[Full-disclosure] Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-1903

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team (VDT) http://www.checkpoint.com/defense/ Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerab

[Full-disclosure] MoonSols update on CVE-2010-1893 (Windows 7 TCP/IP Integer Overflow)

Dear, Here is a blogpost about the CVE-2010-1893 http://moonsols.com/blog/14-august-security-bulletin Regards, -- Matthieu Suiche Founder MoonSols ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html H

[Full-disclosure] Secunia Research: Windows Movie Maker String Parsing Buffer Overflow

== Secunia Research 10/08/2010 - Windows Movie Maker String Parsing Buffer Overflow - == Table of Contents Affected Software.

[Full-disclosure] stratsec Security Advisory: SS-2010-007 Microsoft SMB Server Zero Size Pool Allocation

=== stratsec Security Advisory: SS-2010-007 MS SMB Server Zero Size Pool Allocation === Title: SS-2010-007 Microsoft SMB Server Zero Siz

[Full-disclosure] iDefense Security Advisory 08.10.10: Microsoft Word RTF File Parsing Heap Buffer Overflow Vulnerability

iDefense Security Advisory 08.10.10 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 10, 2010 I. BACKGROUND Microsoft Word is a word processing application from Microsoft Office. For more information about Microsoft Word, see the following website: http://office.microsoft.com/en-us/word

[Full-disclosure] RoadRunner Ambit U10C019 CableModem Exploit

Hello. This is the introduction to a large-scale RoadRunner Cable-Router exploit on the Ambit U10C019 CableModem. Basically, the default Cable Router that RoadRunner/TimeWarner gives to its customers by default: 1) Allows for remote login with user: admin, password: cableroot. 2) Allows remote

Re: [Full-disclosure] Reliable reports on attacks on medical software and IT-systems available?

On Tue, Aug 10, 2010 at 2:03 PM, halfdog wrote: > Possible answers might be (sorted by probability): * There is no money in harming or killing patients. BMF ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-char

[Full-disclosure] ZDI-10-149: Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability

ZDI-10-149: Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-149 August 10, 2010 -- CVE ID: CVE-2010-2188 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Adobe -- Affected Products: Adobe

[Full-disclosure] CORE-2010-0407: Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Office Excel PivotTable Cache Data Record Buffer Overflow 1. *Advisory Information* Title: Microsoft Office Excel PivotTable Cache Data Re

Re: [Full-disclosure] Reliable reports on attacks on medical software and IT-systems available?

--On Tuesday, August 10, 2010 21:03:35 + halfdog wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Just to clarify some points from off-list messages: > > I have no knowledge of ongoing or planned attacks. I was just searching for > historic reports of any age. I wonder why powerpl

[Full-disclosure] [CORE-2010-0623] Microsoft Windows CreateWindow function callback vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://corelabs.coresecurity.com/ Microsoft Windows CreateWindow function callback vulnerability 1. *Advisory Information* Title: Microsoft Windows CreateWindow function callback vuln

Re: [Full-disclosure] Reliable reports on attacks on medical software and IT-systems available?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just to clarify some points from off-list messages: I have no knowledge of ongoing or planned attacks. I was just searching for historic reports of any age. I wonder why powerplants, telephone systems, corporate IT systems are frequently affected by a

[Full-disclosure] Issue 17 - Msxml2.XMLHTTP.3.0 response handling memory corruption (ms10-051, CVE-2010-2561)

Just facts, no marketing (sorry Alex :P). Microsoft advisory: http://www.microsoft.com/technet/security/bulletin/ms10-051.mspx Blog post/discussion: http://skypher.com/index.php/2010/08/10/ms10-051/ Timeline, details and repro: http://code.google.

[Full-disclosure] ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability

ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-148 August 10, 2010 -- CVE ID: CVE-2010-2553 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft File For

[Full-disclosure] ZDI-10-147: Microsoft Windows MPEG Layer-3 Audio Decoder Remote Code Execution Vulnerability

ZDI-10-147: Microsoft Windows MPEG Layer-3 Audio Decoder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-147 August 10, 2010 -- CVE ID: CVE-2010-1882 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Microsoft -- Affected Products: Microsoft

[Full-disclosure] Reliable reports on attacks on medical software and IT-systems available?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am searching for reliable reports on attacks on medical software and infrastructure ___aiming to harm or kill patients___. There are quite a few reports on data theft combined with blackmailing or data disclosure but rather no information if there we

[Full-disclosure] List Charter

[Full-Disclosure] Mailing List Charter John Cartwright - Introduction & Purpose - This document serves as a charter for the [Full-Disclosure] mailing list hosted at lists.grok.org.uk. The list was created on 9th July 2002 by Len Rose, and is primarily concerned with security issues and thei

[Full-disclosure] [USN-965-1] OpenLDAP vulnerabilities

=== Ubuntu Security Notice USN-965-1August 09, 2010 openldap, openldap2.2, openldap2.3 vulnerabilities CVE-2010-0211, CVE-2010-0212 === A security issue affects the following

[Full-disclosure] [USN-967-1] w3m vulnerability

=== Ubuntu Security Notice USN-967-1August 09, 2010 w3m vulnerability CVE-2010-2074 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 L