http://research.eeye.com/html/advisories/published/index.htmlThe eEye Digital Security Research Team is dedicated to finding and educating the public about new and existing software security vulnerabilities. The advisory information provided adheres to eEye's responsible disclosure policy and supports the company's goal to eliminate security vulnerabilities within computing networks.en-usCopyright 2006 eEye Digital Securityhttp://blogs.law.harvard.edu/tech/rssFri, 20 Nov 2009 21:22:00 PSTFri, 20 Nov 2009 21:22:00 PST 360eEye Digital Security has released an out of band patch for Retina Wireless Scanner to address a buffer overflow vulnerability when parsing malformed .RWS dump files. Due to the boundary condition error in handling these files, an malicious file could corrupt memory and cause a denial of service by crashing Retina Wireless Scanner (most common scenario) or execute arbitrary code (worst case scenario).http://research.eeye.com/html/advisories/published/AD20090710.htmlhttp://research.eeye.com/html/advisories/published/AD20090710.html Fri, 10 Jul 2009 12:00:00 PSTeEye Digital Security has discovered a critical remote code execution condition within OScan8.ocx and Oscan81.ocx included by default in BitDefender Online Anti-Virus Scanner 8.0 released on May 24th 2006. OScan.ocx is the main ActiveX component for BitDefender's Anti-Virus Scanner and is initialized by Internet Explorer or any other ActiveX compatible products. After this file is initialized, it generates the GUI for the scanner and manages all User-issued commands. Oscan.ocx has also an internal website verification system to prevent the ActiveX control from being initialized outside of an authorized domain. Unfortunately due to a lack of data-sanitization, OScan.ocx can be forced to be initialized in an unsafe domain and it can be manipulated to corrupt arbitrary memory locations with user supplied values. This could allow a memory corruption scenario that would lead to arbitrary code execution or denial of service conditions.http://research.eeye.com/html/advisories/published/AD20071120.htmlhttp://research.eeye.com/html/advisories/published/AD20071120.html Tue, 20 Nov 2007 12:00:00 PSTeEye Digital Security has discovered 14 vulnerabilities in the processing of FLAC (Free-Lossless Audio Codec) files affecting various applications. Processing a malicious FLAC file within a vulnerable application could result in the execution of arbitrary code at the privileges of the application or the current user (depending on OS).http://research.eeye.com/html/advisories/published/AD20071115.htmlhttp://research.eeye.com/html/advisories/published/AD20071115.html Thu, 15 Nov 2007 12:00:00 PSTeEye Digital Security has discovered a remote vulnerability in CA BrightStor ARCserve Backup Server that allows an attacker to execute arbitrary code as SYSTEM without any user interaction. The exploit is extremely reliable and can be successfully delivered either across the internet or within local networks via a random TCP port that is disclosed by the BrightStor portmapper service on TCP/111.http://research.eeye.com/html/advisories/published/AD20071011.htmlhttp://research.eeye.com/html/advisories/published/AD20071011.html Thu, 11 Oct 2007 12:00:00 PSTeEye Digital Security has discovered multiple vulnerabilities within CA ARCserve for Laptops and Desktops, an enterprise-level backup software suite designed for workstations. The vulnerabilities can be utilized by an attacker to execute arbitrary code on a remote system anonymously over TCP/1900.http://research.eeye.com/html/advisories/published/AD20070920.htmlhttp://research.eeye.com/html/advisories/published/AD20070920.html Thu, 20 Sep 2007 12:00:00 PSTeEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows metafiles. If an application attempts to display a malicious metafile in a particular way, a heap overflow will occur and result in the execution of arbitrary code, with the privileges of the user who ran the application.http://research.eeye.com/html/advisories/published/AD20070814b.htmlhttp://research.eeye.com/html/advisories/published/AD20070814b.html Tue, 14 Aug 2007 12:00:00 PSTeEye Digital Security has discovered a heap overflow vulnerability in VGX.DLL's processing of compressed content referenced from VML. VGX.DLL is the Microsoft component responsible for rendering VML (Vector Markup Language) within Internet Explorer.http://research.eeye.com/html/advisories/published/AD20070814a.htmlhttp://research.eeye.com/html/advisories/published/AD20070814a.html Tue, 14 Aug 2007 12:00:00 PSTeEye Digital Security has discovered a critical vulnerability in PUBCONV.DLL (version 12.0.4518.1014) included with Microsoft’s Publisher 2007. PUBCONV.DLL is the Publisher conversion library used by Publisher to translate previous Publisher version files to be *properly* rendered in Publisher 2007. However, when attempting to load a malformed legacy Publisher document (i.e. Publisher 98), PUBCONV.DLL can be forced to call an arbitrary function pointer resulting in the execution of attacker supplied code in the context the of logged-in user.http://research.eeye.com/html/advisories/published/AD20070710.htmlhttp://research.eeye.com/html/advisories/published/AD20070710.html Tue, 10 Jul 2007 12:00:00 PSTeEye Digital Security has discovered a stack buffer overflow in Java WebStart, a utility installed with Java Runtime Environment for the purpose of managing the download of Java applications. By opening a malicious JNLP file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user.

A web-based attack conducted through Internet Explorer may succeed without the use of ActiveX or scripting, and without any additional user interaction other than viewing a web page, if the web server indicates a Content-Type of "application/x-java-jnlp-file" when serving up the malicious JNLP file. In such a case, a ".jnlp" file extension is not required.http://research.eeye.com/html/advisories/published/AD20070705.htmlhttp://research.eeye.com/html/advisories/published/AD20070705.html Thu, 5 Jul 2007 12:00:00 PSTeEye Digital Security has discovered two critical vulnerabilities in ywcupl.dll (version 2.0.1.4) and ywcvwr.dll (version 2.0.1.4) included by default in all releases of Yahoo! Messenger 8.x. Ywcupl.dll is Yahoo's Webcam Upload ActiveX Control used by Yahoo! Messenger to stream content from a user's webcam to other users. Ywcvwr.dll is Yahoo! Messenger's Webcam Viewer ActiveX Control used to view any streamed content. These files are normally used only when viewing or streaming webcam content to and from Yahoo Messenger, but they are incorrectly marked safe for scripting and can be instantiated by any website. Furthermore they both fail to perform bounds checking on variables resulting in 2 stack-based buffer overflow conditions that could allow arbitrary code to execute in the context of the logged-in user.

The vulnerability is a simple strcpy-based stack buffer overflow within the ActiveX controls, and can be reliably exploited on all versions of Windows in order to execute arbitrary code.http://research.eeye.com/html/advisories/published/AD20070608.htmlhttp://research.eeye.com/html/advisories/published/AD20070608.html Fri, 8 Jun 2007 12:00:00 PSTeEye Digital Security has discovered a local privilege escalation vulnerability in Windows Vista that allows a program executing without privileges to fully compromise an affected system. A malicious user or malware program could exploit this vulnerability to execute arbitrary code with SYSTEM privileges within the CSRSS process, permitting the bypass of Vista's vaunted user privilege limitations and administrator approval mode.http://research.eeye.com/html/advisories/published/AD20070410b.htmlhttp://research.eeye.com/html/advisories/published/AD20070410b.html Tue, 10 Apr 2007 12:00:00 PSTeEye Digital Security has discovered a local privilege escalation vulnerability in the Windows kernel that allows an unprivileged user with the ability to execute a program to fully compromise an affected system. All x86 versions of Windows up to and including Windows Server 2003 SP2 are vulnerable.http://research.eeye.com/html/advisories/published/AD20070410a.htmlhttp://research.eeye.com/html/advisories/published/AD20070410a.html Tue, 10 Apr 2007 12:00:00 PSTeEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.http://research.eeye.com/html/advisories/published/AD20061207.htmlhttp://research.eeye.com/html/advisories/published/AD20061207.html Thu, 7 Dec 2006 12:00:00 PSTeEye Digital Security has discovered a stack buffer overflow in Adobe Download Manager, a utility typically installed for the purpose of downloading Adobe software such as Adobe (Acrobat) Reader. By opening a malicious AOM file, a user's system may be compromised by arbitrary code within the file, which executes with the privileges of that user.http://research.eeye.com/html/advisories/published/AD20061205.htmlhttp://research.eeye.com/html/advisories/published/AD20061205.html Tue, 5 Dec 2006 12:00:00 PSTA flaw exists in a default Windows component called the "Workstation Service" that when exploited allows for remote code execution in SYSTEM context, allowing an attacker to take complete control of affected systems.http://research.eeye.com/html/advisories/published/AD20061114.htmlhttp://research.eeye.com/html/advisories/published/AD20061114.html Tue, 14 Nov 2006 12:00:00 PST