[VulnWatch] GREENAPPLE Release

From: Dave Aitel (dave_at_immunitysec.com)
Date: 02/09/05

  • Next message: Rafel Ivgi: "[VulnWatch] Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability"
    Date: Tue, 08 Feb 2005 18:09:21 -0500
    To: vulnwatch@vulnwatch.org
    
    

    Reference: http://lists.virus.org/dailydave-0411/msg00028.html

    This is a quick announcement that the recent Microsoft patch (MS-05- has
    fixed a vulnerability I found a while back in SMB.
    (http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx)

    More information on this vulnerability is available at:
    https://www.immunitysec.com/resources-advisories.shtml

    Thanks,
    Dave Aitel
    Immunity, Inc.


  • Next message: Rafel Ivgi: "[VulnWatch] Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability"

    Relevant Pages

    • Re: Images being pulled in Outlook 2003 even though dont download pictures is set?
      ... The recent LIBPNG vulnerability can be exploited by sending HTML e-mail ... The reference after cid: refers to an image embedded in the email itself. ... Computer Forensics Training at the InfoSec Institute. ...
      (Security-Basics)
    • Re: Browser bugs hit IE, Firefox today (SANS)
      ... "After doing more research on this vulnerability and with great help from our readers it seems that Mozilla Firefox is not affected by this vulnerability." ... However, reading the contentDocument property of the DOM element instead of the through the frames collection will give you a reference to the document object inside the thirdparty domain and even allow you to overwrite native DOM methods without throwing a security exception, such as document.getElementById.contentDocument.getElementById=function. ... Functionally, the document and contentDocument properties both reference the same object and should obey the same security context rules, however Firefox differentiates based on how you reference that object and thus allows you to overwrite native DOM methods on a thirdparty domain, broadening the potential attack scope by allowing you to interfere with the operations of existing script code inside that thirdparty document. ...
      (Bugtraq)
    • Open-Xchange Security Advisory 2014-09-15
      ... Vulnerability type: Cross Site Scripting ... Report confidence: Confirmed ... Solution status: Fixed by Vendor ... CVE reference: CVE-2014-5235 ...
      (Bugtraq)
    • [Full-disclosure] TELUS Security Labs VR - Microsoft Office Excel Malformed Records Stack Bu
      ... Microsoft Office Excel Malformed Records Stack Buffer Overflow ... Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01 ... Vulnerability Analysis ... 2008-12-23 Initial vendor response ...
      (Full-Disclosure)
    • Re: portaudit
      ... Reference: ... Affected package: opera-10.10.20091120_2 ... The vulnerability affects you, ... privilege escalation attacks from logged in users. ...
      (FreeBSD-Security)