF Viewer 2.0.0.1

Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method.

9.3
2008-12-11 CVE-2008-4844 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7

Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.

9.3
2008-12-10 CVE-2008-4841 Microsoft Resource Management Errors vulnerability in Microsoft Wordpad Unknown

The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008.

9.3
2008-12-10 CVE-2008-4837 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."

9.3
2008-12-10 CVE-2008-4266 Microsoft Resource Management Errors vulnerability in Microsoft products

Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer 2003 Gold and SP3; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Excel spreadsheet with a NAME record that contains an invalid index value, which triggers stack corruption, aka "Excel Global Array Memory Corruption Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx Excel Global Array Memory Corruption Vulnerability - CVE-2008-4266 A remote code execution vulnerability exists in Microsoft Office Excel as a result of stack corruption when loading Excel records.

9.3
2008-12-10 CVE-2008-4265 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4265 A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records.

9.3
2008-12-10 CVE-2008-4264 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed formula, which triggers "pointer corruption" during the loading of formulas from this spreadsheet, aka "File Format Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-074.mspx File Format Parsing Vulnerability - CVE-2008-4264 A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas.

9.3
2008-12-10 CVE-2008-4261 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7

Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

9.3
2008-12-10 CVE-2008-4259 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7

Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka "HTML Objects Memory Corruption Vulnerability."

9.3
2008-12-10 CVE-2008-4255 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."

9.3
2008-12-10 CVE-2008-4031 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a malformed string in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability."

9.3
2008-12-10 CVE-2008-4030 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1 allow remote attackers to execute arbitrary code via crafted control words in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and memory corruption, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4028.

9.3
2008-12-10 CVE-2008-4028 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via crafted control words related to multiple Drawing Object tags in (1) an RTF file or (2) a rich text e-mail message, which triggers incorrect memory allocation and a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability," a different vulnerability than CVE-2008-4030.

9.3
2008-12-10 CVE-2008-4027 Microsoft Resource Management Errors vulnerability in Microsoft products

Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted (1) RTF file or (2) rich text e-mail message with multiple consecutive Drawing Object ("\do") tags, which triggers a "memory calculation error" and memory corruption, aka "Word RTF Object Parsing Vulnerability."

9.3
2008-12-10 CVE-2008-4026 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed value, which triggers memory corruption, aka "Word Memory Corruption Vulnerability."

9.3
2008-12-10 CVE-2008-4025 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Outlook 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via (1) an RTF file or (2) a rich text e-mail message containing an invalid number of points for a polyline or polygon, which triggers a heap-based buffer overflow, aka "Word RTF Object Parsing Vulnerability."

9.3
2008-12-10 CVE-2008-4024 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."

9.3
2008-12-10 CVE-2008-3465 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products

Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."

9.3
2008-12-10 CVE-2008-2249 Microsoft Numeric Errors vulnerability in Microsoft products

Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."

9.3
2008-12-10 CVE-2008-5409 Bitdefender
Bullguard
Software602
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, possibly related to included compressed streams that were processed with the ASCIIHexDecode filter.

9.3
2008-12-10 CVE-2008-5406 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime

Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."

9.3
2008-12-10 CVE-2008-5405 Oxid Buffer Errors vulnerability in Oxid Cain and Abel 4.9.23/4.9.24

Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.

9.3
2008-12-09 CVE-2008-5398 TOR Permissions, Privileges, and Access Controls vulnerability in TOR

Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.

9.3
2008-12-09 CVE-2008-5383 National Instruments Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in National Instruments Electronics Workbench

Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file.

9.3
2008-12-09 CVE-2008-5381 Ffdshow Tryout Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffdshow-Tryout Ffdshow

Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL.

9.3
2008-12-09 CVE-2008-4391 Cisco Buffer Errors vulnerability in Cisco Wvc54Gc 1.15

Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long invalid arguments.

9.3
2008-12-08 CVE-2008-5364 NOS Microsystems
Adobe
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in NOS Microsystems Getplus Download Manager

Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx 1.2.2.50 in NOS Microsystems getPlus Download Manager, as used for the Adobe Reader 8.1 installation process and other downloads, allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2008-4817.

9.3
2008-12-10 CVE-2008-5416 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft SQL Server 2000/2005

Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability."

9.0
2008-12-10 CVE-2008-5408 Symantec Buffer Errors vulnerability in Symantec Backup Exec for Windows Server 11D/12.0/12.5

Buffer overflow in the data management protocol in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors.

9.0

28 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-10 CVE-2008-4269 Microsoft Resource Management Errors vulnerability in Microsoft Windows Server 2008 and Windows Vista

The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx Windows Search Parsing Vulnerability - CVE-2008-4269 A remote code execution vulnerability exists in Windows Explorer that allows an attacker to construct a malicious web page that includes a call to the search-ms protocol handler.

8.5
2008-12-10 CVE-2008-4268 Microsoft Resource Management Errors vulnerability in Microsoft Windows Server 2008 and Windows Vista

The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx Windows Saved Search Vulnerability - CVE-2008-4268 A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer.

8.5
2008-12-10 CVE-2008-4260 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7

Microsoft Internet Explorer 7 sometimes attempts to access a deleted object, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Uninitialized Memory Corruption Vulnerability."

8.5
2008-12-10 CVE-2008-4258 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 5.01/6/7

Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly validate parameters during calls to navigation methods, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Parameter Validation Memory Corruption Vulnerability."

8.5
2008-12-10 CVE-2008-4256 Microsoft Resource Management Errors vulnerability in Microsoft products

The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."

8.5
2008-12-10 CVE-2008-4254 Microsoft Numeric Errors vulnerability in Microsoft products

Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."

8.5
2008-12-10 CVE-2008-4253 Microsoft Resource Management Errors vulnerability in Microsoft products

The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."

8.5
2008-12-10 CVE-2008-4252 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."

8.5
2008-12-11 CVE-2008-4418 HP Remote Denial Of Service vulnerability in HP Hp-Ux B.11.11/B.11.23/B.11.31

Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause a denial of service via unknown vectors.

7.8
2008-12-10 CVE-2008-5420 EMC Information Exposure vulnerability in EMC Control Center 5.2/6.0

The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files.

7.8
2008-12-10 CVE-2008-5410 SUN Cryptographic Issues vulnerability in SUN Solaris 10.0

The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions.

7.8
2008-12-09 CVE-2008-4310 Ruby Lang Resource Management Errors vulnerability in Ruby-Lang Ruby 1.8.1/1.8.5

httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request.

7.8
2008-12-12 CVE-2008-5497 Bandsitecms Improper Authentication vulnerability in Bandsitecms Bandsite CMS 1.1.4

BandSite CMS 1.1.4 allows remote attackers to bypass authentication and gain administrative access by setting the login_auth cookie to true.

7.5
2008-12-12 CVE-2008-5496 Pozscripts SQL Injection vulnerability in Pozscripts Business Directory Script

SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

7.5
2008-12-12 CVE-2008-5494 Digitalgreys
Joomla
SQL Injection vulnerability in Digitalgreys COM Contactinfo 1.0

SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2008-12-12 CVE-2008-5493 Phpstore SQL Injection vulnerability in PHPstore Wholesale and Wholesales

SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-12 CVE-2008-5491 Slimcms SQL Injection vulnerability in Slimcms

SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.

7.5
2008-12-12 CVE-2008-5490 Phpstore SQL Injection vulnerability in PHPstore Yahoo Answers

SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-12 CVE-2008-5489 Clip Share SQL Injection vulnerability in Clip-Share Clipshare 4

SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.

7.5
2008-12-12 CVE-2008-5488 E Topbiz SQL Injection vulnerability in E-Topbiz Domain Shop 2

SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter.

7.5
2008-12-12 CVE-2008-5486 Turnkeyforms SQL Injection vulnerability in Turnkeyforms Text Link Sales

SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2008-12-11 CVE-2008-5422 SUN
Novell
Redhat
Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software

Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors.

7.5
2008-12-10 CVE-2008-4032 Microsoft Improper Authentication vulnerability in Microsoft Office Sharepoint Server and Search Server

Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."

7.5
2008-12-08 CVE-2008-5365 Activewebsoftwares SQL Injection vulnerability in Activewebsoftwares Activevotes 2.2

SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.

7.5
2008-12-09 CVE-2008-5397 TOR Permissions, Privileges, and Access Controls vulnerability in TOR

Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.

7.2
2008-12-09 CVE-2008-5396 Asterisk Numeric Errors vulnerability in Asterisk Zaptel 1.2/1.2.27/1.4

Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in Zaptel (aka DAHDI) 1.4.11 and earlier allows local users in the dialout group to overwrite an integer value in kernel memory by writing to /dev/zap/ctl, related to missing validation of the sync field associated with the ZT_SPANCONFIG ioctl.

7.2
2008-12-09 CVE-2008-5394 Debian Link Following vulnerability in Debian Shadow 4.0.18.1

/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.

7.2
2008-12-09 CVE-2008-4917 Vmware Resource Management Errors vulnerability in VMWare products

Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and 6.0.5 and earlier 6.x versions; VMware Player 1.0.8 and earlier, and 2.0.5 and earlier 2.x versions; VMware Server 1.0.9 and earlier; VMware ESXi 3.5; and VMware ESX 3.0.2 through 3.5 allows guest OS users to have an unknown impact by sending the virtual hardware a request that triggers an arbitrary physical-memory write operation, leading to memory corruption.

7.2

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-09 CVE-2008-5386 IBM Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2

Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd daemon is running, allows local users to gain privileges via unspecified vectors.

6.9
2008-12-09 CVE-2008-5385 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/6.1.1/6.1.2

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

6.9
2008-12-09 CVE-2008-5384 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/6.1.1/6.1.2

crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.

6.9
2008-12-08 CVE-2008-5380 Gpsdrive Link Following vulnerability in Gpsdrive 2.09

gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959.

6.9
2008-12-08 CVE-2008-5379 Oliver Gorwits Link Following vulnerability in Oliver Gorwits Netdisco Mibs Installer 1.0

netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/netdisco-mibs-0.6.tar.gz temporary file, related to the (1) netdisco-mibs-install and (2) netdisco-mibs-download scripts.

6.9
2008-12-08 CVE-2008-5378 Lehrstuhl FUR Mikrobiologie Link Following vulnerability in Lehrstuhl FUR Mikrobiologie ARB 0.0.20071207.1

arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.

6.9
2008-12-08 CVE-2008-5377 Apple Link Following vulnerability in Apple Cups 1.3.8

pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.

6.9
2008-12-08 CVE-2008-5376 Crip Link Following vulnerability in Crip 3.7

editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.

6.9
2008-12-08 CVE-2008-5375 Cmus Link Following vulnerability in Cmus 2.2.0

cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.

6.9
2008-12-08 CVE-2008-5374 Matthias Klose Link Following vulnerability in Matthias Klose Bash-Doc 3.2

bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.

6.9
2008-12-08 CVE-2008-5373 Bacula Link Following vulnerability in Bacula 2.4.2

mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.

6.9
2008-12-08 CVE-2008-5372 Jonas Smedegaard Link Following vulnerability in Jonas Smedegaard Sdm-Terminal 0.4.0B

sdm-login in sdm-terminal 0.4.0b allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sdm.autologin.once temporary file.

6.9
2008-12-08 CVE-2008-5371 Marc Gloor Link Following vulnerability in Marc Gloor Screenie 1.30.0

screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.

6.9
2008-12-08 CVE-2008-5370 Pvpgn Link Following vulnerability in Pvpgn 1.8.1

pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.

6.9
2008-12-08 CVE-2008-5369 NO IP Link Following vulnerability in No-Ip No-Ip2 2.1.7

noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/noip2 temporary file.

6.9
2008-12-08 CVE-2008-5368 Lukas RUF Link Following vulnerability in Lukas RUF Muttprint 0.72D

muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.

6.9
2008-12-08 CVE-2008-5367 Marco D Itri Link Following vulnerability in Marco D'Itri Ppp-Udeb 2.4.4

ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.

6.9
2008-12-08 CVE-2008-5366 Marco D Itri Link Following vulnerability in Marco D'Itri PPP 2.4.4

The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.

6.9
2008-12-10 CVE-2008-5400 Mvnforum Cross-Site Request Forgery (CSRF) vulnerability in Mvnforum

Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum before 1.2.1 GA allow remote attackers to (1) create forums, (2) change account privileges, (3) enable accounts, or (4) disable accounts as a product administrator via unspecified vectors, possibly related to HTTP Referer headers.

6.8
2008-12-09 CVE-2008-5382 I O Data Cross-Site Request Forgery (CSRF) vulnerability in I-O Data products

Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors.

6.8
2008-12-11 CVE-2008-5434 Punbb SQL Injection vulnerability in Punbb 1.3/1.3.1

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.

6.5
2008-12-09 CVE-2008-5387 IBM Buffer Errors vulnerability in IBM AIX 6.1/6.1.1/6.1.2

Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when Role-Based Access Control is enabled, allows local users with aix.network.config.tcpip authorization to gain privileges via unspecified vectors.

6.2
2008-12-10 CVE-2008-5418 Justin ROY
Punbb
Path Traversal vulnerability in Justin ROY Punportal Module 1.0

Directory traversal vulnerability in login.php in the PunPortal module before 2.0 for PunBB allows remote attackers to include and execute arbitrary local files via a ..

5.1
2008-12-12 CVE-2008-5549 SUN Permissions, Privileges, and Access Controls vulnerability in SUN Java System Portal Server 7.1/7.2

Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet."

5.0
2008-12-11 CVE-2008-5431 5E5 Improper Input Validation vulnerability in 5E5 Teamtek Universal FTP Server 1.0.44/1.0.50

Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command.

5.0
2008-12-11 CVE-2008-5421 Netwin Resource Management Errors vulnerability in Netwin Smsgate

The SSL web administration service in NetWin SmsGate 1.1n and earlier allows remote attackers to cause a denial of service (hang) via (1) a large integer in the Content-Length HTTP header; (2) an invalid value in the Content-Length HTTP header, as demonstrated by a negative integer; or (3) a missing Content-Length HTTP header.

5.0
2008-12-11 CVE-2006-7235 5E5 Improper Input Validation vulnerability in 5E5 Teamtek Universal FTP Server 1.0.44/1.0.50

Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a '*' argument, (3) a '|' argument, (4) spaces, or (5) a long string.

5.0
2008-12-10 CVE-2008-5413 IBM Information Exposure vulnerability in IBM Websphere Application Server

PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files.

5.0
2008-12-10 CVE-2008-5411 IBM Cryptographic Issues vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

5.0
2008-12-09 CVE-2008-5395 HP
Linux
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains userspace addresses.

4.9
2008-12-09 CVE-2008-5079 Linux Resource Management Errors vulnerability in Linux Kernel

net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and earlier allows local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.

4.9
2008-12-10 CVE-2008-4311 Freedesktop Configuration vulnerability in Freedesktop Dbus

The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.

4.6
2008-12-13 CVE-2008-5430 Mozilla Resource Management Errors vulnerability in Mozilla Thunderbird 2.0.0.14

Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-12 CVE-2008-5556 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8

** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content.

4.3
2008-12-12 CVE-2008-5555 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8

Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."

4.3
2008-12-12 CVE-2008-5554 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers.

4.3
2008-12-12 CVE-2008-5553 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence.

4.3
2008-12-12 CVE-2008-5552 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value.

4.3
2008-12-12 CVE-2008-5551 Microsoft Cross-Site Scripting vulnerability in Microsoft Internet Explorer 8

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."

4.3
2008-12-12 CVE-2008-5550 SUN URI Redirection vulnerability in SUN Java web Console, Solaris and Sunos

Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.

4.3
2008-12-12 CVE-2008-5487 Turnkeyforms Cross-Site Scripting vulnerability in Turnkeyforms Text Link Sales

Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2008-12-11 CVE-2008-5435 Punbb Cross-Site Scripting vulnerability in Punbb

Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.

4.3
2008-12-11 CVE-2008-5433 Punbb Cross-Site Scripting vulnerability in Punbb 1.3/1.3.1

Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.

4.3
2008-12-11 CVE-2008-5432 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

4.3
2008-12-11 CVE-2008-5429 Incredimail Resource Management Errors vulnerability in Incredimail 5.85

Incredimail build 5853710 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-11 CVE-2008-5428 Opera
Microsoft
Resource Management Errors vulnerability in Opera 9.51

Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-11 CVE-2008-5427 Symantec Resource Management Errors vulnerability in Symantec Norton Internet Security 2008 15.5.0.23

Norton Antivirus in Norton Internet Security 15.5.0.23 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-11 CVE-2008-5426 Kaspersky LAB Resource Management Errors vulnerability in Kaspersky LAB Kaspersky Internet Security Suite 2009

Kaspersky Internet Security Suite 2009 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-11 CVE-2008-5425 Eset Resource Management Errors vulnerability in Eset Nod32 Antivirus 2.70.0039.0000

ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-11 CVE-2008-5424 Microsoft Resource Management Errors vulnerability in Microsoft Outlook Express 6.00.2900.5512

The MimeOleClearDirtyTree function in InetComm.dll in Microsoft Outlook Express 6.00.2900.5512 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which allows remote attackers to cause a denial of service (infinite loop) via a large e-mail message, a related issue to CVE-2006-1173.

4.3
2008-12-11 CVE-2008-5423 SUN
Novell
Redhat
Information Exposure vulnerability in SUN RAY Server Software and RAY Windows Connector

Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector.

4.3
2008-12-10 CVE-2008-5399 Mvnforum Cross-Site Scripting vulnerability in Mvnforum 1.0.0/1.0.2./1.1

Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

4.3
2008-12-10 CVE-2008-5304 Twiki Cross-Site Scripting vulnerability in Twiki

Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.

4.3
2008-12-09 CVE-2008-5277 Powerdns Configuration vulnerability in Powerdns

PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.

4.3
2008-12-08 CVE-2008-5363 Adobe Resource Management Errors vulnerability in Adobe AIR and Flash Player

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not validate character elements during retrieval from the dictionary data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF file.

4.3
2008-12-08 CVE-2008-5362 Adobe Improper Input Validation vulnerability in Adobe AIR and Flash Player

The DefineConstantPool action in the ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, accepts an untrusted input value for a "constant count," which allows remote attackers to read sensitive data from process memory via a crafted PDF file.

4.3
2008-12-08 CVE-2008-5361 Adobe Resource Management Errors vulnerability in Adobe AIR and Flash Player

The ActionScript 2 virtual machine in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0, and Adobe AIR before 1.5, does not verify a member element's size when performing (1) DefineConstantPool, (2) ActionJump, (3) ActionPush, (4) ActionTry, and unspecified other actions, which allows remote attackers to read sensitive data from process memory via a crafted PDF file.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2008-12-10 CVE-2008-5417 HP Permissions, Privileges, and Access Controls vulnerability in HP Decnet Plus for Openvms 8.3

HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses world-writable permissions for the OSIT$NAMES logical name table, which allows local users to bypass intended access restrictions and modify this table via the (1) SYS$CRELNM and (2) SYS$DELLNM system services.

2.1