Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Microsoft Office Word File Information Memory Corruption Vulnerability( 11 November 2009 )

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, ...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4417 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows License Logging Server Heap Overflow Vulnerability( 11 November 2009 )

An unauthenticated remote code execution vulnerability exists in the way that the Microsoft License Logging Server software handles specially crafted RPC packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4448 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Web Services on Devices API Memory Corruption Vulnerability( 11 November 2009 )

A remote code execution vulnerability exists in the Web Services on Devices API (WSDAPI) on Windows systems. The vulnerability is due to the service not properly handling a WSDAPI message with a specially crafted header. An attacker who successfully exploited this vulnerability could take complete control...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4444 Views

RISK: Medium Risk

Medium Risk

Microsoft Office Excel Multiple Vulnerabilities( 11 November 2009 )

1. Excel Cache Memory Corruption VulnerabilityA remote code execution vulnerability exists in the way that Microsoft Office Excel handles specially crafted Excel files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, ...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4453 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Active Directory LSASS Recursive Stack Overflow Vulnerability( 11 November 2009 )

A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003, ...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4483 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities( 11 November 2009 )

1. Win32k NULL Pointer Dereferencing VulnerabilityAn elevation of privilege vulnerability exists because the Windows kernel does not properly validate an argument passed to a Windows kernel system call. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4452 Views

RISK: Medium Risk

Medium Risk

Apple Mac OS X Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Apple Mac OS X, which could be exploited by remote or local attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.1. Due to a heap overflow error in QuickDraw...
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4805 Views

RISK: Medium Risk

Medium Risk

HP-UX Java Multiple Vulnerabilities

Multiple vulnerabilities have been identified in HP-UX, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system. These issues are caused by errors in Java.
Last Update Date: 28 Jan 2011 Release Date: 11 Nov 2009 4725 Views

RISK: Medium Risk

Medium Risk

HP Power Manager Unspecified Remote Code Execution Vulnerability

A vulnerability has been identified in HP Power Manager, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an unspecified error when processing user-supplied requests, which could allow remote attackers to execute arbitrary code.
Last Update Date: 28 Jan 2011 Release Date: 6 Nov 2009 4682 Views

RISK: Medium Risk

Medium Risk

Sun Java Multiple Code Execution and Security Bypass Vulnerabilities

Multiple vulnerabilities have been identified in Sun Java, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system.1. An errors when decoding DER encoded data and parsing HTTP headers, ...
Last Update Date: 28 Jan 2011 Release Date: 5 Nov 2009 4731 Views