Posts Tagged ‘execute arbitrary code’

Adobe Logo

Vulnerabilities in Adobe Reader

The flaw allows a potential attacker to remotely execute arbitrary code.

Zero day vulnerability was discovered in the popular software Adobe Reader, allows you to execute arbitrary code on the target system. This in his report the researchers reported FireEye, who happened to encounter with an infected PDF-document capable of compromising computers based on Windows.

When trying to open a malicious file, is running two dll-libraries, one of which is designed to conceal the fact of infection. It gives the user an error message while working on a document. Second library contains a component that provides for the connection to the remote server attacks.

According to FireEye, vulnerable to this attack were such versions of Adobe Reader, as 9.5.3, 10.1.5 and 11.0.1. Older versions may also be exposed to the threat. Currently, researchers have already submitted details of the detected flaws developers. (more…)

Vulnerability

Vulnerabilities in CouchDB

Vulnerability: Multiple vulnerabilities in CouchDB

Danger: High
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-5641
CVE-2012-5649
CVE-2012-5650

Vector of operation: Remote
Impact: Cross Site Scripting, Disclosure of sensitive data, System compromise

Affected products: Apache CouchDB 1.x

Affected versions: Apache CouchDB versions prior to 1.0.4., Apache CouchDB versions prior to 1.1.2., Apache CouchDB versions prior to 1.2.1. (more…)

Ruby on RailsVulnerability: System compromise in Ruby on Rails

Danger level: High
Availability of fixes: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-0155
CVE-2013-0156
Vector of operation: Remote
Impact: System Compromise

Affected Products: Ruby on Rails 2.3.x, 3.0.x, 3.1.x, 3.2.x.

Affected versions: Ruby on Rails versions prior to 3.2.11, 3.1.10, 3.0.19, 2.3.15.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

An error in the processing of XML parameters, because of what the characters and YAML types can be part of a POST request. This can be exploited to compromise a vulnerable system. (more…)

Adobe Logo

Vulnerabilities in Adobe ColdFusion

Vulnerability: Multiple Vulnerabilities in Adobe ColdFusion

Danger level: Critical
Availability of fixes: Instructions on elimination
Number of vulnerabilities: 3

Affected Products: Adobe ColdFusion 9.x
Adobe ColdFusion 10.x

Affected versions: ColdFusion 10, ColdFusion 9.0.2, ColdFusion 9.0.1, ColdFusion 9.0

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. The vulnerability is caused due to an unspecified error. This can be exploited to bypass the authentication functionality and gain full control over the target system. (more…)

Vulnerability

Vulnerabilities in Mozilla

Vulnerability: Multiple vulnerabilities in Mozilla products

Danger: High
Patch: Yes
Number of vulnerabilities: 25

Affected products: Mozilla Firefox 17.x, Mozilla SeaMonkey 2.x, Mozilla Thunderbird 17.x

Affected versions: Mozilla Firefox 17.x, Mozilla SeaMonkey 2.x, Mozilla Thunderbird 17.x

Description:

Which can be exploited by malicious people to execute arbitrary code on the target system.

1. An unspecified error in the browser engine. This can be exploited to corrupt memory and execute arbitrary code on the target system.

2. An unspecified error in the browser engine. This can be exploited to corrupt memory and execute arbitrary code on the target system.

3. An unspecified error in the browser engine. This can be exploited to corrupt memory and execute arbitrary code on the target system. (more…)

Vulnerability

Vulnerabilities in Google Chrome

Vulnerability: Multiple vulnerabilities in Google Chrome

Danger: High
Patch: Yes
Number of vulnerabilities: 9

CVE ID: CVE-2012-5139, CVE-2012-5140, CVE-2012-5141, CVE-2012-5142, CVE-2012-5143, CVE-2012-5144, CVE-2012-5676, CVE-2012-5677, CVE-2012-5678

Vector of operation: Remote
Impact: Security Bypass, System compromise

Affected products: Google Chrome 23.x

Affected versions: Google Chrome to version 23.0.1271.97.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. The vulnerability is caused due to some errors in the embedded Adobe Flash Player. This can be exploited to compromise a vulnerable system. (more…)

Vulnerability

System compromise

Vulnerability: Compromise of Symantec Products

Danger: High
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Affected Products: Symantec Data Loss Prevention Endpoint Agents 11.x, Mail Security for Domino 8.x, Mail Security for Microsoft Exchange 6.x, Messaging Gateway 9.x, Data Loss Prevention Enforce / Detection Servers for Windows 11.x, Data Loss Prevention Enforce / Detection Servers for Linux 11.x

Affected versions:
– Mail Security for Microsoft Exchange (SMSMSE) 6.5.x, possibly other versions;
– Mail Security for Domino (SMSDOM) 8.1.x, possibly other versions;
– Messaging Gateway (SMG) 9.5.x, possibly other versions;
– Data Loss Prevention (DLP) Enforce / Detection Servers for Windows 11.x, perhaps the only one;
– Data Loss Prevention Enforce / Detection Servers for Linux 11.x, perhaps the only one;
– Data Loss Prevention Endpoint Agents 11.x, perhaps the only one. (more…)