jetlib.sec » Tags » zero-day

Feeds

133445 items (0 unread) in 27 feeds

• 1337day (was: Inj3ct0r, 1337db)
• OSVDB Vulnerabilities
• Exploit-DB
• SecurityFocus Vulnerabilities
• Bugtraq
• Full Disclosure
• XSSed
• Packet Storm Security Headlines
• Packet Storm Security Advisories
• Packet Storm Security Exploits
• Packet Storm Security Recent Files
• Packet Storm Security Tools
• Packet Storm Security Misc. Files
• Sophos security news
• Sophos product advisories
• Penetration Testing
• SecuriTeam
• BackTrack Linux Forums
• Threatpost
• SecDocs
• carnal0wnage.attackresearch.com
• Carnal0wnage
• Kernel Fun
• Darknet
• The Exploitant
• Hack a Day
• Wirevolution

805 items tagged "zero day"

Related tags: webkit [+], target system [+], provisioning services [+], internet explorer user [+], file [+], directory traversal [+], arbitrary files [+], apple quicktime player [+], adobe [+], code [+], initiative [+], stack buffer [+], sample [+], quicktime player [+], packet [+], microsoft office 2007 [+], manager. authentication [+], internet explorer [+], integer overflow [+], h 264 [+], dom [+], attackers [+], arbitrary code execution [+], adobe flash player [+], vulnerability [+], reader [+], novell zenworks [+], application [+], code execution [+], x. user [+], web studio [+], web interface [+], vxsvc [+], virtual pointer [+], virtual method [+], video file [+], uri [+], uninitialized data [+], type safety [+], tcp ports [+], stack allocation [+], server authentication [+], s system [+], rv10 [+], process [+], png format [+], packet type [+], packet size [+], oracle java [+], operands [+], op code [+], number of bytes [+], null byte [+], novell iprint [+], multipart form data [+], movie file [+], mode design [+], microsoft office word [+], microsoft [+], memory regions [+], memory copy [+], memory access [+], management web [+], malicious attacker [+], low [+], license server [+], libtiff [+], jpeg2000 [+], internet explorer 8 [+], internet [+], integrity [+], incoming connections [+], image [+], html time [+], heap memory [+], heap corruption [+], glyphs [+], foundation administrator [+], flc delta [+], explorer [+], exe component [+], error [+], element properties [+], element [+], driver [+], dom trees [+], dom tree [+], disk loading [+], desktop protocol [+], control string [+], cisco webex [+], cache [+], buffer [+], autostart [+], authentication request [+], atom [+], arbitrary path [+], application database [+], appendchild [+], adobe reader [+], adobe image [+], voice over ip software [+], username parameter [+], software vulnerabilities [+], read [+], memory address [+], level [+], kernel level [+], javascript [+], java [+], exploitation [+], darknet [+], Skype [+], Countermeasures [+], arbitrary code [+], apple quicktime [+], tcp port 80 [+], zero [+], year [+], web [+], tom parker tags [+], threat [+], session attacks [+], security event [+], securing web applications [+], seals [+], proactive measure [+], patch [+], old [+], network packets [+], nation [+], matthew g. devost [+], image utility [+], hacker [+], games [+], exploits [+], era [+], dns servers [+], critical information systems [+], bumper crop [+], building [+], bug [+], beast [+], based buffer overflow [+], authoritative action [+], asp [+], arian evans [+], announces [+], ExploitsVulnerabilities [+], service [+], data protector [+], day [+], target [+], buffer overflow [+], memory corruption [+], apple safari [+], zend, zdi, xul, xslt transformation, xml tag, xml soap, xml document, workaround, windows, window handle, width values, when performing arithmetic, warns, vulnerable version, vtable, virtual pc, video samples, value, username field, user, use, url, uploading files, upload image, upload, updaters, update, uninitialized pointer, unexpected manner, unc path, txt, trent micro, tree, transformation, tracks, tool, tomcat servlets, tomcat server, tivoli storage manager, tivoli endpoint, time parameter, time, text element, teaming, tcp port, table, system clipboard, system, symantec web, svg documents, sun java runtime, sun, style, stuxnet, structure, string length, string copy, string, steve jobs, sql statements, sort function, soap request, size argument, shockwave user, shellexecute, shape data, set, servlet, server, selection range, selection, segment, secure path, second, sco openserver, sanity check, sandbox, san, samba, s child, rootkit, root, researchers, request packet, reporter engine, reporter agent, replication manager, remote management, remote, referenced data, reference, recalculation, realplayer user, reader application, reader acrobat, rational, quality manager, qtx, protection tool, powerpoint user, port 524, port 443, polygon objects, pointer value, pointer, plugin, php interpreter, perl interpreter, performance monitor, performance, pdf, patches, parent node, panoramic images, page, packet data, oracle user, oracle, opcode, office excel, office art, office, object element, novell zenworks asset management, novell netware, novell groupwise, novell edirectory, novell, node, network node manager, netstorage, navigator plugins, multiple message, mozilla, mitigation, mimetype, microsoft windows system, microsoft visio, microsoft office user, microsoft office powerpoint, micro control, meta, memory operation, memory allocation, memcpy, matrix structure, manager. user, manager client, management, malicious website, malicious code, malformed requests, mail messages, mac os x, mac os, lotus notes user, lotus domino, lotus, login request, library user, library, layout operations, java user, java runtime environment, java plugin, java code, jar file, jar, iphone, ipad, invalid pointer, internet security suite, intelligent management, insufficient checks, insight web, insight, input validation, initialization routine, index, imap, imailsrv, ieceo, icc, hp network, hole, heap allocation, header type, hacks, great reputation, google, giop, french company, free tool, free reference, format strings, font resources, flv file format, flv, flaw, flash player, flash, fix, firefox, find, faulty code, fastback, fast, execution, exe, excel user, event, escapes, email attachment, email, edirectory, domino, document object model, document, dll module, directory traversal vulnerability, directory, detailreportgroup, destination buffer, default web server, database, data, dangling pointer, css style, critical flaws, criminals, cpp, conversion, control replication, control, context, container, component manager, component, communication protocol, command line arguments, color profiles, code path, clipboard, client config, client authentication, client, clash, ciscoworks, cisco ciscoworks, child index, child elements, character conversion, cgi parameters, cff, cdda, cache size, byte values, byte value, bugtraq, buffer overflows, browser helper, browser, borland interbase, block, bit, avi file, avi, autorun, authentication protocol, authentication, attacker, attack, aspx page, ascii string, art, array object, array data, array, arithmetic, arbitrary objects, applet, apple webkit, apple preview, apple, and, allocation, alert management, advanced audio coding, adobe shockwave player, adobe download manager, adobe block, activex plugin, activex control, acrobat reader user, ace, General, Discussion, Bugs, 3d objects

• April 11, 2012
• 7:33

  Microsoft Seals Up Windows Zero-Day Flaw In April Patch Tuesday

   » ‎ Packet Storm Security Headlines
  Microsoft Seals Up Windows Zero-Day Flaw In April Patch Tuesday

  Tags:  zero-day seals microsoft  

• April 09, 2012
• 21:31

  Zero Day Initiative Advisory 12-059

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.

  Tags:  day zero initiative code-execution zero-day arbitrary-code  

• 21:31

  Zero Day Initiative Advisory 12-059

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.

  Tags:  day zero initiative code-execution zero-day arbitrary-code  

• 21:31

  Zero Day Initiative Advisory 12-059

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-059 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. An attacker can leverage this behavior to gain remote code execution under the context of the current process.

  Tags:  day zero initiative code-execution zero-day arbitrary-code  

• 21:31

  Zero Day Initiative Advisory 12-058

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.

  Tags:  day zero application png-format code-execution zero-day  

• 21:31

  Zero Day Initiative Advisory 12-058

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.

  Tags:  day zero application png-format code-execution zero-day  

• 21:31

  Zero Day Initiative Advisory 12-058

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-058 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AppleQuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw occurs when the application allocates space for decoding a video sample encoded with the .png format. When calculating space for this surface, the application will explicitly trust the bit-depth within the MediaVideo header. During the decoding process, the application will write outside the surface's boundaries. This can be leveraged to allow for one to earn code execution under the context of the application.

  Tags:  day zero application png-format code-execution zero-day  

• 21:30

  Zero Day Initiative Advisory 12-057

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-057 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  day zero initiative adobe-flash-player code-execution zero-day  

• 21:30

  Zero Day Initiative Advisory 12-057

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-057 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  day zero initiative adobe-flash-player code-execution zero-day  

• 21:30

  Zero Day Initiative Advisory 12-057

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-057 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Flash Player handles the update of a NetStream object via the appendBytes method which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process.

  Tags:  day zero initiative adobe-flash-player code-execution zero-day  

• 21:13

  Zero Day Initiative Advisory 12-056

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-056 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user running the browser.

  Tags:  day zero initiative code-execution memory-access zero-day  

• 21:13

  Zero Day Initiative Advisory 12-056

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-056 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user running the browser.

  Tags:  day zero initiative code-execution memory-access zero-day  

• 21:13

  Zero Day Initiative Advisory 12-056

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-056 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. By abusing this behavior an attacker can ensure this memory is under control and leverage the situation to achieve remote code execution under the context of the user running the browser.

  Tags:  day zero initiative code-execution memory-access zero-day  

• 20:39

  Zero Day Initiative Advisory 12-055

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability element-properties zero-day arbitrary-code  

• 20:39

  Zero Day Initiative Advisory 12-055

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability element-properties zero-day arbitrary-code  

• 20:39

  Zero Day Initiative Advisory 12-055

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability element-properties zero-day arbitrary-code  

• April 06, 2012
• 19:09

  MS11-046 - Dissecting A 0-Day

   » ‎ Packet Storm Security Recent Files
  This whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is "MS11-046: Vulnerability in Windows AFD.sys" which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires.

  Tags:  day vulnerability level kernel-level memory-address zero-day  

• 19:09

  MS11-046 - Dissecting A 0-Day

   » ‎ Packet Storm Security Misc. Files
  This whitepaper takes a closer look at a zero day attack that performs a privilege escalation to run commands in the system, which normally would be restricted because of the access level of the logged in user account. The particular vulnerability used in this case is "MS11-046: Vulnerability in Windows AFD.sys" which is a kernel level arbitrary memory overwrite, that is, the attacker can replace the content of that particular memory address with any value that he desires.

  Tags:  day vulnerability level kernel-level memory-address zero-day  

• March 15, 2012
• 19:56

  Zero Day Initiative Advisory 12-044

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.

  Tags:  day zero driver virtual-pointer desktop-protocol zero-day  

• 19:56

  Zero Day Initiative Advisory 12-044

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.

  Tags:  day zero driver virtual-pointer desktop-protocol zero-day  

• 19:56

  Zero Day Initiative Advisory 12-044

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-044 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft's Remote Desktop Protocol. Authentication is not required to exploit this vulnerability. The specific flaw exists during handling of an error while loading elements into an array. This condition can cause the driver to abort a connection and part of the logic of the abort is to free an object associated with it. This will actually occur twice when each of channels are disconnected. The second time this object is freed, the driver will fetch a virtual pointer from the freed object and call it. This can lead to code execution under the context of the driver.

  Tags:  day zero driver virtual-pointer desktop-protocol zero-day  

• February 22, 2012
• 21:13

  Zero Day Initiative Advisory 12-035

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

  Tags:  internet-explorer-user html-time zero-day  

• 21:13

  Zero Day Initiative Advisory 12-035

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

  Tags:  day zero initiative internet-explorer-user html-time zero-day  

• 21:13

  Zero Day Initiative Advisory 12-035

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required in that a target must visit a malicious page or open a malicious file. The flaw exists within MSHTML, specifically the handling of an HTML time t:MEDIA element. A t:MEDIA element can be manipulated such that when the page is refreshed a reference to a freed CDispNode object remains allowing the repurpose of this region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.

  Tags:  day zero initiative internet-explorer-user html-time zero-day  

• 20:56

  Zero Day Initiative Advisory 12-033

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-033 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB WebWare. Authentication is not required to exploit this vulnerability. The specific flaw exists within RobNetScanHost.exe and its parsing of network packets accepted on port 5512. The parsing of 'Netscan' packets with opcodes 0xE and 0xA are vulnerable to a stack-based buffer overflow with a fixed allocation of 20 bytes. This vulnerability can be exploited to execute arbitrary code in the context of the service process (LocalSystem).

  Tags:  day zero vulnerability based-buffer-overflow zero-day network-packets  

• 20:47

  Zero Day Initiative Advisory 12-032

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle's Java Runtime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses structures for a specific tag descriptor with a specific ICC color profile. When handling a field from this structure, the application will incorrectly check for signedness and then perform an operation on it. This will then get passed to an allocation. Immediately following this, the application will use a different size to initialize the allocation. This can lead to a controllable memory corruption which can be leveraged to achieve code execution under the context of the application.

  Tags:  day zero application memory-corruption code-execution zero-day  

• February 08, 2012
• 14:42

  Zero Day Initiative Advisory 12-030

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

  Tags:  day zero initiative memory-regions zero-day arbitrary-code  

• 14:42

  Zero Day Initiative Advisory 12-030

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

  Tags:  memory-regions zero-day arbitrary-code  

• 14:42

  Zero Day Initiative Advisory 12-030

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-030 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to TestCompatibilityRecordMode() which allows a remote attacker to reliably corrupt controlled memory regions. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

  Tags:  day zero initiative memory-regions zero-day arbitrary-code  

• 14:28

  Zero Day Initiative Advisory 12-029

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

  Tags:  day zero initiative zero-day arbitrary-code target  

• 14:28

  Zero Day Initiative Advisory 12-029

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

  Tags:  day zero initiative zero-day arbitrary-code target  

• 14:28

  Zero Day Initiative Advisory 12-029

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-029 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Rational Rhapsody. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within BB FlashBack Recorder.dll. Uninitialized pointers may be passed as arguments to InsertMarker() which in turn can allow an attacker to corrupt memory in a controlled fashion. This behavior can be exploited to remotely execute arbitrary code in the context of the user running the browser.

  Tags:  day zero initiative zero-day arbitrary-code target  

• 13:48

  Zero Day Initiative Advisory 12-027

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.

  Tags:  day zero file target-system arbitrary-path zero-day  

• 13:48

  Zero Day Initiative Advisory 12-027

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.

  Tags:  day zero file target-system arbitrary-path zero-day  

• 13:48

  Zero Day Initiative Advisory 12-027

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-027 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the SaveDoc function exposed by the VsVIEW6.ocx ActiveX control. The SaveDoc function causes a file to be created at an arbitrary path specified by the first argument (FileName). The file contents can be controlled by first setting the 'Text' member of the object. These behaviors can be exploited by a remote attacker to execute arbitrary code on the target system.

  Tags:  day zero file target-system arbitrary-path zero-day  

• 13:36

  Zero Day Initiative Advisory 12-023

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.

  Tags:  day zero service tcp-ports zero-day management-web  

• 13:36

  Zero Day Initiative Advisory 12-023

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.

  Tags:  day zero service tcp-ports zero-day management-web  

• 13:36

  Zero Day Initiative Advisory 12-023

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-023 - This vulnerability allows attackers to remotely obtain domain credentials on vulnerable installations of CA Total Defense Suite UNC Management Web Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within the App_Code.dll service listening by default on TCP ports 34444 and 34443 (SSL). The service allows a remote client to request encrypted domain credentials without authentication. The encryption lacks a salt allowing an attacker with a local installation of CA Total Defense Suite UNC Management Web Service to easily decrypt the credentials.

  Tags:  tcp-ports zero-day management-web  

• February 07, 2012
• 10:34

  At Last – Adobe Launches Sandboxed Flash Player For Firefox

   » ‎ Darknet
  Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash - - Hackers Exploiting Latest Adobe Flash Bug On Large Scale - Adobe Patches Latest Flash Zero Day Vulnerability - Adobe Promises [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  proactive-measure zero-day darknet Countermeasures  

• January 30, 2012
• 21:22

  Zero Day Initiative Advisory 12-019

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.

  Tags:  target-system control-string zero-day  

• 21:22

  Zero Day Initiative Advisory 12-019

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.

  Tags:  day zero initiative target-system control-string zero-day  

• 21:22

  Zero Day Initiative Advisory 12-019

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-019 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM SPSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within SetLicenseInfoEx() method exposed by the mraboutb.dll ActiveX Control. String data supplied to the first parameter (strInstallDir) of SetLicenseInfoEx() is copied into a 256 byte global buffer without first checking the string length. This overflow can be exploited to remotely execute arbitrary code on the target system.

  Tags:  day zero initiative target-system control-string zero-day  

• January 25, 2012
• 15:20

  Zero Day Initiative Advisory 12-018

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

  Tags:  day zero vulnerability authentication-request zero-day incoming-connections  

• 15:20

  Zero Day Initiative Advisory 12-018

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

  Tags:  day zero vulnerability authentication-request zero-day incoming-connections  

• 15:20

  Zero Day Initiative Advisory 12-018

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-018 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec PCAnywhere. Authentication is not required to exploit this vulnerability. The flaw exists within the awhost32 component which is used when handling incoming connections. This process listens on TCP port 5631. When handling an authentication request the process copies the user supplied username unsafely to a fixed-length buffer of size 0x108. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account.

  Tags:  day zero vulnerability authentication-request zero-day incoming-connections  

• January 18, 2012
• 21:49

  [Slides] The Era of a Zero-Day Nation-State: Characterising the real threats to our nation’s critical information systems

   » ‎ SecDocs
  Authors: Matthew G. Devost Tom Parker
  Tags: security
  Event: Black Hat Federal 2006
  

  Tags:  zero nation era tom-parker-tags matthew-g.-devost critical-information-systems zero-day security-event  

• January 12, 2012
• 18:41

  Zero Day Initiative Advisory 12-015

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.

  Tags:  day zero initiative uri tcp-port-80 zero-day web-interface  

• 18:41

  Zero Day Initiative Advisory 12-015

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.

  Tags:  day zero initiative uri tcp-port-80 zero-day web-interface  

• 18:41

  Zero Day Initiative Advisory 12-015

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-015 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw that can allow a remote attacker to view any file on the system by simply specifying it in the default URI. Additionally, the password file contains a default login that can be used to authenticate to the device. This can be leveraged by a remote attacker to perform any tasks an administrator is able to.

  Tags:  day zero initiative uri tcp-port-80 zero-day web-interface  

• 18:33

  Zero Day Initiative Advisory 12-014

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.

  Tags:  day zero vulnerability heap-corruption zero-day internet-explorer  

• 18:33

  Zero Day Initiative Advisory 12-014

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.

  Tags:  day zero vulnerability heap-corruption zero-day internet-explorer  

• 18:33

  Zero Day Initiative Advisory 12-014

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-014 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor ActiveX control (CLSID: {466576F3-19B6-4FF1-BD48-3E0E1BFB96E9}). By passing an overlong string to the LoadXML() method it is possible to trigger a heap corruption vulnerability. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected machine under the context of the user running the Internet Explorer process.

  Tags:  day zero vulnerability heap-corruption zero-day internet-explorer  

• 17:56

  Zero Day Initiative Advisory 12-012

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.

  Tags:  day zero initiative malicious-attacker zero-day target  

• 17:56

  Zero Day Initiative Advisory 12-012

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.

  Tags:  day zero initiative malicious-attacker zero-day target  

• 17:56

  Zero Day Initiative Advisory 12-012

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-012 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of McAfee Security-as-a-Service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaws exists within myCIOScn.dll. MyCioScan.Scan.ShowReport() will accept commands that are passed to a function that simply executes them without authentication. This can be leveraged by a malicious attacker to execute arbitrary code within the context of the browser.

  Tags:  day zero initiative malicious-attacker zero-day target  

• January 10, 2012
• 23:29

  Zero Day Initiative Advisory 12-010

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

  Tags:  stack-buffer provisioning-services zero-day  

• 23:29

  Zero Day Initiative Advisory 12-010

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

  Tags:  stack-buffer provisioning-services zero-day  

• 23:29

  Zero Day Initiative Advisory 12-010

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-010 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020006 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero vulnerability stack-buffer provisioning-services zero-day  

• 23:17

  Zero Day Initiative Advisory 12-009

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero vulnerability stack-buffer provisioning-services zero-day  

• 23:17

  Zero Day Initiative Advisory 12-009

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

  Tags:  stack-buffer provisioning-services zero-day  

• 23:17

  Zero Day Initiative Advisory 12-009

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-09 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The flaw exists within the streamprocess.exe component. This process listens on UDP port 6905. When handling a request type 0x40020000 the process uses the user supplied length in an attempted bounds check before copying to a local stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero vulnerability stack-buffer provisioning-services zero-day  

• 5:13

  Zero Day Initiative Advisory 12-008

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-08 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

  Tags:  exe-component provisioning-services zero-day  

• 5:13

  Zero Day Initiative Advisory 12-008

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-08 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

  Tags:  day zero vulnerability exe-component provisioning-services zero-day  

• 5:13

  Zero Day Initiative Advisory 12-008

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-08 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Citrix Provisioning Services. Authentication is not required to exploit this vulnerability. The specific flaw exists within the streamprocess.exe component which listens for UDP traffic on multiple ports, beginning with 6905. When handling a packet which requests a vDisk name, the user-supplied length value is not properly validated. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

  Tags:  day zero vulnerability exe-component provisioning-services zero-day  

• January 05, 2012
• 16:06

  Zero Day Initiative Advisory 12-004

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.

  Tags:  day zero initiative apple-quicktime zero-day jpeg2000  

• 16:06

  Zero Day Initiative Advisory 12-004

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.

  Tags:  day zero initiative apple-quicktime zero-day jpeg2000  

• 16:06

  Zero Day Initiative Advisory 12-004

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-04 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the JP2Deco component which is used when handling an mjp2 sample. This sample format (JPEG2000) has a required COD marker segment (0xff52) followed by a COD length value. When extracting the contents of this section the application subtracts from this length before passing it into a call to memcpy. A remote attacker can exploit this error to execute arbitrary code under the context of the user.

  Tags:  day zero initiative apple-quicktime zero-day jpeg2000  

• 15:53

  Zero Day Initiative Advisory 12-001

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 12-01 - This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability.

  Tags:  day zero initiative zero-day application-database arbitrary-files  

• 15:53

  Zero Day Initiative Advisory 12-001

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 12-01 - This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability.

  Tags:  day zero initiative zero-day application-database arbitrary-files  

• 15:53

  Zero Day Initiative Advisory 12-001

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 12-01 - This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability.

  Tags:  day zero initiative zero-day application-database arbitrary-files  

• December 29, 2011
• 6:52

  Microsoft Announces ASP.NET Zero-Day Vuln

   » ‎ Packet Storm Security Headlines
  Microsoft Announces ASP.NET Zero-Day Vuln

  Tags:  microsoft announces asp zero-day  

• December 26, 2011
• 21:34

  [Slides] Building Zero-Day Self-Defending Web Applications: Enforcing Authoritative Action to Stop Session Attacks

   » ‎ SecDocs
  Authors: Arian Evans
  Tags: web application
  Event: Black Hat EU 2005
  

  Tags:  zero building web arian-evans session-attacks authoritative-action zero-day  

• December 22, 2011
• 11:56

  Zero Day Initiative Advisory 11-354

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

  Tags:  zero-day directory-traversal arbitrary-files  

• 11:56

  Zero Day Initiative Advisory 11-354

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

  Tags:  day zero initiative zero-day directory-traversal arbitrary-files  

• 11:56

  Zero Day Initiative Advisory 11-354

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-354 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to \Inetpub\wwwroot\hpmpa\jobDelivery\Default.asp to remotely create arbitrary files.

  Tags:  day zero initiative zero-day directory-traversal arbitrary-files  

• 11:43

  Zero Day Initiative Advisory 11-353

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

  Tags:  day zero initiative stack-allocation zero-day multipart-form-data  

• 11:43

  Zero Day Initiative Advisory 11-353

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

  Tags:  day zero initiative stack-allocation zero-day multipart-form-data  

• 11:43

  Zero Day Initiative Advisory 11-353

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-353 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPAUploader.dll file. An extended length string can be passed into scripts within the management website on port 80 (the 'uploadfile' multipart form data 'filename' parameter in Default.asp) and ultimately to MPAUploader.dll. As a static stack allocation is used to store the buffer and the string length is not handled properly, a remote attacker may overwrite the stack and ultimately execute remote code.

  Tags:  day zero initiative stack-allocation zero-day multipart-form-data  

• 11:42

  Zero Day Initiative Advisory 11-352

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.

  Tags:  day zero initiative zero-day directory-traversal arbitrary-files  

• 11:42

  Zero Day Initiative Advisory 11-352

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.

  Tags:  day zero initiative zero-day directory-traversal arbitrary-files  

• 11:42

  Zero Day Initiative Advisory 11-352

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-352 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. There multiple classes of flaws within this product including arbitrary file creation, null char truncation and directory traversal. Null injection and directory traversal can be used in the form data passed to MPAUploader.Uploader.1.UploadFiles() to remotely create arbitrary files.

  Tags:  day zero initiative zero-day directory-traversal arbitrary-files  

• 11:31

  Zero Day Initiative Advisory 11-351

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).

  Tags:  code packet service op-code zero-day packet-size  

• 11:31

  Zero Day Initiative Advisory 11-351

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).

  Tags:  code packet service op-code zero-day packet-size  

• 11:31

  Zero Day Initiative Advisory 11-351

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-351 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wellintek KingView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code inside nettransdll.dll. The parent service is called HistoryServer.exe and listens on port 777. When a packet with op-code 3 is received, the service allocates memory from the heap based on the 10th and 11th bytes of the packet (element count). Packet data is then copied into the allocated buffer based on the first two bytes of the packet (packet size). These values can be manipulated to create a heap overflow and and attacker can exploit this to remotely execute arbitrary code in the context of the service (Local System).

  Tags:  code packet service op-code zero-day packet-size  

• December 15, 2011
• 0:41

  No BEAST Fix From Microsoft In December Patch Tuesday – But They Fixed Duqu Bug

   » ‎ Darknet
  It looks like Microsoft originally had a patch for the BEAST vulnerability, but for some reason they have withdrawn it for the December Patch Tuesday. It’s a pretty bumper crop of patches though with 13 bulletins and 19 vulnerabilities fixed, the highest profile one being a patch for the zero-day vulnerability exploited by Duqu. The [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  patch microsoft beast read bumper-crop zero-day darknet Countermeasures  

• December 13, 2011
• 18:32

  Zero Day Initiative Advisory 11-347

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-347 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. When parsing this property, the application will incorrectly free it. If the application attempts to render the object, a use-after-free condition can be made to occur. This can lead to code execution under the context of the application.

  Tags:  day zero application microsoft-office-word zero-day target  

• 18:32

  Zero Day Initiative Advisory 11-347

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-347 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. When parsing this property, the application will incorrectly free it. If the application attempts to render the object, a use-after-free condition can be made to occur. This can lead to code execution under the context of the application.

  Tags:  day zero application microsoft-office-word zero-day target  

• 18:32

  Zero Day Initiative Advisory 11-347

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-347 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word 2007/2010. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application handles a border containing a specific property. When parsing this property, the application will incorrectly free it. If the application attempts to render the object, a use-after-free condition can be made to occur. This can lead to code execution under the context of the application.

  Tags:  day zero application microsoft-office-word zero-day target  

• 18:32

  Zero Day Initiative Advisory 11-346

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption microsoft-office-2007 zero-day  

• 18:32

  Zero Day Initiative Advisory 11-346

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption microsoft-office-2007 zero-day  

• 18:32

  Zero Day Initiative Advisory 11-346

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption microsoft-office-2007 zero-day  

• 14:29

  Zero Day Initiative Advisory 11-346

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption microsoft-office-2007 zero-day  

• 14:29

  Zero Day Initiative Advisory 11-346

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption microsoft-office-2007 zero-day  

• 14:29

  Zero Day Initiative Advisory 11-346

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-346 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office 2007. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application processes a shape record hierarchy. Due to the application not properly checking the types of elements within containers, the application will incorrectly modify a property of the object. This modification can be used to cause memory corruption of the type which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption microsoft-office-2007 zero-day  

• December 07, 2011
• 19:59

  Zero Day Initiative Advisory 11-341

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-341 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within atdl2006.dll. The vulnerability is caused by lack of validation when parsing WRF files. A specially crafted WRF file will cause the application to incorrectly push a size value to a memcpy, allowing for corruption of heap memory. An attacker can leverage this vulnerability to execute arbitrary code on the target system under the context of the current user.

  Tags:  day zero vulnerability cisco-webex heap-memory target-system zero-day  

• 19:59

  Zero Day Initiative Advisory 11-341

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-341 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within atdl2006.dll. The vulnerability is caused by lack of validation when parsing WRF files. A specially crafted WRF file will cause the application to incorrectly push a size value to a memcpy, allowing for corruption of heap memory. An attacker can leverage this vulnerability to execute arbitrary code on the target system under the context of the current user.

  Tags:  day zero vulnerability cisco-webex heap-memory target-system zero-day  

• 19:59

  Zero Day Initiative Advisory 11-341

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-341 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco WebEx Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within atdl2006.dll. The vulnerability is caused by lack of validation when parsing WRF files. A specially crafted WRF file will cause the application to incorrectly push a size value to a memcpy, allowing for corruption of heap memory. An attacker can leverage this vulnerability to execute arbitrary code on the target system under the context of the current user.

  Tags:  day zero vulnerability cisco-webex heap-memory target-system zero-day  

• November 28, 2011
• 16:20

  Zero Day Initiative Advisory 11-338

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  zero file application zero-day arbitrary-code target  

• 16:20

  Zero Day Initiative Advisory 11-338

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  zero file application zero-day arbitrary-code target  

• 16:20

  Zero Day Initiative Advisory 11-338

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-338 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a header defined within a .ivr file. When parsing this header the application will explicitly trust a 16-bit value denoting an size and use it for performing an allocation. The code then uses a different value in the file to populate the buffer. Due to the difference in values used for allocation and the copy, this can be used to overwrite data outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  zero file application zero-day arbitrary-code target  

• 16:19

  Zero Day Initiative Advisory 11-337

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-337 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.

  Tags:  sample zero application memory-corruption code-execution zero-day  

• 16:19

  Zero Day Initiative Advisory 11-337

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-337 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.

  Tags:  sample zero application memory-corruption code-execution zero-day  

• 16:19

  Zero Day Initiative Advisory 11-337

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-337 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses sample data encoded with the RV30 codec. When parsing this sample data, the application will make an allocation and then fail to completely initialize the buffer. During decoding of the sample data, the application will explicitly trust an index from the partially filled buffer and then use that to calculate an address to write to. This can lead to memory corruption which can be converted into code execution under the context of the application.

  Tags:  sample zero application memory-corruption code-execution zero-day  

• 16:15

  Zero Day Initiative Advisory 11-336

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-336 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. This can lead to code execution under the context of the application.

  Tags:  day zero initiative virtual-method zero-day video-file  

• 16:15

  Zero Day Initiative Advisory 11-336

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-336 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. This can lead to code execution under the context of the application.

  Tags:  day zero initiative virtual-method zero-day video-file  

• 16:15

  Zero Day Initiative Advisory 11-336

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-336 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when a user attempts to play a malicious video file containing a malformed codec name. When playing a malformed codec, the application will incorrectly free an object and then later attempt to use it by calling a virtual method pointer upon destruction. This can lead to code execution under the context of the application.

  Tags:  day zero initiative virtual-method zero-day video-file  

• 15:50

  Zero Day Initiative Advisory 11-335

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption rv10 zero-day  

• 15:50

  Zero Day Initiative Advisory 11-335

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption rv10 zero-day  

• 15:50

  Zero Day Initiative Advisory 11-335

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-335 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to parse a height out of the RV10 codec object. The application will incorrectly treat the value as a signed integer and will its value as the count within a loop that populates rows of sample data within a buffer. This can allow for memory corruption which can lead to code execution under the context of the application.

  Tags:  day zero application memory-corruption rv10 zero-day  

• November 17, 2011
• 7:41

  Zero Day Threat Takes Out DNS Servers Across The Internet

   » ‎ Packet Storm Security Headlines
  Zero Day Threat Takes Out DNS Servers Across The Internet

  Tags:  threat day zero dns-servers zero-day  

• November 16, 2011
• 18:34

  Zero Day Initiative Advisory 11-330

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-330 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which listens by default on TCP port 4322. When handling incoming requests the process fails to perform any type of authentication. Many available operations allow direct manipulation and creation of files on disk, loading of arbitrary DLLs and process control. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the User.

  Tags:  day zero vulnerability disk-loading zero-day web-studio  

• 18:34

  Zero Day Initiative Advisory 11-330

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-330 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which listens by default on TCP port 4322. When handling incoming requests the process fails to perform any type of authentication. Many available operations allow direct manipulation and creation of files on disk, loading of arbitrary DLLs and process control. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the User.

  Tags:  day zero vulnerability disk-loading zero-day web-studio  

• 18:34

  Zero Day Initiative Advisory 11-330

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-330 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component (CEServer.exe) which listens by default on TCP port 4322. When handling incoming requests the process fails to perform any type of authentication. Many available operations allow direct manipulation and creation of files on disk, loading of arbitrary DLLs and process control. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the User.

  Tags:  disk-loading zero-day web-studio  

• 18:26

  Zero Day Initiative Advisory 11-329

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability zero-day arbitrary-code attackers  

• 18:26

  Zero Day Initiative Advisory 11-329

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability zero-day arbitrary-code attackers  

• 18:26

  Zero Day Initiative Advisory 11-329

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-329 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft WebStudio. Authentication is not required to exploit this vulnerability. The flaw exists within the CEServer component which is used as a runtime dependency for applications deployed using Indusoft WebStudio. When handling the Remove File operation (0x15) the process blindly copies user supplied data to a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability zero-day arbitrary-code attackers  

• November 07, 2011
• 17:54

  Zero Day Initiative Advisory 11-327

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:54

  Zero Day Initiative Advisory 11-327

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  tcp-port-80 data-protector zero-day  

• 17:54

  Zero Day Initiative Advisory 11-327

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-327 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogBackupLocationStatus which does not properly validate or sanitize the backupLocationStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:53

  Zero Day Initiative Advisory 11-326

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  tcp-port-80 data-protector zero-day  

• 17:53

  Zero Day Initiative Advisory 11-326

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-326 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientInstallation which does not properly validate or sanitize the userid field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:48

  Zero Day Initiative Advisory 11-325

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  tcp-port-80 data-protector zero-day  

• 17:48

  Zero Day Initiative Advisory 11-325

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:48

  Zero Day Initiative Advisory 11-325

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-325 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method GetPolicies which does not properly validate or sanitize the clientVersion field of a user supplied request. This value is later used when constructing a query to fulfill the provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:39

  Zero Day Initiative Advisory 11-324

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  tcp-port-80 data-protector zero-day  

• 17:39

  Zero Day Initiative Advisory 11-324

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:39

  Zero Day Initiative Advisory 11-324

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-324 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method RequestCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:38

  Zero Day Initiative Advisory 11-323

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  tcp-port-80 data-protector zero-day  

• 17:38

  Zero Day Initiative Advisory 11-323

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-323 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogClientHealth which does not properly validate or sanitize the clientHealth field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:35

  Zero Day Initiative Advisory 11-322

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:35

  Zero Day Initiative Advisory 11-322

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:35

  Zero Day Initiative Advisory 11-322

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-322 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method LogCopyOperation which does not properly validate or sanitize the copyStatus field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:35

  Zero Day Initiative Advisory 11-321

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:35

  Zero Day Initiative Advisory 11-321

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:35

  Zero Day Initiative Advisory 11-321

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-321 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Data Protector Notebook Extension. Authentication is not required to exploit this vulnerability. The flaw exists within the dpnepolicyservice component which exposes a DPNECentral Web Service on TCP port 80. This service contains a method FinishedCopy which does not properly validate or sanitize the type field of a user supplied request. This value is later used when constructing a query fulfill provided request. A remote attacker can exploit this vulnerability to execute arbitrary queries under the context of the service.

  Tags:  zero vulnerability service tcp-port-80 data-protector zero-day  

• 17:34

  Zero Day Initiative Advisory 11-319

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-319 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within \Program Files\Common Files\InstallShield\ISGrid2.dll. If the bstrReplaceText parameter exceeds its statically-allocated length then a buffer overflow will occur. This can be exploited to execute arbitrary code on the system in the context of the user running the browser.

  Tags:  day zero initiative novell-zenworks buffer-overflow zero-day  

• 17:34

  Zero Day Initiative Advisory 11-319

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-319 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within \Program Files\Common Files\InstallShield\ISGrid2.dll. If the bstrReplaceText parameter exceeds its statically-allocated length then a buffer overflow will occur. This can be exploited to execute arbitrary code on the system in the context of the user running the browser.

  Tags:  day zero initiative novell-zenworks buffer-overflow zero-day  

• 17:33

  Zero Day Initiative Advisory 11-318

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-318 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. This can be exploited to execute arbitrary commands on the user's system.

  Tags:  day zero initiative novell-zenworks zero-day s-system  

• 17:33

  Zero Day Initiative Advisory 11-318

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-318 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. This can be exploited to execute arbitrary commands on the user's system.

  Tags:  day zero initiative novell-zenworks zero-day s-system  

• 17:33

  Zero Day Initiative Advisory 11-318

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-318 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Software Packaging. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the function LaunchProcess exposed via the LaunchHelp.dll ActiveX Control (ProgID LaunchHelp.HelpLauncher.1). The first argument to LaunchProcess is a path to a command to execute, but the argument is not sanitized and is subject to directory traversal. This can be exploited to execute arbitrary commands on the user's system.

  Tags:  day zero initiative novell-zenworks zero-day s-system  

• October 27, 2011
• 15:14

  Zero Day Initiative Advisory 11-315

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-315 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allows for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime flc-delta code-execution zero-day  

• 15:14

  Zero Day Initiative Advisory 11-315

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-315 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allows for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime flc-delta code-execution zero-day  

• 15:14

  Zero Day Initiative Advisory 11-315

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-315 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime decodes flic file. Flic files can contain FLC Delta Decompression block containing Run Length Encoded data. Quicktime fails to correctly checking the decompression size when decoding the RLE data. This allows for a 4 byte overwrite past the end of the buffer which could result into remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime flc-delta code-execution zero-day  

• 15:12

  Zero Day Initiative Advisory 11-314

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-314 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. This can be used to force the target buffer to be of an undersized length. Usage of this buffer will result in a buffer overflow in the context of the application.

  Tags:  file application buffer buffer-overflow quicktime-player zero-day  

• 15:12

  Zero Day Initiative Advisory 11-314

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-314 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. This can be used to force the target buffer to be of an undersized length. Usage of this buffer will result in a buffer overflow in the context of the application.

  Tags:  file application buffer buffer-overflow quicktime-player zero-day  

• 15:12

  Zero Day Initiative Advisory 11-314

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-314 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specific opcode within a PCT file. When resizing a heap buffer, the application will use a signed word read from the file to calculate the resulting size. This can be used to force the target buffer to be of an undersized length. Usage of this buffer will result in a buffer overflow in the context of the application.

  Tags:  file application buffer buffer-overflow quicktime-player zero-day  

• 15:05

  Zero Day Initiative Advisory 11-312

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-312 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.

  Tags:  day zero application apple-quicktime apple-quicktime-player zero-day movie-file  

• 15:05

  Zero Day Initiative Advisory 11-312

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-312 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.

  Tags:  day zero application apple-quicktime apple-quicktime-player zero-day movie-file  

• 15:05

  Zero Day Initiative Advisory 11-312

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-312 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses the atom hierarchy within a QuickTime movie file. In a certain situation the application will pass execution to another function for handling the atom, however, will pass the incorrect number of arguments. Due to this, a variable will be treated as a pointer. This can lead to code execution under the context of the application.

  Tags:  day zero application apple-quicktime apple-quicktime-player zero-day movie-file  

• October 26, 2011
• 16:32

  Zero Day Initiative Advisory 11-310

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-310 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reader handles compound glyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign extension occurs resulting in a buffer under-read. Simple glyphs are checked when Adobe Reader parses the font info, but the value for 'numberOfContours' in an compound glyph is the sum of all its child glyphs, and this is not checked. This could result in remote code execution under the context of the current user.

  Tags:  code-execution zero-day glyphs  

• 16:32

  Zero Day Initiative Advisory 11-310

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-310 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reader handles compound glyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign extension occurs resulting in a buffer under-read. Simple glyphs are checked when Adobe Reader parses the font info, but the value for 'numberOfContours' in an compound glyph is the sum of all its child glyphs, and this is not checked. This could result in remote code execution under the context of the current user.

  Tags:  zero reader adobe code-execution zero-day glyphs  

• 16:32

  Zero Day Initiative Advisory 11-310

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-310 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reader handles compound glyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign extension occurs resulting in a buffer under-read. Simple glyphs are checked when Adobe Reader parses the font info, but the value for 'numberOfContours' in an compound glyph is the sum of all its child glyphs, and this is not checked. This could result in remote code execution under the context of the current user.

  Tags:  zero reader adobe code-execution zero-day glyphs  

• 16:32

  Zero Day Initiative Advisory 11-309

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-309 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability novell-iprint zero-day target  

• 16:32

  Zero Day Initiative Advisory 11-309

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-309 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability novell-iprint zero-day target  

• 16:32

  Zero Day Initiative Advisory 11-309

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-309 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell iPrint Client. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the nipplib.dll component. When handling the exposed method GetDriverSettings the application assembles a string for logging consisting of the hostname/port provided as a parameter. When building this message the process will blindly copy user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability novell-iprint zero-day target  

• 16:15

  Zero Day Initiative Advisory 11-305

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.

  Tags:  oracle-java code-execution zero-day  

• 16:15

  Zero Day Initiative Advisory 11-305

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.

  Tags:  java code javascript oracle-java code-execution zero-day  

• 16:15

  Zero Day Initiative Advisory 11-305

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-305 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Java handles Rhino Javascript errors. The built-in javascript engine in Java fails to perform sufficient sanitation on javascript error objects. The effect is that untrusted code can run in privileged context. This can result in remote code execution under the context of the current user.

  Tags:  java code javascript oracle-java code-execution zero-day  

• 16:12

  Zero Day Initiative Advisory 11-304

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. A field will be read from the file in order to calculate a length that is later used in a memory copy operation into a statically sized buffer. Successful exploitation can lead to code execution under the context of the application.

  Tags:  apple-quicktime-player memory-copy zero-day  

• 16:12

  Zero Day Initiative Advisory 11-304

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. A field will be read from the file in order to calculate a length that is later used in a memory copy operation into a statically sized buffer. Successful exploitation can lead to code execution under the context of the application.

  Tags:  day zero vulnerability apple-quicktime apple-quicktime-player memory-copy zero-day  

• 16:12

  Zero Day Initiative Advisory 11-304

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-304 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. Authentication is not required to exploit this vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses an audio stream encoded with the advanced audio codec. A field will be read from the file in order to calculate a length that is later used in a memory copy operation into a statically sized buffer. Successful exploitation can lead to code execution under the context of the application.

  Tags:  day zero vulnerability apple-quicktime apple-quicktime-player memory-copy zero-day  

• 16:12

  Zero Day Initiative Advisory 11-303

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-303 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. When those fields contain incorrect data Quicktime will eventually write outside the buffer allocated for the movie stream. This can result in remote code execution under the context of the current user.

  Tags:  code-execution apple-quicktime zero-day  

• 16:12

  Zero Day Initiative Advisory 11-303

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-303 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. When those fields contain incorrect data Quicktime will eventually write outside the buffer allocated for the movie stream. This can result in remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime code-execution zero-day  

• 16:12

  Zero Day Initiative Advisory 11-303

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-303 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles H.264 streams. When parsing the Sequence Parameter Set data for a H.264 stream it reads the frame cropping offset fields. When those fields contain incorrect data Quicktime will eventually write outside the buffer allocated for the movie stream. This can result in remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime code-execution zero-day  

• 11:10

  Zero Day Initiative Advisory 11-302

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.

  Tags:  zero reader adobe x.-user libtiff zero-day adobe-reader  

• 11:10

  Zero Day Initiative Advisory 11-302

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.

  Tags:  zero reader adobe x.-user libtiff zero-day adobe-reader  

• 11:10

  Zero Day Initiative Advisory 11-302

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.

  Tags:  zero reader adobe x.-user libtiff zero-day adobe-reader  

• 10:56

  Zero Day Initiative Advisory 11-298

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.

  Tags:  zero image adobe adobe-image code-execution zero-day  

• 10:56

  Zero Day Initiative Advisory 11-298

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.

  Tags:  zero image adobe adobe-image code-execution zero-day  

• 10:56

  Zero Day Initiative Advisory 11-298

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-298 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Adobe Image parsing library. When Adobe Reader tries to parse an .IFF image. While it tries to copy the image data from the RGBA chunk insufficient boundary checks are performed on a row counter which could lead to a heap overflow. This could result in remote code execution with the rights of the current user.

  Tags:  zero image adobe adobe-image code-execution zero-day  

• October 20, 2011
• 15:56

  Skype VoIP Zero Day Exploitation

   » ‎ Packet Storm Security Recent Files
  Whitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.

  Tags:  exploitation zero Skype voice-over-ip-software zero-day software-vulnerabilities  

• 15:56

  Skype VoIP Zero Day Exploitation

   » ‎ Packet Storm Security Misc. Files
  Whitepaper called Skype Voice Over IP Software Vulnerabilities, Techniques and Methods - Zero Day Exploitation 2011.

  Tags:  exploitation zero Skype voice-over-ip-software zero-day software-vulnerabilities  

• October 15, 2011
• 16:52

  Zero Day Initiative Advisory 11-289

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.

  Tags:  internet zero explorer internet-explorer-user code-execution zero-day  

• 16:52

  Zero Day Initiative Advisory 11-289

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.

  Tags:  internet zero explorer internet-explorer-user code-execution zero-day  

• 16:52

  Zero Day Initiative Advisory 11-289

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-289 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles calls to the method swapNode(). When a call to swapNode is issued on an node within a document that has two body nodes, Internet Explorer frees an attribute field for one of the body nodes and then later re-uses the freed field during the node swap. This behavior could result in remote code execution under the context of the current user.

  Tags:  internet zero explorer internet-explorer-user code-execution zero-day  

• 16:51

  Zero Day Initiative Advisory 11-288

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.

  Tags:  day zero application internet-explorer-8 zero-day operands  

• 16:51

  Zero Day Initiative Advisory 11-288

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.

  Tags:  day zero application internet-explorer-8 zero-day operands  

• 16:51

  Zero Day Initiative Advisory 11-288

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-288 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application verifies arguments for a certain operation performed on an element. When parsing one of the operands of a method, the application will pass the argument straight to a method that will use the variant as an index. Due to bypassing the argument check, an aggressor can set the index to point to data outside the bounds of the array. This can lead to code execution under the context of the application.

  Tags:  day zero application internet-explorer-8 zero-day operands  

• 16:50

  Zero Day Initiative Advisory 11-287

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.

  Tags:  day zero cache internet-explorer-user zero-day type-safety  

• 16:50

  Zero Day Initiative Advisory 11-287

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.

  Tags:  day zero cache internet-explorer-user zero-day type-safety  

• 16:50

  Zero Day Initiative Advisory 11-287

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-287 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the caching implementation of a Select element. When modifying this cache, there are certain methods that do not update the cache correctly. Due to these inconsistencies, one can desynchronize the cache with elements that have been freed. While using these freed elements, the application's perception of type-safety becomes skewed and usage of the object can lead to code execution under the context of the application.

  Tags:  day zero cache internet-explorer-user zero-day type-safety  

• October 11, 2011
• 10:47

  Zero Day Exploits Account For Just 1% Of Threats

   » ‎ Packet Storm Security Headlines
  Zero Day Exploits Account For Just 1% Of Threats

  Tags:  exploits day zero zero-day  

• September 02, 2011
• 15:01

  Zero Day Initiative Advisory 11-278

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.

  Tags:  day zero initiative manager.-authentication zero-day arbitrary-code attackers  

• 15:01

  Zero Day Initiative Advisory 11-278

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.

  Tags:  day zero initiative manager.-authentication zero-day arbitrary-code attackers  

• 15:01

  Zero Day Initiative Advisory 11-278

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-278 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an object, the application will store a partially initialized session. This partially initialized session will allow one to make privileged RPC calls to the server. This can lead to code execution under the context of the service.

  Tags:  day zero initiative manager.-authentication zero-day arbitrary-code attackers  

• August 23, 2011
• 20:17

  Zero Day Initiative Advisory 11-276

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability adobe-flash-player zero-day arbitrary-code  

• 20:17

  Zero Day Initiative Advisory 11-276

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability adobe-flash-player zero-day arbitrary-code  

• 20:17

  Zero Day Initiative Advisory 11-276

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-276 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.

  Tags:  day zero vulnerability adobe-flash-player zero-day arbitrary-code  

• 20:16

  Zero Day Initiative Advisory 11-275

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-275 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x11 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.

  Tags:  day zero vulnerability arbitrary-code-execution buffer-overflow zero-day  

• 20:16

  Zero Day Initiative Advisory 11-275

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-275 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x11 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.

  Tags:  day zero vulnerability arbitrary-code-execution buffer-overflow zero-day  

• 20:16

  Zero Day Initiative Advisory 11-275

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-275 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x11 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.

  Tags:  day zero vulnerability arbitrary-code-execution buffer-overflow zero-day  

• 20:16

  Zero Day Initiative Advisory 11-274

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-274 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x140 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.

  Tags:  day zero vulnerability arbitrary-code-execution buffer-overflow zero-day  

• 20:16

  Zero Day Initiative Advisory 11-274

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-274 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x140 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.

  Tags:  day zero vulnerability arbitrary-code-execution buffer-overflow zero-day  

• 20:16

  Zero Day Initiative Advisory 11-274

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-274 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x140 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user.

  Tags:  day zero vulnerability arbitrary-code-execution buffer-overflow zero-day  

• 20:15

  Zero Day Initiative Advisory 11-273

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.

  Tags:  day zero error zero-day autostart arbitrary-code  

• 20:15

  Zero Day Initiative Advisory 11-273

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.

  Tags:  day zero error zero-day autostart arbitrary-code  

• 20:15

  Zero Day Initiative Advisory 11-273

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-273 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service.

  Tags:  day zero error zero-day autostart arbitrary-code  

• August 18, 2011
• 0:32

  Zero Day Initiative Advisory 11-271

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser.

  Tags:  day zero initiative dom dom-trees appendchild zero-day  

• 0:32

  Zero Day Initiative Advisory 11-271

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser.

  Tags:  day zero initiative dom dom-trees appendchild zero-day  

• 0:32

  Zero Day Initiative Advisory 11-271

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-271 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser.

  Tags:  day zero initiative dom dom-trees appendchild zero-day  

• August 16, 2011
• 20:58

  Zero Day Initiative Advisory 11-266

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-266 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application using a size defined in a header in order to allocate some number of bytes. When processing an AAC raw_data_frame, the application will use the product of the original length and a field inside one of its elements. During the copy operation, this length will be larger than the amount that was allocated for which will cause a buffer overflow and can lead to code execution under the context of the application.

  Tags:  day zero application buffer-overflow zero-day number-of-bytes  

• 20:58

  Zero Day Initiative Advisory 11-266

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-266 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application using a size defined in a header in order to allocate some number of bytes. When processing an AAC raw_data_frame, the application will use the product of the original length and a field inside one of its elements. During the copy operation, this length will be larger than the amount that was allocated for which will cause a buffer overflow and can lead to code execution under the context of the application.

  Tags:  day zero application buffer-overflow zero-day number-of-bytes  

• 20:58

  Zero Day Initiative Advisory 11-266

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-266 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to the application using a size defined in a header in order to allocate some number of bytes. When processing an AAC raw_data_frame, the application will use the product of the original length and a field inside one of its elements. During the copy operation, this length will be larger than the amount that was allocated for which will cause a buffer overflow and can lead to code execution under the context of the application.

  Tags:  day zero application buffer-overflow zero-day number-of-bytes  

• 20:54

  Zero Day Initiative Advisory 11-264

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero initiative foundation-administrator integer-overflow zero-day  

• 20:54

  Zero Day Initiative Advisory 11-264

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero initiative foundation-administrator integer-overflow zero-day  

• 20:54

  Zero Day Initiative Advisory 11-264

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-264 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation Administrator Service. Authentication is not required to exploit this vulnerability. The specific flaw exists within vxsvc.exe process. The problem affecting the part of the server running on tcp port 2148 is an integer overflow in the function vxveautil.kv_binary_unpack where a 32-bit field is used to allocate an amount of memory equal to its value plus 1. This can be made to miscalculate a heap buffer which can be subsequently overflowed allowing an attacker to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero initiative foundation-administrator integer-overflow zero-day  

• 16:22

  Zero Day Initiative Advisory 11-262

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero initiative vxsvc integer-overflow zero-day  

• 16:22

  Zero Day Initiative Advisory 11-262

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero initiative vxsvc integer-overflow zero-day  

• 16:22

  Zero Day Initiative Advisory 11-262

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-262 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. Authentication is not required to exploit this vulnerability. The specific flaw exists within the vxsvc.exe process. The problem affecting the part of the server running on TCP port 2148 is an integer overflow in the function vxveautil.value_binary_unpack where a 32-bit field holds a value that, through some calculation, can be used to create a smaller heap buffer than required to hold user-supplied data. This can be leveraged to cause an overflow of the heap buffer, allowing the attacker to execute arbitrary code under the context of SYSTEM.

  Tags:  day zero initiative vxsvc integer-overflow zero-day  

• 15:22

  Zero Day Initiative Advisory 11-261

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.

  Tags:  day zero vulnerability directory-traversal code-execution zero-day  

• 15:22

  Zero Day Initiative Advisory 11-261

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.

  Tags:  day zero vulnerability directory-traversal code-execution zero-day  

• 15:22

  Zero Day Initiative Advisory 11-261

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-261 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Easy Printer Care. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XMLSimpleAccessor class ActiveX control (CLSID 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9). The SaveXML() method is vulnerable to directory traversal, which allows an attacker to write arbitrary content to the filesystem. A remote attacker could leverage this vulnerability to gain code execution under the context of the web browser.

  Tags:  day zero vulnerability directory-traversal code-execution zero-day  

• 14:16

  Zero Day Initiative Advisory 11-259

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-259 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles corrupt Sample Size atoms. When the value for 'Number of Entries' in this atom differs from the 'Number of Entries' in the Time-To-Sample atom, QuickTime will fill the Atom Sample Table with uninitialized data read from memory. This can later on result in a heap overflow when the data is used to calculate a loop counter to fill a heap buffer.

  Tags:  zero sample atom apple-quicktime uninitialized-data zero-day  

• 14:16

  Zero Day Initiative Advisory 11-259

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-259 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles corrupt Sample Size atoms. When the value for 'Number of Entries' in this atom differs from the 'Number of Entries' in the Time-To-Sample atom, QuickTime will fill the Atom Sample Table with uninitialized data read from memory. This can later on result in a heap overflow when the data is used to calculate a loop counter to fill a heap buffer.

  Tags:  zero sample atom apple-quicktime uninitialized-data zero-day  

• 14:16

  Zero Day Initiative Advisory 11-259

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-259 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles corrupt Sample Size atoms. When the value for 'Number of Entries' in this atom differs from the 'Number of Entries' in the Time-To-Sample atom, QuickTime will fill the Atom Sample Table with uninitialized data read from memory. This can later on result in a heap overflow when the data is used to calculate a loop counter to fill a heap buffer.

  Tags:  zero sample atom apple-quicktime uninitialized-data zero-day  

• 12:22

  Zero Day Initiative Advisory 11-257

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-257 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  day zero application quicktime-player zero-day h-264  

• 12:22

  Zero Day Initiative Advisory 11-257

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-257 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  day zero application quicktime-player zero-day h-264  

• 12:22

  Zero Day Initiative Advisory 11-257

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-257 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  day zero application quicktime-player zero-day h-264  

• 6:22

  Zero Day Initiative Advisory 11-255

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-255 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  day zero application apple-quicktime apple-quicktime-player zero-day h-264  

• 6:22

  Zero Day Initiative Advisory 11-255

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-255 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  day zero application apple-quicktime apple-quicktime-player zero-day h-264  

• 6:22

  Zero Day Initiative Advisory 11-255

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-255 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a frame within an H.264 encoded movie. When processing a particular set of flags of a structure, the application will use a length that is defined within the structure to copy data into a statically sized buffer on the stack. Due to the application failing to check the bounds of this length, the application will write outside the bounds of the buffer which can lead to code execution under the context of the application.

  Tags:  day zero application apple-quicktime apple-quicktime-player zero-day h-264  

• August 09, 2011
• 21:32

  Zero Day Initiative Advisory 11-250

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. If this counter is too big it will result in a heap overflow that can cause remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime code-execution zero-day  

• 21:32

  Zero Day Initiative Advisory 11-250

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. If this counter is too big it will result in a heap overflow that can cause remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime code-execution zero-day  

• 21:32

  Zero Day Initiative Advisory 11-250

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-250 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktime handles invalid Sample Duration values in the Time-To-Sample atoms. This value is used in the calculation of a loop counter. If this counter is too big it will result in a heap overflow that can cause remote code execution under the context of the current user.

  Tags:  day zero initiative apple-quicktime code-execution zero-day  

• 21:19

  Zero Day Initiative Advisory 11-249

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-249 - This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. When a new Internet Explorer process is launched it checks the Integrity of the file it is launched against. If the file is a Low Integrity file it will run the process in Low Integrity Mode. It is however possible to give the file an even lower permission: Untrusted, since this does not match the check for 'Low Integrity' the Internet Explorer will run in Medium Integrity instead of Low Integrity. This can be abused in an exploit to bypass the Protected Mode design and thus allow an attacker to escalate their privileges.

  Tags:  integrity low process zero-day mode-design internet-explorer  

• 21:19

  Zero Day Initiative Advisory 11-249

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-249 - This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. When a new Internet Explorer process is launched it checks the Integrity of the file it is launched against. If the file is a Low Integrity file it will run the process in Low Integrity Mode. It is however possible to give the file an even lower permission: Untrusted, since this does not match the check for 'Low Integrity' the Internet Explorer will run in Medium Integrity instead of Low Integrity. This can be abused in an exploit to bypass the Protected Mode design and thus allow an attacker to escalate their privileges.

  Tags:  integrity low process zero-day mode-design internet-explorer  

• 21:19

  Zero Day Initiative Advisory 11-249

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-249 - This vulnerability allows remote attackers to escape Protected Mode on vulnerable installations of Internet Explorer. Internet Explorer Protected Mode consists of a Medium Integrity and a Low Integrity process. The Low Integrity process is only allowed to write to special Low Integrity locations. File written there are marked as Low Integrity files. When a new Internet Explorer process is launched it checks the Integrity of the file it is launched against. If the file is a Low Integrity file it will run the process in Low Integrity Mode. It is however possible to give the file an even lower permission: Untrusted, since this does not match the check for 'Low Integrity' the Internet Explorer will run in Medium Integrity instead of Low Integrity. This can be abused in an exploit to bypass the Protected Mode design and thus allow an attacker to escalate their privileges.

  Tags:  integrity low process zero-day mode-design internet-explorer  

• August 07, 2011
• 9:37

  10 Year Old Hacker Finds Zero Day Flaw In Games

   » ‎ Packet Storm Security Headlines
  10 Year Old Hacker Finds Zero Day Flaw In Games

  Tags:  hacker old year zero-day games  

• August 03, 2011
• 4:02

  Zero-day Vulnerability In TimThumb Image Utility Threatens Many WordPress Sites

   » ‎ Darknet
  This is pretty apt after we wrote about WebsiteDefender – Ensure Your Website Security on Monday, a platform for securing web applications with a focus on WordPress. Today a zero-day in a very commonly used WordPress library hit quite a few news sites. The flaw is in an image utility called TimThumb which is used [...]
  
  Read the full post at darknet.org.uk

  
  

  

  Tags:  zero-day read securing-web-applications image-utility ExploitsVulnerabilities  

• August 02, 2011
• 19:43

  Zero Day Bug Threatens Many WordPress SItes

   » ‎ Packet Storm Security Headlines
  Zero Day Bug Threatens Many WordPress SItes

  Tags:  bug day zero zero-day  

• July 29, 2011
• 19:46

  Zero Day Initiative Advisory 11-246

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handles certain data in the login packets. Malformed packets can cause the service in question to write a NULL byte on the stack which can be leveraged by a remote attacker to execute code under the context of the running service.

  Tags:  day zero initiative null-byte server-authentication zero-day  

• 19:46

  Zero Day Initiative Advisory 11-246

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handles certain data in the login packets. Malformed packets can cause the service in question to write a NULL byte on the stack which can be leveraged by a remote attacker to execute code under the context of the running service.

  Tags:  day zero initiative null-byte server-authentication zero-day  

• 19:46

  Zero Day Initiative Advisory 11-246

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-246 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sybase Adaptive Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Sybase Backup and Monitor servers handles certain data in the login packets. Malformed packets can cause the service in question to write a NULL byte on the stack which can be leveraged by a remote attacker to execute code under the context of the running service.

  Tags:  day zero initiative null-byte server-authentication zero-day  

• July 28, 2011
• 19:43

  Zero Day Initiative Advisory 11-244

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin component which listens by default on TCP port 27000 (this can vary however if the port is in use). When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the lmadmin user.

  Tags:  zero packet vulnerability manager.-authentication packet-type license-server zero-day  

• 19:43

  Zero Day Initiative Advisory 11-244

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin component which listens by default on TCP port 27000 (this can vary however if the port is in use). When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the lmadmin user.

  Tags:  zero packet vulnerability manager.-authentication packet-type license-server zero-day  

• 19:43

  Zero Day Initiative Advisory 11-244

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-244 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Flexera Software Flexnet License Server Manager. Authentication is not required to exploit this vulnerability. The flaw exists within the lmadmin component which listens by default on TCP port 27000 (this can vary however if the port is in use). When handling a packet type having the opcode 0x2f the process trusts a user provided value when calculating the bytes remaining in the packet. Using this tainted remaining length value the process then copies packet data into a buffer on the heap. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the lmadmin user.

  Tags:  zero packet vulnerability manager.-authentication packet-type license-server zero-day  

• 0:19

  Zero Day Initiative Advisory 11-243

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.

  Tags:  day zero initiative apple-safari dom dom-tree zero-day  

• 0:19

  Zero Day Initiative Advisory 11-243

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.

  Tags:  day zero initiative apple-safari dom dom-tree zero-day  

• 0:19

  Zero Day Initiative Advisory 11-243

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-243 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the library handles implicitly defined styles. When processing a specific case for a style, the application will dispatch an event. During this dispatch, code can be executed that can be used to manipulate the DOM tree causing a type-switch. This type-switch can lead to code execution under the context of the application.

  Tags:  day zero initiative apple-safari dom dom-tree zero-day  

• 0:04

  Zero Day Initiative Advisory 11-242

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.

  Tags:  day zero application apple-safari zero-day webkit  

• 0:04

  Zero Day Initiative Advisory 11-242

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.

  Tags:  day zero application apple-safari zero-day webkit  

• 0:04

  Zero Day Initiative Advisory 11-242

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-242 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application frees references from a particular element. When freeing these references, the application will fail to remove the reference from the rendering object. Later upon trying to free the element again, the application will access the freed reference which can lead to code execution under the context of the application.

  Tags:  day zero application apple-safari zero-day webkit  

• July 27, 2011
• 14:17

  Zero Day Initiative Advisory 11-240

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating its reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.

  Tags:  day zero vulnerability apple-safari zero-day webkit  

• 14:17

  Zero Day Initiative Advisory 11-240

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating its reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.

  Tags:  day zero vulnerability apple-safari zero-day webkit  

• 14:17

  Zero Day Initiative Advisory 11-240

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-240 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating its reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application.

  Tags:  day zero vulnerability apple-safari zero-day webkit  

• 8:28

  Zero Day Initiative Advisory 11-239

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.

  Tags:  day zero element apple-safari zero-day webkit  

• 8:28

  Zero Day Initiative Advisory 11-239

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.

  Tags:  day zero element apple-safari zero-day webkit  

• 8:28

  Zero Day Initiative Advisory 11-239

   » ‎ Packet Storm Security Misc. Files
  Zero Day Initiative Advisory 11-239 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a FrameOwner element. When building this tree, the application will create a duplicate reference of an element. By freeing the referenced element, a use-after-free condition can be made to occur which can lead to code execution under the context of the application.

  Tags:  day zero element apple-safari zero-day webkit  

• July 21, 2011
• 16:25

  Zero Day Initiative Advisory 11-238

   » ‎ Packet Storm Security Advisories
  Zero Day Initiative Advisory 11-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validate_login function defined within /apache/htdocts/php/common.php. The username parameter is passed with limited sanitization to an exec_qr call which can be abused to inject commands. The sanitation that does occur can limit the exploitation of this issue, however code execution can likely still be achieved. Successful attempts will yield remote code execution under the context of the apache server.

  Tags:  day zero code username-parameter code-execution zero-day  

• 16:25

  Zero Day Initiative Advisory 11-238

   » ‎ Packet Storm Security Recent Files
  Zero Day Initiative Advisory 11-238 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validate_login function defined within /apache/htdocts/php/common.php. The username parameter is passed with limited sanitization to an exec_qr call which can be abused to inject commands. The sanitation that does occur can limit the exploitation of this issue, however code execution can likely still be achieved. Successful attempts will yield remote code execution under the context of the apache server.

  Tags:  day zero code username-parameter code-execution zero-day