Skip to main content

Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Symantec Products KeyView XLS Handling Integer Overflow Vulnerability

A vulnerability has been identified in various Symantec products, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an integer overflow error in the Autonomy KeyView Viewer for Excel (xlssr.dll) when processing XLS documents containing a malformed...
Last Update Date: 28 Jan 2011 Release Date: 27 Aug 2009 4418 Views

RISK: Medium Risk

Medium Risk

IBM Lotus Notes File Viewer for Excel Code Execution Vulnerability

A vulnerability has been identified in IBM Lotus Notes, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the File Viewer for Excel (xlssr.dll) when processing a malformed XLS document, which...
Last Update Date: 28 Jan 2011 Release Date: 26 Aug 2009 4298 Views

RISK: Medium Risk

Medium Risk

Apple Safari Code Execution and Security Bypass Vulnerabilities

Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.1. A heap overflow error in CoreGraphics in the drawing of long text strings...
Last Update Date: 28 Jan 2011 Release Date: 13 Aug 2009 4357 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows WINS Multiple Vulnerabilities( 12 August 2009 )

1. WINS Heap Overflow VulnerabilityA remote code execution vulnerability exists in the Windows Internet Name Service (WINS) due to a buffer overflow caused by incorrect calculation of buffer length when processing specially crafted WINS network packets. An attacker who successfully exploited this vulnerability could take complete...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4082 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Message Queuing service (MSMQ) Null Pointer Vulnerability( 12 August 2009 )

An elevation of privilege vulnerability exists in the Windows Message Queuing service (MSMQ) due to a specific flaw in the parsing of an IOCTL request to the Message Queuing service. The MSMQ service improperly checks input data before passing them to the buffer. An attacker who...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4092 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Telnet Credential Reflection Vulnerability( 12 August 2009 )

A remote code execution vulnerability exists in the Microsoft Telnet service. An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4109 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Workstation Service Memory Corruption Vulnerability( 12 August 2009 )

An elevation of privilege vulnerability exists in the Windows Workstation Service due to a possible "Double Free" condition occurring in the service. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. An attacker could then install programs; view, change...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4033 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Active Template Library (ATL) Multiple Vulnerabilities( 12 August 2009 )

1. Microsoft Video ActiveX Control VulnerabilityA remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to the function CComVariant::ReadFromStream used in the ATL header. This function does not properly restrict untrusted data read from a stream. This issue leads...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4251 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Media File Processing Vulnerabilities( 12 August 2009 )

1. Malformed AVI Header VulnerabilityA remote code execution vulnerability exists in the way Microsoft Windows handles specially crafted AVI format files. This vulnerability could allow code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, ...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4053 Views

RISK: Medium Risk

Medium Risk

Microsoft Office Web Components Multiple Vulnerabilities( 12 August 2009 )

1. Office Web Components Memory Allocation VulnerabilityA remote code execution vulnerability exists in the Office Web Components ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution...
Last Update Date: 28 Jan 2011 Release Date: 12 Aug 2009 4070 Views