TK53 Advisory #2 12/29/2007
- Multiple vulnerabilities in ClamAV
* Authors: Roflek of TK53 [EMAIL PROTECTED], Lolek of TK53
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dear Colleagues,
Attached please find the Call For Papers for DIMVA 2008, the Fifth
GI International Conference on Detection of Intrusions Malware,
and Vulnerability Assessment; which is to be held in Paris,
France, July 10-11, 2008. Complete information is available at
TK53 Advisory #2 12/29/2007
- Multiple vulnerabilities in ClamAV
* Authors: Roflek of TK53 [EMAIL PROTECTED], Lolek of TK53
TK53 Advisory #2 12/29/2007
- Multiple vulnerabilities in ClamAV
* Authors: Roflek of TK53 [EMAIL PROTECTED], Lolek of TK53
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200712-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
My first attempt at an SEH overwrite exploit. Anyhow, I first
posted about this issue regarding version 7 of this control, Will
Dormann of the CERT/CC discovered versions 6 and 6.5 are vulnerable
too, see http://www.kb.cert.org/vuls/id/963889. Dwa7w.dll and
inotes6w.dll are unicode, thats my
Todd Troxell wrote:
I discovered rather inadvertently that laptops do not enjoy having
their USB VCC shorted to GND one bit. It is a sure DoS, in fact if
the machine has a stupid power supply, it could result in permanent
damage. It is kind of scary for kiosk machines like the those
MC has already made a Metasploit module for this, and Symantec has
released BloodHound signatures for general isusweb abuse. Code is
inline and attached.
!--
written by e.b.
Macrovision Installshield isusweb.dll SEH Overwrite Exploit
Tested on Windows XP SP2(fully patched)
This one is unicode based, so is inotes6w. Exploitation for
inotes6w is probably the same just with a different offset. Code is
inline and attached.
-
!--
written by e.b.
IBM Domino Web Access Upload Module dwa7w.dll SEH Overwrite Exploit
CVE-2007-4474
Tested on Windows XP
12 matches
Mail list logo