Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Microsoft Office ATL ActiveX Controls Multiple Vulnerabilities( 14 October 2009 )

1. ATL Uninitialized Object VulnerabilityA remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to an issue in the ATL headers that could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized. Because...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4468 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows ATL COM Initialization Vulnerability( 14 October 2009 )

A remote code execution vulnerability exists in the Microsoft ActiveX controls listed in the FAQ section of this vulnerability, which were compiled using the vulnerable Microsoft Active Template Library described in Microsoft Security Bulletin MS09-035. An attacker could exploit the vulnerability in these controls by constructing...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4595 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows CryptoAPI Multiple Vulnerabilities( 14 October 2009 )

1. Null Truncation in X.509 Common Name VulnerabilityA spoofing vulnerability exists in the Microsoft Windows CryptoAPI component when parsing ASN.1 information from X.509 certificates. An attacker who successfully exploited this vulnerability could impersonate another user or system.2. Integer Overflow...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4590 Views

RISK: Medium Risk

Medium Risk

Microsoft .NET Framework Multiple Vulnerabilities( 14 October 2009 )

1. Microsoft .NET Framework Pointer Verification VulnerabilityA remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application could...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4877 Views

RISK: Medium Risk

Medium Risk

Microsoft Internet Explorer Multiple Vulnerabilities( 14 October 2009 )

1. Data Stream Header Corruption VulnerabilityA remote code execution vulnerability exists in the way that Internet Explorer processes data stream headers in specific situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4520 Views

RISK: Medium Risk

Medium Risk

Adobe Reader and Acrobat Multiple Code Execution Vulnerability

Multiple vulnerabilities have been identified in Adobe Reader and Acrobat, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by memory corruptions, integer and heap...
Last Update Date: 28 Jan 2011 Release Date: 12 Oct 2009 4683 Views

RISK: Medium Risk

Medium Risk

CA Anti-Virus Engine RAR Heap Corruption and DoS Vulnerabilities

Two vulnerabilities have been identified in various CA products, which could be exploited by attackers or malware to cause a denial of service or compromise a vulnerable system.1. A heap corruption error in the Anti-Virus engine arclib component when processing malformed RAR archives, ...
Last Update Date: 28 Jan 2011 Release Date: 12 Oct 2009 4836 Views

RISK: Medium Risk

Medium Risk

IBM Informix Client and Connect ".nfx" File Buffer Overflow Vulnerability

A vulnerability has been identified in IBM Informix Client and Informix Connect, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the SetNet32 utility when processing a ".nfx" file containing a malformed field (...
Last Update Date: 28 Jan 2011 Release Date: 6 Oct 2009 4803 Views

RISK: Medium Risk

Medium Risk

GoogleApps "googleapps.url.mailto:" Argument Injection Vulnerability

A vulnerability has been identified in Google Apps, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in the "googleapps.exe"application when processing parameters passed to the "---renderer-path" argument via...
Last Update Date: 28 Jan 2011 Release Date: 5 Oct 2009 4662 Views

RISK: Medium Risk

Medium Risk

Novell NetWare RPC CALLIT Buffer Overflow Vulnerability

A vulnerability has been identified in Novell NetWare, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a stack overflow error in the NFS Portmapper (PKERNEL.NLM) when processing malformed RPC CALLIT requests, which could be...
Last Update Date: 28 Jan 2011 Release Date: 2 Oct 2009 4718 Views