Skip to main content

Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Microsoft Windows Kernel Multiple Vulnerabilities

1. Windows Kernel Exception Handler VulnerabilityAn elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, ...
Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5128 Views

RISK: Medium Risk

Medium Risk

Microsoft DirectShow Heap Overflow Vulnerability

A remote code execution vulnerability exists in the way that Microsoft DirectShow parses AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited...
Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5168 Views

RISK: Medium Risk

Medium Risk

Microsoft Hyper-V Instruction Set Validation Vulnerability

A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploited this vulnerability could cause the affected Hyper...
Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5184 Views

RISK: Medium Risk

Medium Risk

Microsoft Kerberos Null Pointer Dereference Vulnerability

A denial of service vulnerability exists in implementations of Kerberos. The vulnerability is due to improper handling of Ticket-Granting-Ticket renewal requests by a client on a remote, non-Windows realm in a mixed-mode Kerberos implementation. An attacker who successfully exploited...
Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5262 Views

RISK: Medium Risk

Medium Risk

Microsoft Data Analyzer ActiveX Control Vulnerability

A remote code execution vulnerability exists in the Microsoft Data Analyzer ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this...
Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5222 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Local Privilege Elevation Vulnerability

An elevation of privilege vulnerability exists because the Windows Client/Server Run-time Subsystem (CSRSS) does not properly terminate user processes when a user logs out. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then...
Last Update Date: 28 Jan 2011 Release Date: 10 Feb 2010 5225 Views

RISK: Medium Risk

Medium Risk

Microsoft Internet Explorer Information Disclosure Vulnerability

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to access files with an already known filename and location.The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed...
Last Update Date: 28 Jan 2011 Release Date: 4 Feb 2010 5365 Views

RISK: Medium Risk

Medium Risk

Apple iPhone and iPod Touch Multiple Vulnerabilities

Multiple vulnerabilitieshave been identified in Apple iPhone and iPod touch, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system.1. Due to a buffer overflow error when processing malformed...
Last Update Date: 28 Jan 2011 Release Date: 4 Feb 2010 5378 Views

RISK: Medium Risk

Medium Risk

VMware Products Java JRE Multiple Code Execution Vulnerabilities

Multiple vulnerabilities have been identified in various VMware products, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service, or compromise an affected system. These issues are caused by errors in Java JRE.
Last Update Date: 28 Jan 2011 Release Date: 2 Feb 2010 5367 Views

RISK: Medium Risk

Medium Risk

Apache mod_proxy "ap_proxy_send_fb()" Integer Overflow Vulnerability

A vulnerability has been identified in Apache, which could be exploited by remote attackers to cause a denial of service or compromise a vulnerable web server. This issue is caused by an integer overflow error in the "ap_proxy_send_fb()" [modules/proxy/proxy_util.c] ...
Last Update Date: 28 Jan 2011 Release Date: 29 Jan 2010 5546 Views