securityadmin's blog

Apple iPhone Malformed VML Data Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/38990/discuss

A POC exploit has been written that can crash Safari on the Apple iPhone
when the user visits a maliciously crafted webpage. This affects:

Apple iPhone 3.1.3
Apple iPhone 3.1.2
Apple iPhone 3.0.1
Apple iPhone 3.1
Apple iPhone 3.0

The POC claims the ability to execute arbitrary code via this exploit.
Apple has not yet released a patch or verified this issue.

Apple iPhone Malformed VML Data Remote Code Execution Vulnerability

http://www.securityfocus.com/bid/38990/discuss

A POC exploit has been written that can crash Safari on the Apple iPhone
when the user visits a maliciously crafted webpage. This affects:

Apple iPhone 3.1.3
Apple iPhone 3.1.2
Apple iPhone 3.0.1
Apple iPhone 3.1
Apple iPhone 3.0

The POC claims the ability to execute arbitrary code via this exploit.
Apple has not yet released a patch or verified this issue.

Broadcom NetXtreme Ethernet Card possible remote vulnerability

http://www.kb.cert.org/vuls/id/512705

"A buffer overflow vulnerability exists in the Broadcom NetXtreme
management firmware. This vulnerability may allow a remote attacker to
execute arbitrary code on an affected device."

This affects the firmware on the card itself, regardless of whether the
machine is turned on or off. Both Dell and HP use these cards in their
desktops and servers.

The following devices/firmwares are affected:

Broadcom NetXtreme Ethernet Card possible remote vulnerability

http://www.kb.cert.org/vuls/id/512705

"A buffer overflow vulnerability exists in the Broadcom NetXtreme
management firmware. This vulnerability may allow a remote attacker to
execute arbitrary code on an affected device."

This affects the firmware on the card itself, regardless of whether the
machine is turned on or off. Both Dell and HP use these cards in their
desktops and servers.

The following devices/firmwares are affected:

Adobe Flash Media Server Directory Traversal Vulnerability

http://www.securityfocus.com/bid/37420

"Adobe Flash Media Server is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to load arbitrary Dynamic
Linked Libraries (DLLs) present on the server. This could help the
attacker launch further attacks. "

This affects Adobe Flash Media Server 3.5.2 and prior.
This affects Adobe Flash Media Server 3.0.4 and prior.

Pages