Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Microsoft Windows Uniscribe Font Parsing Engine Memory Corruption Vulnerability ( 15 September 2010 )

A remote code execution vulnerability exists in affected versions of Microsoft Windows and Microsoft Office. The vulnerability exists because Windows and Office incorrectly parse specific font types in such a way that could allow remote code execution. An attacker who successfully exploited this vulnerability could run arbitrary code...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4488 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows WordPad Word 97 Text Converter Memory Corruption Vulnerability ( 15 September 2010 )

A remote code execution vulnerability exists in the way that Microsoft WordPad processes memory when parsing a specially crafted Word 97 document. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed structure.
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4468 Views

RISK: Medium Risk

Medium Risk

Samba SID Parsing Buffer Overflow Vulnerability

A vulnerability has been identified in Samba, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the "sid_parse()" function and the related "dom_sid_parse()" function in the source4 code when reading a...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4730 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows MPEG-4 Codec Vulnerability ( 15 September 2010 )

A remote code execution vulnerability exists in the way that the MPEG-4 codec handles supported format files. This vulnerability could allow code execution if a user opened a specially crafted media file. If a user is logged on with administrative user rights, an attacker who...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4509 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows RPC Memory Corruption Vulnerability ( 15 September 2010 )

An unauthenticated remote code execution vulnerability exists in the way that the Remote Procedure Call (RPC) client implementation allocates memory when parsing specially crafted RPC responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4559 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows CSRSS Local Elevation of Privilege Vulnerability ( 15 September 2010 )

An elevation of privilege vulnerability exists in the Windows CSRSS due to the way that the CSRSS assigns memory for specific user transactions. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4594 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows IIS Multiple Vulnerabilities ( 15 September 2010 )

1. IIS Repeated Parameter Request Denial of Service VulnerabilityA denial of service vulnerability exists in Internet Information Services (IIS) that could allow an attacker who successfully exploited this vulnerability to interrupt service, causing the server to become un-responsive. An attacker could exploit the...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4665 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows LSASS Heap Overflow Vulnerability ( 15 September 2010 )

An authenticated elevation of privilege vulnerability exists in Microsoft Windows due to the way that the Local Security Authority Subsystem Service (LSASS) improperly handles certain Lightweight Directory Access Protocol (LDAP) messages. The vulnerability exists in implementations of Active Directory, Active Directory Application Mode (...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4558 Views

RISK: Medium Risk

Medium Risk

Microsoft Office Heap Based Buffer Overflow in Outlook Vulnerability ( 15 September 2010 )

A remote code execution vulnerability exists in the way that Microsoft Outlook parses content in a specially crafted e-mail message. This vulnerability exists only in configurations where Outlook connects to an Exchange Server in Online Mode. Configurations where Outlook connects to an Exchange Server in the...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4556 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Print Spooler Service Impersonation Vulnerability ( 15 September 2010 )

A remote code execution vulnerability exists in the Windows Print Spooler service that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected Windows XP system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could...
Last Update Date: 28 Jan 2011 Release Date: 15 Sep 2010 4541 Views

Subscribe To:

Mailing List
RSS Feed

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY