Packet Storm's last 100 added files.
Last Updated: Thu May 21 20:17:03 EDT 2009


[ flashquiz-sql.txt ] 79e83f1d8fff471add51b29468c06e30 Flash Quiz Beta 2 suffers from multiple remote SQL injection vulnerabilities.  
[ groupwise-xss.txt ] f491052025012e9017a5d5da0bbe6627 Novell Groupwise Web Access suffers from multiple cross site scripting vulnerabilities.  
[ zaocms-disclose.txt ] 502b4c44e359088633e8cc81b5a93d98 ZaoCMS suffers from a remote file disclosure vulnerability in download.php.  
[ zaocms-insecure.txt ] c7f9db9207db7329f8eb5fcc88d0019b ZaoCMS suffers from an insecure cookie handling vulnerability.  
[ articledir-blindsql.txt ] a25fed9e80f418229a3e08397968dcb3 Article Directory suffers from a remote blind SQL injection vulnerability in page.php.  
[ MDVSA-2009-121.txt ] 9aaa6e5338f13acaf3205e37a5a22ca6 Mandriva Linux Security Advisory 2009-121 - Multiple security vulnerabilities has been identified and fixed in Little CMS. A memory leak flaw allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted image file. Multiple integer overflows allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. Multiple stack-based buffer overflows allow remote attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel. A flaw in the transformations of monochrome profiles allows remote attackers to cause denial of service triggered by a NULL pointer dereference via a crafted image file. This update provides fixes for these issues.  
[ MDVSA-2009-120.txt ] 40411a2c25d7fd9f6200712d9f70d18c Mandriva Linux Security Advisory 2009-120 - Multiple security vulnerabilities has been identified and fixed in OpenSSL. The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of future epoch DTLS records that are buffered in a queue, aka DTLS record buffer limitation bug. Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka DTLS fragment handling memory leak. The updated packages have been patched to prevent this.  
[ articledirectory-sql.txt ] c12c1f4808e1303485e28367920a5e8b Article Directory suffers from a remote SQL injection vulnerability that allows for authentication bypass.  
[ jobscript-upload.txt ] 5245a601d40ab4035909b482f64b600e Job Script version 2.0 suffers from an arbitrary shell upload vulnerability.  
[ Reverse_Engineering.pdf ] 19c50bb676b1d10a4180966e99a16b50 Whitepaper called Bypassing Authentication with Reverse Engineering in Linux x86. Written in French.  
[ aspinlinecc-sqlxss.txt ] d4427407dd890bd7747e1e11f99a2229 ASP Inline Corporate Calendar suffers from cross site scripting and remote SQL injection vulnerabilities.  
[ vicidial-sql.txt ] 6f9d072d28046233760d43790aa5835c Vicidial Call Center Suite suffers from a remote SQL injection vulnerability that allows for authentication bypass.  
[ DDIVRT-2009-25.txt ] a9e4c0a0fb5a55991acaf2f0e3c218fe The web interface on tcp port 8090 of IPsession suffers from a SQL injection vulnerability.  
[ chinagames-exec.txt ] b4e4a1135cd48de152edfc62d0d34df2 ChinaGames Active-X related remote code execution exploit.  
[ baofeng-exec.txt ] 747e205acea99eae101b09eac2147010 BaoFeng Active-X related remote code execution exploit.  
[ msiiswebdav-bypass.txt ] 88f5c6917ad436df1a16908de6c90d8f Remote authentication bypass exploit for the WebDAV vulnerability in Microsoft IIS 6.0.  
[ 05.19.09-1.txt ] f5df636d3549f48d5c7b51f6d5d3826e iDefense Security Advisory 05.19.09 - Local exploitation of a file overwrite vulnerability in IBM Corp.'s Advanced Interactive eXecutive (AIX) could allow an attacker to overwrite arbitrary files and execute arbitrary code. The AIX libc implementation of malloc includes a debugging mechanism that is initiated by setting the MALLOCTYPE and MALLOCDEBUG environment variables. This debugging feature writes to a user-specified log file under certain conditions. There is a gap in time between the checks to see if the file is a symbolic link and the process of opening the file. If an attacker can change the file to be a symbolic link to another file within this time frame, it is possible to cause a set-uid binary to write to files owned by privileged users. iDefense confirmed the existence of this vulnerability in IBM Corp.'s AIX version 5.3. Other versions may also be affected.  
[ CORE-2009-0109.txt ] 66cba81d15ed53317ac0960af46eaf8b Core Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system.  
[ cisco-sa-20090520-cw.txt ] 36b09d3bf0be6807065752275ed88f69 Cisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow an unauthenticated remote attacker to access application and host operating system files.  
[ dsa-1804-1.txt ] 9d111a30fa624f6f607795fce1599ab2 Debian Security Advisory 1804-1 - Several remote vulnerabilities have been discovered in racoon, the Internet Key Exchange daemon of ipsec-tools. The The Common Vulnerabilities and Exposures project identified the  
[ dsa-1803-1.txt ] b9589c40ffe0addcb77a8b0c17742132 Debian Security Advisory 1803-1 - Ilja van Sprundel discovered that a buffer overflow in NSD, an authoritative name service daemon, allowed to crash the server by sending a crafted packet, creating a denial of service.  
[ jorp-remove.txt ] 0d62b4ad9cbad0d80d38e1334c8a326f Jorp version 1.3.05.09 suffers from an arbitrary removal of projects and tasks vulnerabilities.  
[ bspeak-sql.txt ] 491a5a50a5fd1ffd83a6743e0e251355 bSpeak version 1.10 suffers from a remote blind SQL injection vulnerability.  
[ javax.tgz ] 1a00d02403f11660eb1e0840a0497f55 Mac OS X Java applet deserialization proof of concept exploit.  
[ macosxjava-poc.txt ] c43a1fd90ce21c5c85cd8bd851572f6e Mac OS X suffers from a remote command execution vulnerability via a Java applet.  
[ phpap-bypass.txt ] a8b993d40415d4c64c3215063b011c65 PHP Article Publisher suffers from an arbitrary authentication bypass vulnerability.  
[ realtywebbase10-sql.txt ] 14373f02b29460903d862212f56cdd02 Realty Web-Base version 1.0 suffers from a remote SQL injection vulnerability in list_list.php.  
[ nclinklist-exec.txt ] e180ebf6aea6ac62717e1af1b126635b NC LinkList version 1.3.1 remote command injection exploit.  
[ ncgbook-exec.txt ] 59dbb1266a4afc6de046cbc0bbd88e18 NC GBook version 1.0 remote command injection exploit.  
[ catviz-lfixss.txt ] 8990fee70edfeb9e4cd23a0618a139d9 Catviz 0.4.0b1 suffers from local file inclusion and cross site scripting vulnerabilities.  
[ exjune-reconfigure.txt ] 21e81c68a0637dc91f405609ded22bc1 exJune Officer Message System version 1 suffers from a direct access reconfiguration vulnerability.  
[ joomlacasino-sql.txt ] 29b8116c02ba4b6be36f4c41755f9944 The Joomla Casino component version 0.3.1 suffers from multiple SQL injection vulnerabilities.  
[ pdfresurrect-v0_5.tar.gz ] d8038eb61ed0160a2eb02507b3f12c42 PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. It can also "scrub" or write data over the original instances of PDF objects that have been modified or deleted, in an effort to disguise information from previous versions that might not be intended for anyone else to read. 
[ dmxregman-upload.txt ] d24ba717290e78e3237dad34282f68ee DMXReady Registration Manager version 1.1 suffers from a remote shell upload vulnerability.  
[ galeri-sql.txt ] a00c041d29264799c23c5ee7994e8759 Galeri 1 suffers from a remote SQL injection vulnerability in galeri1.asp.  
[ USN-777-1.txt ] 6772e704e4416eb3f860a345bda9eed1 Ubuntu Security Notice USN-777-1 - A stack-based buffer overflow was discovered in ntpq. If a user were tricked into connecting to a malicious ntp server, a remote attacker could cause a denial of service in ntpq, or possibly execute arbitrary code with the privileges of the user invoking the program. Chris Ries discovered a stack-based overflow in ntp. If ntp was configured to use autokey, a remote attacker could send a crafted packet to cause a denial of service, or possible execute arbitrary code.  
[ drupalrole-xss.txt ] 23a8cd832282848464f935f9bad072db The Drupal version 6.12 suffers from a cross site scripting vulnerability. This is to be taken with a grain of salt as administrative privileges are needed.  
[ ZDI-09-023.txt ] 38093e10b88de9a803aacc0c08f2fee7 Zero Day Initiative Advisory 09-023 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw appears to exist in the ATSServer font server upon parsing of malicious Compact Font Format files. A boundary condition exists in the parsing of internal dictionaries that can lead to a memory corruption allowing the execution of arbitrary code.  
[ ZDI-09-022.txt ] 1230a8a0bbc65f590e8e2ef692a33f8c Zero Day Initiative Advisory 09-022 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code.  
[ dogpedigree-sql.txt ] ff6470f02d3750d01c9c830cd634c0e5 Dog Pedigree Online Database version 1.0.1-Beta suffers from a blind SQL injection vulnerability.  
[ dogpedigree-insecure.txt ] 9dc788ce68035aab18d2bfa85a9e9602 Dog Pedigree Online Database version 1.0.1-Beta suffers from a SQL injection vulnerability in the way it handles cookies.  
[ mycolex-sqlxss.txt ] 5af9de9330654e690f26c0eaa5d21363 my-colex version 1.4.2 suffers from authentication bypass, remote SQL injection, and cross site scripting vulnerabilities.  
[ HPSBMA02427-SSRT090069.txt ] 904bdc1ba27f5963e45c3c87b9c0ba93 HP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender running Easy Login. The vulnerability could be exploited remotely to gain unauthorized access.  
[ MDVSA-2009-119.txt ] 3ea4d8f755de25b42f797edfa0a3469c Mandriva Linux Security Advisory 2009-119 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from an integer overflow to information leakage issues.  
[ MDVSA-2009-118.txt ] 348cb74e44d5bfb72da4b7b954a90125 Mandriva Linux Security Advisory 2009-118 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. These range from arbitrary signals, bypass flaws, and denial of service vulnerabilities.  
[ MDVSA-2009-117.txt ] fda94d8fb3b0e087338f79bd5d4f9ba4 Mandriva Linux Security Advisory 2009-117 - A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. The updated packages have been patched to prevent this.  
[ HPSBMA02426-SSRT090053.txt ] 1381726df24cbba5dce7400bcc237799 HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.  
[ dmfilemanager-sql.txt ] 8f0830cd65c9fee219020ea97d3c47f4 DM FileManager version 3.9.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.  
[ kingsoftws-xssexec.txt ] acee06692f1cb73142df97d5aa309305 KingSoft Web Shield versions 1.1.0.62 and below suffer from cross site scripting and code execution vulnerabilities.  
[ dsa-1802-1.txt ] 2ac9fb670c0bea70e726829eb8ffef95 Debian Security Advisory 1802-1 - Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application.  
[ steam-xss.txt ] 7bfcb961bd532d0c0bf287da1c4555f8 STEAM from Valve Software suffers from cross site scripting and phishing related vulnerabilities.  
[ dsa-1801-1.txt ] 83ab30109b1e07a859a544be176fbceb Debian Security Advisory 1801-1 - Several remote vulnerabilities have been discovered in NTP, the Network Time Protocol reference implementation.  
[ AppsecEU09_CarettoniDiPaola_v0.8.pdf ] c7bb70cc65ee5220083c5e6fcc81de7a This is a presentation called HTTP Parameter Pollution that focuses on manipulation and injection of HTTP GET/POST parameters.  
[ cpgal1422-sql.txt ] 9166a187ab57888a5b8cac8b2f07fb4c Coppermine Photo Gallery versions 1.4.22 and below remote SQL injection and local file inclusion exploit.  
[ padsite-insecure.txt ] fb9a9221cc73c828f2ad368147000896 PAD Site Scripts version 3.6 suffers from an insecure cookie handling vulnerability.  
[ namad-disclose.txt ] c3042fdab0651859641910b35b9ff6bb Namad version 2.0.0.0 suffers from a remote file disclosure vulnerability.  
[ HPSBMA02428-SSRT090048.txt ] f05a68a4baa7d38583fdd330205a9b33 HP Security Bulletin - A potential security vulnerability has been identified with HP System ManagementHomepage (SMH) for Linux and Windows. This vulnerability could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.  
[ joomlagsticket-sql.txt ] 4c6469b313708533906b893282a9df3f Remote blind SQL injection exploit for the Joomla GSTicketSystem component.  
[ netdecision-traversal.txt ] a90e24194e7e61a22bc8cf03fcd677a2 NetDecision TFTP Server version 4.2 suffers from a remote directory traversal vulnerability.  
[ vidshare-upload.txt ] ebb3924733023d019bc6e58046582949 VidShare Pro suffers from an arbitrary shell upload vulnerability.  
[ TKADV2009-006.txt ] 68ddfa92158bdd1e4441462f632c2d6e lidsndfile versions 1.0.19 and below and Winamp versions 5.552 and below suffer from a VOC processing heap buffer overflow vulnerability.  
[ httpdxcwd-overflow.txt ] e6c0c5ba1f3782a056ee746dcef857b6 httpdx versions 0.5b and below CWD related remote buffer overflow exploit.  
[ aoliwinamp-overflow.txt ] bf7c603162bf0b8448284296469524ec AOL IWinAmpActiveX Class ConvertFile() remote overflow exploit for Internet Explorer versions 6 and 7 that leverages AmpX.dll version 2.4.0.6. Old unreleased exploit from the rgod archive.  
[ pbania-spiderpig2008.pdf ] a55ed5e2cf789ab46dd5ae2da4480210 Whitepaper called Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case).  
[ TZO-22-2009.txt ] b674301dfd1ba4516b7eae9b0745f499 Avira Antivir suffers from a generic PDF evasion vulnerability.  
[ TZO-23-2009.txt ] 0327ae1c998e5f6bb199c5bff54a26ce Bitdefender suffers from a generic PDF evasion vulnerability.  
[ drupalcck-xss.txt ] bf302646cfca4dcac4fd4abac8b9931c The Drupal Content Creation Kit (CCK) suffers from a cross site scripting vulnerability. Version 6.12 with CCK 6.x-2.2 is affected.  
[ MDVSA-2009-116.txt ] 4d2a1671b762f8f1aa2a6ad0b858ea0d Mandriva Linux Security Advisory 2009-116 - lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free. lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by leveraging an invalid DSA key. gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time checks in the _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls_x509, as used by (a) Exim, (b) OpenLDAP, and (c) libsoup. The updated packages have been patched to prevent this.  
[ MDVSA-2009-115.txt ] 822f2c6a63fe620000ae85135af88f56 Mandriva Linux Security Advisory 2009-115 - Multiple vulnerabilities has been identified and corrected in phpMyAdmin. Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie. Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. This update provides phpMyAdmin 2.11.9.5, which is not vulnerable to these issues.  
[ MDVSA-2009-114.txt ] da736088313f0604f4e8400f81f30df2 Mandriva Linux Security Advisory 2009-114 - Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) signature verification during user authentication with X.509 certificates, related to the eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) the NAT-Traversal (aka NAT-T) keepalive implementation, related to src/racoon/nattraversal.c. The updated packages have been patched to prevent this.  
[ MDVSA-2009-113.txt ] 47ac7e3c6268fef5510d49b0d002c77c Mandriva Linux Security Advisory 2009-113 - Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. The updated packages have been patched to prevent this.  
[ mooncat-changer.txt ] 4294ddc2ae9279fc23ab18c2810d4c45 MoonCat suffers from a direct access information changing vulnerability.  
[ dgnews-sql.txt ] 41ffeffd48af0d46e30b5497cbf74d10 DGNews version 3.0 Beta suffers from a remote SQL injection vulnerability in berita.php.  
[ infinities-sql.txt ] 75d7e965489262493bbed16d39517610 Infinities eCommerce Web Hosting and Shopping Cart Solution suffer from a remote SQL injection vulnerability.  
[ creativecms-sql.txt ] 014b5c77f527a8326221a035ff62da7b Creative CMS suffers from a blind SQL injection vulnerability.  
[ danaportal-change.txt ] a27c0e85a35fbb79c7c7721df0b2093d Dana Portal remote administrative password changing exploit.  
[ douran-updown.txt ] 839e479c8b09b3aef2415085d81e55a9 DOURAN Portal versions 3.9.0.23 and below suffer from file upload and download vulnerabilities.  
[ ProxyHarvest.txt ] 41ea51a7d61f68c5ff44eaaa07ff9887 Proxy Harvesting tool that uses google and evaluates the sites.  
[ clanweb-passwd.txt ] b3393850e2a69ac59452859d17bd6080 ClanWeb version 1.4.2 remote password changing and add administrator exploit.  
[ cpg1422-lfisql.txt ] 90cff7d61e18ee9e3a3c01a88d1d173a Coppermine Photo Gallery versions 1.4.22 and below suffer from a local file inclusion and SQL injection vulnerabilities.  
[ mandos_1.0.10.orig.tar.gz ] 0cf5ff497d3d6c313513e7cb18c50a32 The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system. 
[ phpdirsubmit-sql.txt ] 8325565c4d883c73b762e311db2d674e PHP Dir Submit suffers from a remote SQL injection vulnerability that allows for authentication bypass.  
[ lightopencms-sql.txt ] f0839689f369152c97910e17572e3f27 LightOpenCMS version 0.1 suffers from a remote SQL injection vulnerability.  
[ md5db11.txt ] a0ad7059642f7bcafbe5d0f82d4b5648 MD5 MySQL database brute forcing utility. Written in Python.  
[ darkTouch.txt ] ed91d40749f33cdf4e9ba1d9ea84793c darkTouch is a fuzzer that attempts to fingerprint the structure of a website.Written in Python.  
[ flyspeck-change.txt ] 5e9b12212e723ce86374a8cc0865d89c Flyspeck CMS version 6.8 remote change administrator password exploit that also notes a local file inclusion vulnerability.  
[ pluck462-lfi.txt ] 8d9bb7070c283490e6e9a05c634fdaa0 Pluck version 3.6.2 suffers from a local file inclusion vulnerability.  
[ mereo-dos.txt ] e6c8d4a7c36190a5a12f038d89e9bffc Mereo version 1.8.0 remote denial of service exploit that leverages a GET request.  
[ zervit004-dos.txt ] cc9e88ef55f96b16a1fee5b920a13577 Zervit Webserver version 0.04 remote buffer overflow proof of concept exploit that leverages a GET request.  
[ onlinerent-sql.txt ] e9dbf08030234bb3e7c6d3b282375101 Online Rental Property Script version 5.0 and below suffer from a remote SQL injection vulnerability.  
[ cve-2009-1378.c ] 455eeeeabcfe361fef23f6b0686933fa OpenSSL versions 0.9.8k and 1.0.0-beta2 DTLS remote memory exhaustion denial of service exploit.   
[ pc4uploader-sql.txt ] e8e25ff030d8df613dad6e25010abc60 Pc4Uploader version 9.0 suffers from a remote blind SQL injection vulnerability.  
[ phparticle-change.txt ] b14c2cff188931d3c670482819c431f1 PHP Article Publisher remote change administrator password exploit.  
[ jieqicms-exec.txt ] efdd08499e262885a228eb3dcac496c5 Jieqi CMS versions 1.5 and below remote code execution exploit.  
[ linuxbind-shellcode.txt ] 5e6200bff431946eb360343fb93f194a 132 bytes of Linux x86-64 bindshell shellcode that binds to port 4444.  
[ freebsdx86-shellcode.txt ] 6c40eb2dd2b89c3d0508d78f4356f8eb FreeBSD x86-64 exec("/bin/sh") 31 bytes shellcode.  
[ httpdx-dos.txt ] 027da9854bce639df26259d5501f5c00 httpdx versions 0.5b and below suffer from multiple remote denial of service vulnerabilities.  
[ httpdx-overflow.txt ] 43424c6405f0c2dbdde76f34f76ef1e0 httpdx versions 0.5b and below USER related remote buffer overflow exploit.  
[ 05.14.09-5.txt ] 7404edb2a93993d499b176cc5254c4ab iDefense Security Advisory 05.14.09 - Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allow attackers to execute arbitrary code. Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken.  
[ 05.14.09-4.txt ] 0434d4650043444db116551d83cd9288 iDefense Security Advisory 05.14.09 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allows attacker to execute arbitrary code. This vulnerability exists due to the lack of bounds checking when processing certain records within a Microsoft Excel spreadsheet. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit. By crafting an Excel spreadsheet file properly, it is possible to write beyond the bounds of the stack buffer. The resulting stack corruption leads to arbitrary code execution.