Skip to main content

Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Microsoft Internet Information Services (IIS) WebDAV Authentication Bypass Vulnerabilities ( 10 June 2009 )

1. IIS 5. WebDAV Authentication Bypass VulnerabilityAn elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that should require...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5152 Views

RISK: Medium Risk

Medium Risk

Microsoft RPC Marshalling Engine Vulnerability ( 10 June 2009 )

An elevation of privilege vulnerability exists in the Windows remote procedure call (RPC) facility where the RPM Marshalling Engine does not update its internal state appropriately. The failure to update internal state could lead to a pointer being read from an incorrect location. An attacker who...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5039 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Kernel Multiple Vulnerabilities ( 10 June 2009 )

1. Windows Kernel Desktop VulnerabilityAn elevation of privilege vulnerability exists in the way that the Windows kernel does not properly validate changes in certain kernel objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; ...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5055 Views

RISK: Medium Risk

Medium Risk

Apple Safari Multiple Vulnerabilities

Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by attackers to disclose sensitive information, bypass security restrictions, cause a denial of service or compromise an affected system.1. Due to an error in CFNetwork when identifying the file type of certain...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5252 Views

RISK: Medium Risk

Medium Risk

Microsoft Active Directory Invalid Free and Memory Leak Vulnerabilities ( 10 June 2009 )

1. Active Directory Invalid Free VulnerabilityA remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect freeing of memory when processing specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5162 Views

RISK: Medium Risk

Medium Risk

Microsoft Internet Explorer Multiple Vulnerabilities ( 10 June 2009 )

1. Race Condition Cross-Domain Information Disclosure VulnerabilityAn information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to the content in another browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5021 Views

RISK: Medium Risk

Medium Risk

Microsoft Office Excel Multiple Vulnerabilities ( 10 June 2009 )

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker...
Last Update Date: 28 Jan 2011 Release Date: 10 Jun 2009 5042 Views

RISK: Medium Risk

Medium Risk

ACDSee Products TIFF and Font Parsing Buffer Overflow Vulnerabilities

Two vulnerabilities have been identified in various ACDSee products, which could be exploited by attackers to compromise a vulnerable system.1. A buffer overflow error when parsing a specially crafted TIFF image, which could be exploited to crash an affected application or execute arbitrary code by...
Last Update Date: 28 Jan 2011 Release Date: 4 Jun 2009 5315 Views

RISK: Medium Risk

Medium Risk

Apple QuickTime File Processing Remote Code Execution Vulnerabilities

Multiple vulnerabilities have been identified in Apple QuickTime, which could be exploited by remote attackers to take complete control of an affected system. These issues are caused by memory corruption, heap overflow, sign extension, and uninitialized memory access errors when processing specially crafted Sorenson 3...
Last Update Date: 28 Jan 2011 Release Date: 3 Jun 2009 5250 Views

RISK: Medium Risk

Medium Risk

Apple iTunes "itms:" URI Handling Remote Buffer Overflow Vulnerability

A vulnerability has been identified in Apple iTunes, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable system. This issue is caused by a stack overflow error when processing a specially crafted "itms:" URL, which could be...
Last Update Date: 28 Jan 2011 Release Date: 3 Jun 2009 5358 Views