Section: .. / 0906-advisories /
| /// File Name: |
ZDI-09-032.txt |
Description:
|
Zero Day Initiative Advisory 09-032 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the handling of attr() functions in a CSS content object. When a large numerical value is passed as the argument to the attr() function, a memory corruption will occur which can be leveraged to execute arbitrary coder under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2599 | | Related CVE(s): | CVE-2009-1698 | | Last Modified: | Jun 9 14:51:24 2009 |
| MD5 Checksum: | 96e737d12a0dc761f02ff8e31fe2976d |
|
| /// File Name: |
ZDI-09-033.txt |
Description:
|
Zero Day Initiative Advisory 09-033 - This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2485 | | Related CVE(s): | CVE-2009-1701 | | Last Modified: | Jun 9 14:51:50 2009 |
| MD5 Checksum: | a18eedfe43be63d419ddc00feae81b00 |
|
| /// File Name: |
ZDI-09-034.txt |
Description:
|
Zero Day Initiative Advisory 09-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set elements in WebCore. When an SVG set object is appended to an SVG marker element that is dereferenced, calls to the targetElement attribute will fail to reference count the marker element. When the set element is appended to another object, subsequent calls to the targetElement attribute will result in a heap corruption which can be leveraged to execute arbitrary code under the context of the current user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2787 | | Related CVE(s): | CVE-2009-1709 | | Last Modified: | Jun 9 14:52:18 2009 |
| MD5 Checksum: | 6135b70ab03aa28488ec04c1b11866a1 |
|
| /// File Name: |
ZDI-09-035.txt |
Description:
|
Zero Day Initiative Advisory 09-035 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious e-mail, or open a malicious file. The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2509 | | Related CVE(s): | CVE-2009-0563 | | Last Modified: | Jun 10 19:25:51 2009 |
| MD5 Checksum: | 5e0105a7c4e5ea329503085b7c8ceedb |
|
| /// File Name: |
ZDI-09-036.txt |
Description:
|
Zero Day Initiative Advisory 09-036 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. When the capture is released, arbitrary memory is accessed potentially leading to remote code execution. Exploitation of this vulnerability will lead to system compromise under the credentials of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2539 | | Related CVE(s): | CVE-2009-1529 | | Last Modified: | Jun 10 19:26:34 2009 |
| MD5 Checksum: | 264977d2e73d891efc9819950df563bf |
|
| /// File Name: |
ZDI-09-037.txt |
Description:
|
Zero Day Initiative Advisory 09-037 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exist due to improper AJAX request synchronization in Internet Explorer. When many asynchronous XMLHttpRequest are running concurrently memory corruption can occur that could be remotely exploited by a malicious attacker.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2371 | | Related CVE(s): | CVE-2009-1528 | | Last Modified: | Jun 10 19:27:26 2009 |
| MD5 Checksum: | ac304b5fcbfb5bbd5e8813ec88aee919 |
|
| /// File Name: |
ZDI-09-038.txt |
Description:
|
Zero Day Initiative Advisory 09-038 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. Due to the controllable nature of the web browser, this vulnerability can be exploited to remotely compromise a system running under the security context of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2534 | | Related CVE(s): | CVE-2009-1530 | | Last Modified: | Jun 10 19:28:11 2009 |
| MD5 Checksum: | 3ab8a07fedc69da492dfd37b38ed7879 |
|
| /// File Name: |
ZDI-09-039.txt |
Description:
|
Zero Day Initiative Advisory 09-039 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when repeated calls are made to getElementsByTagName() and the reordering of the elements in the document causes an object to be allocated. The use of the event "onreadystatechange" during this operation improperly frees the previously allocated resource. The combination, with repeated page rendering, leads to the exploitable memory corruption.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2514 | | Related CVE(s): | CVE-2009-1531 | | Last Modified: | Jun 10 19:29:07 2009 |
| MD5 Checksum: | 3fe2e2ad85054346120a35294e5da830 |
|
| /// File Name: |
ZDI-09-040.txt |
Description:
|
Zero Day Initiative Advisory 09-040 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires user interaction in that a victim must open a malicious XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. Successful exploitation of this can lead to a remote compromise of the affected system running under the credentials of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2455 | | Related CVE(s): | CVE-2009-1134 | | Last Modified: | Jun 10 19:29:42 2009 |
| MD5 Checksum: | ba2c92141fa6c5c212d690a3dc09909d |
|
| /// File Name: |
ZDI-09-041.txt |
Description:
|
Zero Day Initiative Advisory 09-041 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer 8. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the rendering of an HTML page with malformed row property references, resulting in a dangling pointer which can be abused to execute arbitrary code. Internet Explorer 7 is not affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2350 | | Related CVE(s): | CVE-2009-1532 | | Last Modified: | Jun 10 19:30:14 2009 |
| MD5 Checksum: | 1eb7d00129f9bb41bc7b52ea7f36e46f |
|
| /// File Name: |
ZDI-09-042.txt |
Description:
|
Zero Day Initiative Advisory 09-042 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious web address or open a malicious file. The specific flaw exists when parsing malformed U3D model files contained in a PDF. When a specially crafted extension block of a model is processed, insufficient bounds checking is done before a call to wcsncpy(). Because of this a stack overflow can occur resulting in reliable code execution. Proper exploitation of this vulnerability will result in system compromise under the credentials of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2742 | | Related CVE(s): | CVE-2009-1855 | | Last Modified: | Jun 10 19:30:49 2009 |
| MD5 Checksum: | cdf62f8b9660b2975e78786a52f42bf9 |
|
| /// File Name: |
ZDI-09-043.txt |
Description:
|
Zero Day Initiative Advisory 09-043 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Java HotSpot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the undocumented apple.laf.CColourUIResource(long, int, int ,int, int) constructor. When passing a long integer value as the first argument, the value is interpreted as pointer to an Objective-C object. By constructing a special memory structure and passing the pointer to the first argument an attacker may execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2679 | | Related CVE(s): | CVE-2009-1719 | | Last Modified: | Jun 16 20:52:13 2009 |
| MD5 Checksum: | a6b5d6f1d652ddfee0c7d6bd8e33dc1b |
|
| /// File Name: |
ZDI-09-044.txt |
Description:
|
Zero Day Initiative Advisory 09-044 - This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists when the Shockwave player attempts to load a specially crafted Adobe Director File. When a malicious value is used during a memory dereference a possible 4-byte memory overwrite may occur. Exploitation can lead to remote system compromise under the credentials of the currently logged in user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2643 | | Related CVE(s): | CVE-2009-1860 | | Last Modified: | Jun 25 19:52:08 2009 |
| MD5 Checksum: | 3352410d59bb6ddc48013bcfb83397ea |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
