| USN-930-2 | Ubuntu Security Notice 930-2 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 30/06/10 |
| USN-930-1 | Ubuntu Security Notice 930-1 - If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 30/06/10 |
| USN-927-5 | Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 30/06/10 |
| USN-927-4 | Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 30/06/10 |
| secuniataskfreak-xss | Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the tznMessage parameter in logout.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 0.6.3 is affected. | 30/06/10 |
| secunia-taskfreak | Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the password parameter to login.php (when username is set to a valid user) is not properly sanitized before being used in a SQL query in include/classes/tzn_user.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism, but requires that magic_quotes_gpc is disabled. Version 0.6.3 is affected. | 30/06/10 |
| 06.21.10-1 | iDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected. | 29/06/10 |
| dsa-2065-1 | Debian Linux Security Advisory 2065-1 - Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack. | 29/06/10 |
| dsa-2064-1 | Debian Linux Security Advisory 2064-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | 29/06/10 |
| nuance-libraries | Omnipage 16 Professional comes with multiple vulnerable libraries. | 29/06/10 |
| safarifirefox-zalewski | Michal Zalewski has noted some interested security bugs with Safari, Firefox and WebKit-based browsers. | 29/06/10 |
| ZDI-10-115 | Zero Day Initiative Advisory 10-115 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVM bytecode verifier. Specifically, the newFrameState method performs arithmetic when calculating the size of a stack frame. It implicitly trusts the max_scope and max_stack variables as obtained from the bytecode. By crafting specific values, the integer indicating the size of the frame can be made to overflow. This value is later used during memory copy operations which an attacker can influence to gain arbitrary code execution under the context of the user running the browser. | 26/06/10 |
| ZDI-10-114 | Zero Day Initiative Advisory 10-114 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious web page. The specific vulnerability exists within the parsing of an undocumented opcode within Adobe's ActionScript Virtual Machine 2 bytecode. The operand to this opcode is used as an offset to a structure and if set to a malicious value can be pointed to attacker controlled data. The structure contains a function pointer that is later called. If an attacker modifies the controlled data pointed to by the invalid offset, this function pointer can be set to point to malicious code thus gaining execution under the context of the user running the browser. | 26/06/10 |
| VMSA-2010-0010 | VMware Security Advisory - Multiple security vulnerabilities have been addressed in the ESX 3.5 third party update for Service Console kernel. | 26/06/10 |
| HPSBUX02544-SSRT100107 | HP Security Bulletin - Potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited by remote unauthenticated users to create a Denial of Service (DoS) or to execute arbitrary code. | 26/06/10 |
| MDVSA-2010-126 | Mandriva Linux Security Advisory 2010-126 - Multiple vulnerabilities has been found and corrected in mozilla-thunderbird. | 25/06/10 |
| MDVSA-2010-124 | Mandriva Linux Security Advisory 2010-124 - The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file. This update fixes this issue. | 25/06/10 |
| ZDI-10-113 | Zero Day Initiative Advisory 10-113 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file. The specific flaw exists within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. Upon usage of this buffer the application will copy more data than allocated thus causing an overflow. This can lead to code execution under the context of the application. | 25/06/10 |
| MDVSA-2010-123 | Mandriva Linux Security Advisory 2010-123 - This update fixes a reported buffer overflow found with ntlm authentication. | 25/06/10 |
| MDVSA-2010-125 | Mandriva Linux Security Advisory 2010-125 - An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a temporary footprint when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an in-session phishing attack. Other vulnerabilities that also exist have been addressed. | 25/06/10 |
| microsofthelp-bypass | Microsoft Help Files (.CHM) suffer from a locked file bypass. | 25/06/10 |
| HPSBUX02541-SSRT100145 | HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Tomcat-based Servlet Engine. The vulnerabilities could be exploited remotely to increase privilege or arbitrarily modify files. Tomcat-based Servlet Engine is contained in the Apache Web Server Suite. | 25/06/10 |
| skype-dos | The Skype client for Mac Chat suffers from a unicode related denial of service vulnerability. | 24/06/10 |
| USN-955-2 | Ubuntu Security Notice 955-2 - USN-955-1 fixed vulnerabilities in OPIE. This update provides rebuilt libpam-opie packages against the updated libopie library. Original advisory details: Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service. | 24/06/10 |
| USN-955-1 | Ubuntu Security Notice 955-1 - Maksymilian Arciemowicz and Adam Zabrocki discovered that OPIE incorrectly handled long usernames. A remote attacker could exploit this with a crafted username and make applications linked against libopie crash, leading to a denial of service. | 24/06/10 |
| USN-954-1 | Ubuntu Security Notice 954-1 - Kevin Finisterre discovered that the TIFF library did not correctly handle certain image structures. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. Dan Rosenberg and Sauli Pahlman discovered multiple flaws in the TIFF library. If a user or automated system were into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the application, leading to a denial of service. | 24/06/10 |
| USN-953-1 | Ubuntu Security Notice 953-1 - Dan Rosenberg discovered that fastjar incorrectly handled file paths containing .. when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges. | 24/06/10 |
| USN-952-1 | Ubuntu Security Notice 952-1 - Adrian Pastor and Tim Starling discovered that the CUPS web interface incorrectly protected against cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. It was discovered that CUPS did not properly handle memory allocations in the texttops filter. If a user or automated system were tricked into printing a crafted text file, a remote attacker could cause a denial of service or possibly execute arbitrary code with privileges of the CUPS user (lp). Luca Carettoni discovered that the CUPS web interface incorrectly handled form variables. A remote attacker who had access to the CUPS web interface could use this flaw to read a limited amount of memory from the cupsd process and possibly obtain confidential data. | 24/06/10 |
| ZDI-10-112 | Zero Day Initiative Advisory 10-112 - This vulnerability allows remote attackers to upload arbitrary files on vulnerable installations of Novell Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the PortalModuleInstallManager component of the Novell Management Console which exists within the servlet located within nps.jar. Due to a failure to sanitize '../' directory traversal modifiers from a parameter an attacker can specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service. | 24/06/10 |
| ZDI-10-111 | Zero Day Initiative Advisory 10-111 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the connect method exposed via the ActionScript native object number 2200. If this function is called several times with differing strings, a memory corruption issue can be triggered. This can be exploited by remote attackers to execute arbitrary code under the context of the user running the web browser. | 24/06/10 |
| MDVSA-2010-120 | Mandriva Linux Security Advisory 2010-120 - A vulnerability was reported in the SquirrelMail Mail Fetch plugin, wherein (when the plugin is activated by the administrator) a user is allowed to specify (without restriction) any port number for their external POP account settings. While the intention is to allow users to access POP3 servers using non-standard ports, this also allows malicious users to effectively port-scan any server through their SquirrelMail service (especially note that when a SquirrelMail server resides on a network behind a firewall, it may allow the user to explore the network topography (DNS scan) and services available (port scan) on the inside of (behind) that firewall. As this vulnerability is only exploitable post-authentication, and better more specific port scanning tools are freely available, we consider this vulnerability to be of very low severity. It has been fixed by restricting the allowable POP port numbers. The updated packages have been patched to correct this issue. | 24/06/10 |
| MDVSA-2010-121 | Mandriva Linux Security Advisory 2010-121 - Array index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database. Packages for 2008.0 and 2009.0 are provided as of the Extended http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. | 24/06/10 |
| NSOADV-2010-009 | The ArNoText third-party Active-X control suffers from a file overwrite vulnerability. | 20/06/10 |
| NSOADV-2010-008 | The AnNoText third-party Active-X control suffers from a buffer overflow vulnerability. | 20/06/10 |
| springframework-exec | Spring Framework suffers from an arbitrary code execution vulnerability. Versions affected include 3.0.0 to 3.0.2, 2.5.0 to 2.5.6SEC01 (community releases) and 2.5.0 to 2.5.7 (subscription customers). | 20/06/10 |
| HPSBUX02543-SSRT100152 | HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache with PHP. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) gain unauthorized access, and perform cross site scripting (XSS). | 20/06/10 |
| MDVSA-2010-119 | Mandriva Linux Security Advisory 2010-119 - Samba versions 3.0.x, 3.2.x and 3.3.x are affected by a memory corruption vulnerability. Code dealing with the chaining of SMB1 packets did not correctly validate an input field provided by the client, making it possible for a specially crafted packet to crash the server or potentially cause the server to execute arbitrary code. The updated packages have been patched to correct this issue. | 18/06/10 |
| dsa-2063-1 | Debian Linux Security Advisory 2063-1 - Dan Rosenberg discovered that pmount, a wrapper around the standard mount program which permits normal users to mount removable devices without a matching /etc/fstab entry, creates files in /var/lock insecurely. A local attacker could overwrite arbitrary files utilising a symlink attack. | 18/06/10 |
| drupalfilefield-inject | Drupal FileField version 6.x-3.3 suffers from an arbitrary script injection vulnerability. | 18/06/10 |
| MDVSA-2010-118 | Mandriva Linux Security Advisory 2010-118 - The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. The updated packages have been patched to correct this issue. | 18/06/10 |
| dsa-2062-1 | Debian Linux Security Advisory 2062-1 - Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. | 18/06/10 |
| major_rls74 | CMS RedAks version 2.0 suffers from a cross site scripting vulnerability. | 18/06/10 |
| HPSBOV02540-SSRT090249 | HP Security Bulletin - Potential security vulnerabilities have been identified with HP SSL for OpenVMS. The vulnerabilities could be remotely exploited resulting in unauthorized data injection or a Denial of Service (DoS). | 18/06/10 |
| dsa-2061-1 | Debian Linux Security Advisory 2061-1 - Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol for Unix systems, is not properly handling certain offset values when processing chained SMB1 packets. This enables an unauthenticated attacker to write to an arbitrary memory location resulting in the possibility to execute arbitrary code with root privileges or to perform denial of service attacks by crashing the samba daemon. | 18/06/10 |
| 06.16.10-1 | iDefense Security Advisory 06.16.10 - Remote exploitation of a buffer overflow vulnerability within Samba Project's Samba could allow an attacker to execute arbitrary code with root privileges. This vulnerability exists in a certain function within Samba, where an attacker could trigger a memory corruption by sending specially crafted SMB requests resulting in heap memory overwritten with attacker supplied data, which can allow attackers to execute code remotely. iDefense has confirmed the existence of this vulnerability in Samba version 3.3.12. Previous versions are suspected to be affected.Samba 3.4.0 and newer versions rewrite the whole logic of the vulnerable function and thus are not affected by this vulnerability. | 17/06/10 |
| OSA-2010-005 | SAP J2EE Telnet Administration suffers from an authentication bypass vulnerability. | 17/06/10 |
| ZDI-10-110 | Zero Day Initiative Advisory 10-110 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required in that a target must visit a malicious website. The specific flaw exists within the code for parsing embedded image data within SWF files. The DefineBits tag and several of its variations are prone to a parsing issue while handling JPEG data. Specifically, the vulnerability is due to decompression routines that do not validate image dimensions sufficiently before performing operations on heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser. | 17/06/10 |
| ZDI-10-109 | Zero Day Initiative Advisory 10-109 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing embedded MP4 files. When handling the STSC, STSZ, and STCO atoms the player can be made to improperly calculate length values later used as size parameters during memory copy operations. By providing a specially crafted file an attacker can corrupt heap memory and execute arbitrary code under the context of the currently logged in user. | 17/06/10 |
| ZDI-10-108 | Zero Day Initiative Advisory 10-108 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ovwebsnmpsrv.exe process which can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a strcpy call within the main() function can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver. | 17/06/10 |
| MDVSA-2010-117 | Mandriva Linux Security Advisory 2010-117 - SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which bypasses the validation routine. The updated packages have been patched to correct this issue. | 17/06/10 |
| USN-951-1 | Ubuntu Security Notice 951-1 - Jun Mao discovered that Samba did not correctly validate SMB1 packet contents. An unauthenticated remote attacker could send specially crafted network traffic that could execute arbitrary code as the root user. | 17/06/10 |
| adobeflashgj-overflow | VUPEN Vulnerability Research Team discovered two critical vulnerabilities in Adobe Flash Player. These vulnerabilities are caused due to heap overflows when processing malformed GIF or JPEG data within a Flash file, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. | 17/06/10 |
| adobeflashnf-pointer | VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. This vulnerability is caused due to an invalid pointer when processing the newfunction operator (bytecode 0x44), which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. | 17/06/10 |
| adobeflash-pointer | VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. This vulnerability is caused due to an invalid pointer when processing the newclass operator (bytecode 0x58), which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. | 17/06/10 |
| dsa-2054-2 | Debian Linux Security Advisory 2054-2 - This update restores the PID file location for bind to the location before the last security update. Several cache-poisoning vulnerabilities have been discovered in BIND. These vulnerabilities are apply only if DNSSEC validation is enabled and trust anchors have been installed, which is not the default. | 16/06/10 |
| major_rls73 | Subdreamer CMS version 3.x.x suffers from a remote SQL injection vulnerability. | 16/06/10 |
| CORE-2010-0514 | Core Security Technologies Advisory - XnView is prone to a security vulnerability when processing MBM files. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine, by enticing the user of XnView to open a specially crafted file. | 16/06/10 |
| glsa-201006-21 | Gentoo Linux Security Advisory 201006-21 - Multiple vulnerabilities in UnrealIRCd might allow remote attackers to compromise the unrealircd account, or cause a Denial of Service. Versions less than 3.2.8.1-r1 are affected. | 16/06/10 |
| dsa-2060-1 | Debian Linux Security Advisory 2060-1 - Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring systems and services, is not properly validating input passed to the rra_id parameter of the graph.php script. Due to checking the input of $_REQUEST but using $_GET input in a query an unauthenticated attacker is able to perform SQL injections via a crafted rra_id $_GET value and an additional valid rra_id $_POST or $_COOKIE value. | 16/06/10 |
| modproxyhttp-timeout | A timeout detection flaw in the httpd mod_proxy_http module causes proxied response to be sent as the response to a different request, and potentially served to a different client, from the HTTP proxy pool worker pipeline. | 16/06/10 |
| unrealircd-backdoored | It's been discovered that UnrealIRCd version 3.2.8.1 was backdoored. | 15/06/10 |
| PR09-17 | There are multiple authenticated Cross-site Scripting vulnerability on Junipers, IVE web interface. Procheckup has found by making a malformed authenticated request to the IVE Web interface, that vanilla cross site scripting (XSS) attacks are possible. | 15/06/10 |
| dsa-2059-1 | Debian Linux Security Advisory 2059-1 - It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. | 15/06/10 |
| TA10-162A | Technical Cyber Security Alert 2010-162A - According to Adobe Security Bulletin APSB10-14, there are vulnerabilities in Adobe Flash and AIR. These vulnerabilities affect Flash Player, AIR, and possibly other products that support Flash. A remote attacker could exploit these vulnerabilities to execute arbitrary code. | 15/06/10 |
| 06.07.10-3 | iDefense Security Advisory 06.07.10 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Google Chrome browsers to parse and render web content. The vulnerability occurs when the a certain property of an HTML element with a caption is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. | 15/06/10 |
| dsa-2058-1 | Debian Linux Security Advisory 2058-1 - Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. | 15/06/10 |
| TPTI-10-03 | This vulnerability allows local attackers to execute arbitrary code in kernel space on vulnerable installations of Sophos Anti-Virus. Local access to the system is required to leverage the vulnerability. The specific flaw exists in the handling of the system call NtQueryAttributesFile by the filter driver savonaccessfilter.sys. Due to improper handling of parameters to the function pool corruption can occur in kernel space. A local attacker can leverage this to execute arbitrary code in ring 0. | 15/06/10 |
| CA20100608-01 | CA Technologies support is alerting users to multiple security risks with the PSFormX and WebScan ActiveX controls previously available from the CA Global Security Advisor site. Multiple vulnerabilities exist that can potentially allow a remote attacker to execute arbitrary code. | 15/06/10 |
| cisco-sa-20100609-axp | Cisco Security Advisory - The Cisco Application Extension Platform contains a privilege escalation vulnerability in the tech support diagnostic shell that may allow an authenticated user to obtain administrative access to a vulnerable Cisco Application Extension Platform module. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability. | 15/06/10 |
| secunia-creative | Secunia Research has discovered a vulnerability in Creative Software AutoUpdate Engine 2 ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in a callback function used when handling the BrowseFolder() method. This can be exploited to cause a stack-based buffer overflow via an overly long string argument. Successful exploitation allows execution of arbitrary code. | 15/06/10 |
