Section: .. / 0706-advisories /
| /// File Name: |
ZDI-07-034.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists in the parsing of .CAB archives. When a long filename contained in the .CAB is processed by vete.dll an exploitable stack overflow may occur.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3302 | | Related CVE(s): | CVE-2007-2863 | | Last Modified: | Jun 7 02:14:35 2007 |
| MD5 Checksum: | cef1d956fd82ec9a47b70161d2cf255c |
|
| /// File Name: |
ZDI-07-035.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Computer Associates products. The specific flaw exists within the processing of an improperly defined "coffFiles" field in .CAB archives. Large values result in an unbounded data copy operation which can result in an exploitable stack-based buffer overflow.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3016 | | Related CVE(s): | CVE-2007-2864 | | Last Modified: | Jun 7 02:15:45 2007 |
| MD5 Checksum: | 566251f43a6cf08208def587e465ad08 |
|
| /// File Name: |
ZDI-07-036.txt |
Description:
|
A vulnerability allows remote attackers to cause a denial of service on vulnerable Arris Cadant C3 CMTS systems. Authentication is not required to exploit this vulnerability. The flaw exists due to mishandling of IP options. When an unknown or bad option is specified, the C3 will terminate disabling all service that is handled by that CMTS. The vulnerability can be triggered with a single malformed IP packet.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2757 | | Related CVE(s): | CVE-2007-2796 | | Last Modified: | Jun 12 21:05:53 2007 |
| MD5 Checksum: | 3bb92cffcef566733be75acf6816b31e |
|
| /// File Name: |
ZDI-07-037.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in routines responsible for the on-demand installation of Internet Explorer language packs. A race condition may occur when a web page contains several pieces of content written in a language not currently supported by any of the installed language packs. In some cases, this race condition results in exploitable memory corruption that can be leveraged to execute arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3366 | | Related CVE(s): | CVE-2007-3027 | | Last Modified: | Jun 12 21:26:56 2007 |
| MD5 Checksum: | a0968401dcc420aa0d12a0a9b67b8bd3 |
|
| /// File Name: |
ZDI-07-038.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw is specifically exposed when a prototype variable points to a table cell and then that table cell is removed. This results in an invalid pointer dereference which can be leveraged to result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 3156 | | Related CVE(s): | CVE-2007-1751 | | Last Modified: | Jun 12 21:28:14 2007 |
| MD5 Checksum: | 887b2592e09075e1f07bb057bbb8bcef |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
