iDefense Security Advisory 10.12.11: Apple Mobile OfficeImport Framework Word Document Parsing Memory Corruption Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office

iDefense Security Advisory 10.12.11: Apple MobileSafari Attachment Viewing Cross Site Scripting Vulnerability

iDefense Security Advisory 10.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 12, 2011 I. BACKGROUND MobileSafari is Apple's mobile we browser for iOS devices. For more information about MobileSafari, please the visit following website: http://www.apple.com/iphone/built-in

iDefense Security Advisory 10.11.11: Microsoft Internet Explorer Object Handling Memory Corruption Vulnerability

iDefense Security Advisory 10.11.11 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 11, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer

iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability

iDefense Security Advisory 09.26.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 26, 2011 I. BACKGROUND GroupWise is Novell's messaging platform, and includes support for email, calendaring, and instant messaging. More information is available at the following website:

iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability

iDefense Security Advisory 09.26.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 26, 2011 I. BACKGROUND GroupWise is Novell's messaging platform, and includes support for email, calendaring, and instant messaging. More information is available at the following website:

iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability

iDefense Security Advisory 09.26.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 26, 2011 I. BACKGROUND GroupWise is Novell's messaging platform, and includes support for email, calendaring, and instant messaging. More information is available at the following website:

iDefense Security Advisory 09.26.11: Novell GroupWise iCal TZNAME Heap Overflow Vulnerability

iDefense Security Advisory 09.26.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 26, 2011 I. BACKGROUND GroupWise is Novell's messaging platform, and includes support for email, calendaring, and instant messaging. More information is available at the following website:

iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability

iDefense Security Advisory 09.13.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 13, 2011 I. BACKGROUND Adobe Reader and Acrobat are portable document format (PDF) readers and processors. For more information, please visit the following pages: http://www.adobe.com/products/reader

iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability

iDefense Security Advisory 09.13.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 13, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability

iDefense Security Advisory 09.13.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 13, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability

iDefense Security Advisory 09.13.11 http://labs.idefense.com/intelligence/vulnerabilities/ Sep 13, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow

iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on

iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability

iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on

iDefense Security Advisory 07.20.11: Multiple Vendor WebKit SVG animVal Memory Corruption Vulnerability

iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see th

iDefense Security Advisory 07.20.11: Apple Safari innerText Use-After-Free Vulnerability

iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND Safari is Apple's web browser, and is based on the open source WebKit browser engine. MobileSafari is Safari for Apple's mobile devices including the iPad and iPhone

iDefense Security Advisory 07.20.11: Multiple Vendor WebKit frameset style Heap Corruption Vulnerability

iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see th

iDefense Security Advisory 07.20.11: Safari WebKit TIFF Use-After-Free Vulnerability

iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see th

iDefense Security Advisory 07.20.11: Multiple Vendor WebKit MathML Use-After-Free Vulnerability

iDefense Security Advisory 07.20.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 20, 2011 I. BACKGROUND MathML is an XML-based markup language used to describe mathematical operations. It can be embedded inside of HTML and is supported by the WebKit engine. II. DESCRIPTION Remote

iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability

iDefense Security Advisory 07.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 14, 2011 I. BACKGROUND Citrix's Access Gateway solution provides remote access to customers via the Web browser. This is accomplished through the use of an ActiveX control that enables an SSL base

iDefense Security Advisory 06.14.11: Adobe Shockwave 3D Asset DEMX Integer Overflow Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 06.14.11: Adobe Shockwave Cursor Asset tSAC Chunk Integer Overflow Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 06.14.11: Adobe Shockwave Font Asset Heap Overflow Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 06.14.11: Adobe Shockwave Lingo Script Opcodes Integer Signedness Vulnerability

iDefense Security Advisory 06.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 14, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 05.03.11: Tom Sawyer GET Extension Factory COM Object Instantiation Memory Corruption Vulnerability

iDefense Security Advisory 05.03.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 03, 2011 I. BACKGROUND Tom Sawyer Software's GET Extension Factory is a component used for graph visualization applications development. It is included in VMWare Infrastructure Client. For

iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability

iDefense Security Advisory 06.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 01, 2011 I. BACKGROUND Cisco's AnyConnect VPN solution provides remote access to customers via the Web browser. This is accomplished through the use of an ActiveX control. The control itse

iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow

iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More informatio

iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow

iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More informatio

iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow

iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More informatio

iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow

iDefense Security Advisory 05.24.11 http://labs.idefense.com/intelligence/vulnerabilities/ May 24, 2011 I. BACKGROUND IBM Corp.'s Lotus Notes software is an integrated desktop client option for accessing e-mail, calendars and applications on an IBM Corp. Lotus Domino server. More informatio

iDefense Security Advisory 04.12.11: Microsoft Internet Explorer Use-After-Free Memory Corruption Vulnerability

iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer

iDefense Security Advisory 04.12.11: Microsoft Excel Memory Corruption Vulnerability

iDefense Security Advisory 04.12.11 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 12, 2011 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 03.31.10: RealNetworks Helix DNA Server RTSP Stack Buffer Overflow

iDefense Security Advisory 03.31.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 31, 2010 I. BACKGROUND Helix DNA Server is software that can play audio and video media in various formats and stream them over a network. It is intended as a largely free and open source digital media

iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability

iDefense Security Advisory 03.21.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 21, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office

iDefense Security Advisory 03.02.11: Apple CoreGraphics Library Heap Memory Corruption Vulnerability

iDefense Security Advisory 03.02.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 02, 2011 I. BACKGROUND Apple's CoreGraphics library is an API used to create and manipulate graphical elements. This API is used by many Apple applications, including the Safari browser on both Wi

iDefense Security Advisory 03.01.11: Alcatel-Lucent OmniPCX Enterprise CS CGI Cookie Buffer Overflow Vulnerability

iDefense Security Advisory 03.01.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 01, 2011 I. BACKGROUND The Alcatel-Lucent OmniPCX Enterprise Communication Server (CS) is a communication server platform that provides multimedia call processing for both Alcatel-Lucent and third

iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Memory Corruption Vulnerability

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on

iDefense Security Advisory 02.08.11: Adobe Flash Player ActionScript Integer Overflow Vulnerability

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash lets you put animation and movies on

iDefense Security Advisory 02.08.11: Adobe Shockwave Player Memory Corruption Vulnerability

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plug-in. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 02.08.11: Adobe Reader and Acrobat JP2K Invalid Indexing Vulnerability

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND Adobe Reader/Acrobat is a Portable Document Format Viewer (PDF). For more information, see the vendor's site found at the following link. http://www.adobe.com/products/r

iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library

iDefense Security Advisory 02.08.11 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 08, 2011 I. BACKGROUND The Windows Picture and Fax Viewer "shimgvw.dll" library is used by Windows Explorer to generate thumbnail previews for media files. II. DESCRIPTION Remote exploit

iDefense Security Advisory 01.10.11: HP Network Node Manager Command Injection Vulnerability

iDefense Security Advisory 01.10.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 10, 2011 I. BACKGROUND HP Network Node Manager Command Injection Vulnerability HP Network Node Manager (NNM) is an application suite that is used to map out and manage network topography. NNM runs on a

iDefense Security Advisory 12.14.10: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability

iDefense Security Advisory 12.14.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 14, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer

iDefense Security Advisory 12.14.10: Microsoft Internet Explorer CSS Style Table Layout Uninitialized Memory Vulnerability

iDefense Security Advisory 12.14.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 14, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer

iDefense Security Advisory 12.10.10: RealNetworks RealPlayer RealAudio Codec Memory Corruption Vulnerability

iDefense Security Advisory 12.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 10, 2010 I. BACKGROUND RealPlayer is RealNetworks's media player product used to render video and other media. For more information, visit http://www.real.com/. II. DESCRIPTION Remote exploitati

iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability

iDefense Security Advisory 12.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 10, 2010 I. BACKGROUND RealPlayer is RealNetworks's media player product used to render video and other media. For more information, visit http://www.real.com/ II. DESCRIPTION Remote exploitati

iDefense Security Advisory 12.07.10: Apple QuickTime PICT Memory Corruption Vulnerability

iDefense Security Advisory 12.07.10 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 07, 2010 I. BACKGROUND QuickTime is Apple's media player product used to render video and other media. The PICT file format was developed by Apple Inc. in 1984. PICT files can contain both o

iDefense Security Advisory 11.11.10: Apple Mobile OfficeImport Framework Excel Parsing Memory Corruption Vulnerability

iDefense Security Advisory 11.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 11, 2010 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office

iDefense Security Advisory 11.09.10: Microsoft Word RTF File Parsing Stack Buffer Overflow Vulnerability

iDefense Security Advisory 11.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 09, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website: http://office.microsoft.com/en-us

iDefense Security Advisory 08.24.10: Adobe Shockwave Player Memory Corruption Vulnerability

iDefense Security Advisory 08.24.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 24, 2010 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 08.10.10: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability

iDefense Security Advisory 08.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 10, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website: http://office.microsoft.com/en-us

iDefense Security Advisory 08.10.10: Microsoft Word RTF File Parsing Heap Buffer Overflow Vulnerability

iDefense Security Advisory 08.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 10, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website: http://office.microsoft.com/en-us

iDefense Security Advisory 08.03.10: Citrix ICA Client ActiveX Memory Corruption Vulnerabillity

iDefense Security Advisory 08.03.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 03, 2010 I. BACKGROUND The Citrix ICA Client is an ActiveX control used to connect to a Citrix XenApp (formerly Citrix Presentation Server) server via the browser. Using this control allows clients to

iDefense Security Advisory 06.21.10: Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability

iDefense Security Advisory 06.21.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 21, 2010 I. BACKGROUND libTIFF is a free and popular image library that provides support for displaying and manipulating Tag Image File Format (TIFF) image data. This library is used by numerous

iDefense Security Advisory 06.16.10: Samba 3.3.12 Memory Corruption Vulnerability

iDefense Security Advisory 06.16.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 16, 2010 I. BACKGROUND Samba is an open-source Unix server application used to implement Windows file sharing and domain controlling functionality. For more information, please visit: http

iDefense Security Advisory 06.10.10: Adobe Flash Player Use-After-Free Vulnerability

iDefense Security Advisory 06.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 10, 2010 I. BACKGROUND Adobe Flash Player is a very popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, Linux and MacOS. Flash Player enables Web

iDefense Security Advisory 06.10.10: Adobe Flash Player Out Of Bounds Memory Indexing Vulnerability

iDefense Security Advisory 06.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 10, 2010 I. BACKGROUND Adobe Flash Player is a very popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, Linux and MacOS. Flash Player enables Web

iDefense Security Advisory 06.07.10: Multiple Vendor WebKit HTML Caption Use After Free Vulnerability

iDefense Security Advisory 06.07.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jun 07, 2010 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see th

iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability

iDefense Security Advisory 05.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ May 11, 2010 I. BACKGROUND Adobe Shockwave Player is a popular Web browser plugin. It is available for multiple Web browsers and platforms, including Windows, and MacOS. Shockwave Player enables Web

iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Integer Overflow Vulnerability

iDefense Security Advisory 04.15.10 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 15, 2010 I. BACKGROUND Agent Extensibility (AgentX) Protocol was designed to address interoperability issues with extensible SNMP agents. AgentX++ is a C++ implementation of the AgentX protocol. It is

iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability

iDefense Security Advisory 04.15.10 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 15, 2010 I. BACKGROUND Agent Extensibility (AgentX) Protocol was designed to address interoperability issues with extensible SNMP agents. AgentX++ is a C++ implementation of the AgentX protocol. It is

iDefense Security Advisory 04.09.10: VMware VMnc Codec Heap Overflow Vulnerability

iDefense Security Advisory 04.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Apr 09, 2010 I. BACKGROUND VMware Inc. markets several virtualization products such as ACE, Player, Server, and Workstation. These products include a video coder-decoder (codec) called 'vmnc.dll

iDefense Security Advisory 03.30.10: Oracle Java Runtime Environment Image FIle Buffer Overflow Vulnerability

iDefense Security Advisory 03.30.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 30, 2010 I. BACKGROUND The Java Runtime Environment (JRE) is the Sun Microsystems implementation of the Java run-time. For more information, visit the link shown below. http://www.sun.com/java/ II

iDefense Security Advisory 03.30.10: Microsoft Internet Explorer 'onreadystatechange' Use After Free Vulnerability

iDefense Security Advisory 03.30.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 30, 2010 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer

iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability

iDefense Security Advisory 03.11.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 11, 2010 I. BACKGROUND WebKit is an open source web browser engine. It is currently used by Apple Inc.'s Safari browser, as well as by Google's Chrome browser. For more information, see th

iDefense Security Advisory 03.09.10: Microsoft Excel MDXSET Record Heap Overflow Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 03.09.10: Microsoft Excel MDXTUPLE Record Heap Overflow Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 03.09.10: Microsoft Excel Sheet Object Type Confusion Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 03.09.10: Microsoft Excel FNGROUPNAME Record Uninitialized Memory Vulnerability

iDefense Security Advisory 03.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 09, 2010 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More information is available at the following website:

iDefense Security Advisory 03.04.10: Autonomy KeyView OLE Document Integer Overflow Vulnerability

iDefense Security Advisory 03.04.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 04, 2010 I. BACKGROUND Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats. KeyView is used by several

iDefense Security Advisory 03.02.10: IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability

iDefense Security Advisory 03.02.10 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 02, 2010 I. BACKGROUND IBM Lotus Domino includes an ActiveX control called Domino Web Access, which provides Web-based access for Lotus Notes users. The control features functionality that is used for

iDefense Security Advisory 02.23.10: Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability

iDefense Security Advisory 02.23.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 23, 2010 I. BACKGROUND The getPlus Downloader is an application download and installation manager, distributed in the form of an ActiveX control. This control is used by Adobe Systems Inc. to install

iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability

iDefense Security Advisory 02.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 09, 2010 I. BACKGROUND Microsoft PowerPoint is an application used for constructing presentations, and comes with the Microsoft Office suite. For more information, see the vendor's site found a

iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability

iDefense Security Advisory 02.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 09, 2010 I. BACKGROUND Microsoft PowerPoint is an application used for constructing presentations, and comes with the Microsoft Office suite. For more information, see the vendor's site found a

iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability

iDefense Security Advisory 02.09.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 09, 2010 I. BACKGROUND Microsoft PowerPoint is an application used for constructing presentations, and comes with the Microsoft Office suite. For more information, see the vendor's site found a

iDefense Security Advisory 02.01.10: RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability

iDefense Security Advisory 02.01.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 01, 2010 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. Since late 2003, Real Player has been based on the open-source Helix Player. More

iDefense Security Advisory 02.01.10: RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability

iDefense Security Advisory 02.01.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 01, 2010 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. Since late 2003, Real Player has been based on the open-source Helix Player. More

iDefense Security Advisory 02.01.10: Real Networks RealPlayer Compressed GIF Handling Integer Overflow

iDefense Security Advisory 02.01.10 http://labs.idefense.com/intelligence/vulnerabilities/ Feb 01, 2010 I. BACKGROUND RealPlayer is an application for playing various media formats, developed by RealNetworks Inc. Since late 2003, Real Player has been based on the open-source Helix Player. More

iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability

iDefense Security Advisory 01.12.10 http://labs.idefense.com/intelligence/vulnerabilities/ Jan 12, 2010 I. BACKGROUND Adobe Reader and Acrobat are Portable Document Format (PDF) reader and processors. For more information, please visit following pages: http://www.adobe.com/products/reader/ http

iDefense Security Advisory 12.08.09: Microsoft Windows Indeo32 Codec Parsing Heap Corruption Vulnerability

iDefense Security Advisory 12.08.09 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 08, 2009 I. BACKGROUND Indeo Video is a video codec developed by Intel and included in Microsoft Windows. For more information about Indeo codec, please the visit following website: http://ligos.com

iDefense Security Advisory 12.08.09: Microsoft WordPad Word97 Converter Integer Overflow Vulnerability

iDefense Security Advisory 12.08.09 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 08, 2009 I. BACKGROUND WordPad is the default text editing application included with nearly all Windows versions since Windows 95. The Word97 converter is used to convert Word documents into the format

iDefense Security Advisory 12.08.09: Microsoft Internet Explorer HTML Layout Engine Uninitialized Memory Vulnerability

iDefense Security Advisory 12.08.09 http://labs.idefense.com/intelligence/vulnerabilities/ Dec 08, 2009 I. BACKGROUND Internet Explorer is a graphical web browser developed by Microsoft Corp. that has been included with Microsoft Windows since 1995. For more information about Internet Explorer

iDefense Security Advisory 11.10.09: Microsoft Excel FEATHEADER Record Memory Corruption Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 11.10.09 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 10, 2009 I. BACKGROUND Excel is the spreadsheet application included with Microsoft Corp.'s Office productivity software suite. More informati

iDefense Security Advisory 11.10.09: Microsoft Word FIB Processing Stack Buffer Overflow Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 11.10.09 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 10, 2009 I. BACKGROUND Microsoft Word is a word processing application that is part of the Microsoft Office suite of products. For more information about

iDefense Security Advisory 10.28.09: Mozilla Firefox GIF Color Map Parsing Buffer Overflow Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 10.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 28, 2009 I. BACKGROUND Firefox is the Mozilla Foundation's open source internet web browser. Among the browser's capabilities is the display of

iDefense Security Advisory 10.13.09: Microsoft Office Drawing Format Shape Properties Memory Corruption Vulnerability

iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND Microsoft Office is a suite of products used for document, spreadsheet, and presentation creation and viewing. Office Drawing Format is a binary file format developed by

iDefense Security Advisory 10.13.09: Microsoft Windows GDI+ TIFF File Parsing Buffer Overflow Vulnerability

iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND The GDI+ library 'GdiPlus.dll' provides access to a number of graphics methods, via a class based API. For more information on GDI+, please visit following URL. ht

iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability

iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND Adobe Acrobat Reader/Acrobat are programs for viewing and editing Portable Document Format (PDF) documents. For more information, see the vendor's site found at the foll

iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability

iDefense Security Advisory 10.13.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 13, 2009 I. BACKGROUND Adobe Acrobat Reader/Acrobat are programs for viewing and editing Portable Document Format (PDF) documents. For more information, see the vendor's site found at the foll

iDefense Security Advisory 10.07.09: IBM AIX rpc.cmsd Stack Buffer Overflow Vulnerability

iDefense Security Advisory 10.07.09 http://labs.idefense.com/intelligence/vulnerabilities/ Oct 07, 2009 I. BACKGROUND IBM's AIX is a Unix operating system based on System V, which runs on the PowerPC (PPC) architecture. For more information, visit the product web site at the following URL.

iDefense Security Advisory 08.25.09: Autonomy KeyView Excel File SST Parsing Integer Overflow Vulnerability

iDefense Security Advisory 08.25.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 25, 2009 I. BACKGROUND Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats, one of which is the Microsoft

iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability

iDefense Security Advisory 07.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2009 I. BACKGROUND Microsoft's Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the progra

iDefense Security Advisory 08.11.09: Multiple Vendor Microsoft ATL/MFC ActiveX Type Confusion Vulnerability

iDefense Security Advisory 08.11.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 11, 2009 I. BACKGROUND Microsoft's Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the progra

iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Information Disclosure Vulnerability

iDefense Security Advisory 07.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2009 I. BACKGROUND Microsoft's Component Object Model (COM) was designed to allow interoperability between disjointed software components. It is a standardized interface solution to the progra

iDefense Security Advisory 08.11.09: Microsoft Office Web Components 2000 Buffer Overflow Vulnerability

iDefense Security Advisory 08.11.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 11, 2009 I. BACKGROUND Office Web Components is a group of ActiveX controls that can be used to view and edit Microsoft Office files such as spreadsheets and charts. It is commonly used to allow a user

iDefense Security Advisory 08.07.09: Adobe Flash Player Invalid Loader Object Reference Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 07.30.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 30, 2009 I. BACKGROUND Adobe Flash Player is a very popular web browser plugin. It is available for multiple web browsers and platforms, including Windows

iDefense Security Advisory 08.06.09: Microsoft Internet Explorer HTML TIME 'ondatasetcomplete' Use After Free Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 07.28.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2009 I. BACKGROUND HTML+TIME (HTML Timed Interactive Multimedia Extensions)is a web standard that was created for Microsoft Corp.'s Internet Exp

iDefense Security Advisory 08.06.09: Adobe Flash Player URL Parsing Heap Overflow Vulnerability

iDefense Security Advisory 08.06.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 06, 2009 I. BACKGROUND Adobe Flash Player is Flash Player is a cross-platform browser plug-in that delivers interactive content for Web experiences. For more information, please visit following page

iDefense Security Advisory 08.06.09: IBM AIX libC _LIB_INIT_DBG Arbitrary File Creation Vulnerability

iDefense Security Advisory 08.04.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 04, 2009 I. BACKGROUND IBM's AIX is a Unix operating system based on System V, which runs on the PowerPC (PPC) architecture. For more information, visit the product web site at the following URL.

iDefense Security Advisory 08.06.09: Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability

iDefense Security Advisory 08.04.09 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 04, 2009 I. BACKGROUND Pack200 is a compression method introduced by Sun in the 1.5 release of the JRE. It is used to compress JAR files, and is optimized for the compression of Java class files. A

iDefense Security Advisory 07.15.09: Microsoft Office Publisher 2007 Arbitrary Pointer Dereference Vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDefense Security Advisory 07.14.09 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 14, 2009 I. BACKGROUND Microsoft Office Publisher is a desktop publishing application. For more information, please visit following website: http

  1   2   3   4   5   6   7   >