[Eleytt] 7LIPIEC2007

Eleytt Research www.eleytt.com Overview/Credit: Michal Bucko www.eleytt.com/michal.bucko sapheal.hack.pl Vulnerability Table === 1. Firefox 2.0.0.4 Remote Denial of Service Vulnerability 2. Microsoft Register Server Remote Denial of Service

Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies)

Taltech Tal Bar Code ActiveX Control Memory Corruption Vulnerability(-ies) Michal Bucko (sapheal) hack.pl I. BACKGROUND The Bar Code ActiveX Control has all the features necessary to easily add professional quality barcodes to any Windows application including Web

Re: WS_FTP Home 2007 NetscapeFTPHandler denial of service

Hey, It appears that WS_FTP Professional 2007 is also vulnerable as it takes advantage of NetscapeFTPHandler as well.

Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability

Now I am thinking of something else. Could we use a specially crafted FHF file to exploit the vulnerability? I haven't checked that yet. Michal Bucko (sapheal)

Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability

As for now I am not aware of any exploits for this issue or even proofs that it is exploitable. Kind regards, Michal Bucko (sapheal)

Windows NT Message Compiler 1.00.5239 arbitrary code execution

ng. Kind regards, Michal Bucko (sapheal) hack.pl

FreeRadius 1.1.3 SMB_Handle_Type SMB_Connect_Server arbitrary code execution

rsions = FreeRadius <=1.1.3 Kind regards, Michal Bucko (sapheal) hack.pl

Re: Re: Mozilla Firefox 2.0 denial of service vulnerability

There is no doubt that's recursion. I must say I know there's much more of such vulnerabilities in FF. One of those is below (this is an access violation vulnerability and has to deal with recursion, too). function owned(){ window.print(); owned(); } Kind regards, Michal Bucko

Mozilla Firefox 2.0 denial of service vulnerability

PoC exploit: function owned(){ setTimeout("owned()",1000); owned(); } It is available under the following address: http://sapheal.cybersecurity.pl/blackbook/simple/ddarko_ABCDE.html Kind regards, Michal Bucko (sapheal) HACK.PL

ATMEL Linux PCI PCMCIA USB Drivers arbitrary code execution

memory corruption conditions. Affected Versions = ATMEL WLAN drivers 3.4.1.1 Kind regards, Michał Bućko - sapheal HACK.PL

MythControl (MythTV remote control) arbitrary code execution

lution = The sent command must be small enough to fit in the prepared buffer to send. Exploitation Exploitation might be conducted by using an overflowed command variable value. Kind regards, Michal Bucko - sapheal

QuickCam linux device driver allows arbitrary code execution

Synopsis: QuickCam linux device driver arbitrary code execution Product: QuickCam Version: <=1.0.9 Issue/Details: A critical security vulnerability has been found in QuickCam initialization function (qcamvc_video_init) of the protytype: static void qcamvc_video_init(struct qcam

SMS handling OpenSER remote code executing

Synopsis: SMS handling OpenSER remote code executing Product: OpenSER Version: <=1.1.0 Issue: == A critical security vulnerability has been found in OpenSER SMS handling module. The vulnerable function should read the SMS from the SIM-memory. Details: int fetchsms(struct m

OpenSER OSP Module remote code execution

ted Versions = OpenSER <= 1.1.0 Solution = Proper boundary checking. Exploitation Exploitation might be conducted by preparing a specially crafted OSP header. Kind regards, Michał Bućko - sapheal Senior Security Specialist HACK.PL

OpenSER 1.1.0 parse_config buffer overflow vulnerability

Function of a prototype: static int parse_expression(char *str, expression **e, expression **e_exceptions) in OpenSER 1.1.0 (SIP router implementation) is vulnerable to buffer overflow as /str/ might be longer than the destination (where it is coppied to).