Blogs

Adobe Shockwave Player Multiple Remote Code Execution and Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/36905

"Adobe Shockwave Player is prone to a multiple remote code-execution and
denial-of-service vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the
context of the currently logged-in user and to cause denial-of-service
conditions.

Versions prior to Shockwave Player 11.5.2.602 for Microsoft Windows and
Apple Mac OS X are vulnerable. "

Autocomplete Data Theft in Mozilla Firefox

http://www.securityfocus.com/archive/1/507668

"A malicious web page can extract out all the data stored within the
autocomplete history of a user's Firefox browser. The web page must
convince a user to hold down the left or right-arrow keys then the
contents of the autocomplete popup can be read. This may includes the
search history box within the browser, or other personal details."

"Mozilla fixed this issue in the 3.5.4 and 3.0.0.15 releases of Firefox."

Adobe Shockwave Player Multiple Remote Code Execution and Denial of Service Vulnerabilities

http://www.securityfocus.com/bid/36905

"Adobe Shockwave Player is prone to a multiple remote code-execution and
denial-of-service vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the
context of the currently logged-in user and to cause denial-of-service
conditions.

Versions prior to Shockwave Player 11.5.2.602 for Microsoft Windows and
Apple Mac OS X are vulnerable. "

Sun Java SE November 2009 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/36881

"Sun has released updates to address multiple security vulnerabilities
in Java SE.

Successful exploits may allow attackers to bypass certain security
restrictions, run untrusted applets with elevated privileges, execute
arbitrary code, and cause denial-of-service conditions. Other attacks
are also possible.

These issues are addressed in the following releases:

Sun Java SE November 2009 Multiple Security Vulnerabilities

http://www.securityfocus.com/bid/36881

"Sun has released updates to address multiple security vulnerabilities
in Java SE.

Successful exploits may allow attackers to bypass certain security
restrictions, run untrusted applets with elevated privileges, execute
arbitrary code, and cause denial-of-service conditions. Other attacks
are also possible.

These issues are addressed in the following releases:

Multiple Intel Desktop Board Models Bitmap Processing Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36886

Vulnerable Intel Motherboards

Intel DQ45EK 0
Intel DQ45CB 0
Intel DQ35MP 0
Intel DQ35JO 0

"Multiple Intel Desktop Board models are prone to a buffer-overflow
vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue will allow local attackers to run
arbitrary code with elevated privileges or trigger a denial-of-service
condition."

Multiple Intel Desktop Board Models Bitmap Processing Buffer Overflow Vulnerability

http://www.securityfocus.com/bid/36886

Vulnerable Intel Motherboards

Intel DQ45EK 0
Intel DQ45CB 0
Intel DQ35MP 0
Intel DQ35JO 0

"Multiple Intel Desktop Board models are prone to a buffer-overflow
vulnerability because they fail to properly bounds-check user-supplied data.

Successfully exploiting this issue will allow local attackers to run
arbitrary code with elevated privileges or trigger a denial-of-service
condition."

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability

http://www.securityfocus.com/bid/36827

"The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information
that may lead to further attacks."

This affects kernels earlier than 2.6.31.2.

Check with your vendor for an update and apply as soon as possible.

Linux Kernel 2.4 and 2.6 Local Information Disclosure Vulnerability

http://www.securityfocus.com/bid/36827

"The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information
that may lead to further attacks."

This affects kernels earlier than 2.6.31.2.

Check with your vendor for an update and apply as soon as possible.

Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability

http://www.securityfocus.com/bid/36901

"Linux kernel is prone to a local privilege-escalation vulnerability
that is caused by a NULL-pointer dereference.

Local attackers can exploit this issue to execute arbitrary code with
kernel-level privileges. Successful exploits will result in the complete
compromise of affected computers. Failed exploit attempts will result in
a denial-of-service condition. "

This affects RHEL, SuSE, etc. Kernels before 2.6.31.5.

Pages