There are multiple remote code execution and information disclosure vulnerabilities in Internet Explorer which could
allow an attacker to gain access to a browser window in another domain or Internet Explorer zone allowing remote code execution or
information disclosure. The risk is MEDIUM. An attacker could exploit the vulnerability by constructing a specially crafted web page
that could allow remote code execution or information disclosure, depending on the operation system, if a user viewed the Web
page.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
The iseemedia LPViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated
attacker to execute arbitrary code on a vulnerable system. The risk is MEDIUM. By cinvincing a user to view a specially crafted HTML
document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the
privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to
crash.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
A buffer overflow vulnerability exists in an ActiveX control used by the WebEx Meeting manager. Exploitation of this
vulnerability could allow a remote attacker to execute arbitrary code on the user client machine. The risk is MEDIUM. Exploitation
of this vulnerability could allow a remote attacker to execute arbitrary code on the user client machine.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
There is a vulnerability in Firefox that could crash in Mozilla’s block reflow code that could be used by an attacker to
crash the browser and run arbitrary code on the victim’s computer. The risk is MEDIUM. A remote, unauthenticated attacker may be able
to execute arbitrary code or cause a vulnerable browser to crash.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
There is a heap-based buffer overflow vulnerability in Mozilla mail code which could potentially allow an attacker to run
arbitrary code. The risk is MEDIUM. COuld potentially allow an attacker to run arbitrary code. The vulnerability is caused by
allocating a buffer that can be three bytes too small in certain cases when viewing an email message with an external MIME body.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the
Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. The
risk is MEDIUM. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the
same user rights as the logged-on user.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
Browser Helper Objects (BHO) are Microsoft’s way of attaching add-ins to Internet Explorer 4 and later. In addition to legitimate uses, BHOs are used to attach spyware to a user’s web browser
to secretly send a user’s browsing habits to a marketing site and could be used for malicious code. The problems are that there is no simple way to know what BHOs are attached to a system and no simple way to control the attachment of new ones.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
A remote code execution vulnerability exists in the ActiveX control for the Snapshot Viewer for Microsoft Access. An
attacker could exploit the vulnerability by constructing a specially crafted Web page. The risk is MEDIUM. When a user views the
Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain
the same user rights as the logged-on user.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
Multiple remote code execution vulnerabilities exists in Internet Explorer due to attempts to access uninitialized memory
incertain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. The risk is MEDIUM.
When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this
vulnerability could gain the same user rights as the logged-in user.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!
Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitary code on a vulnerable system. The risk is MEDIUM. By convincing a user to visit a specially crafted web page with Apple Safari on Windows, an attacker mey be able to execute arbitrary code on a vulnerable system.
Read More…
Source: CIAC
The Hackers’ Nightmare is here!