• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Mac OS X Application Memory Debugging MallocLogFile Variable Insecure File Creat

Network Security News – Wednesday, October 12, 2005 Events

Mac OS X Application Memory Debugging MallocLogFile Variable Insecure File Creation

Mac OS X contains a flaw that may allow a malicious local user to create and/or manipulate arbitrary files on the system. The issue is due to malloc reading the MallocLogFile environment variable when running suid executables, modifying any file on the system. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/19706

xine/gxine xine-lib CDDB Response Format String

xine-lib contains a flaw that may allow remote execution of arbitrary code. The issue is triggered when a xine-lib based media application, such as xine or gxine, retrieves improper metadata from a malicious CDDB server while playing an audio CD. The metadata is placed in memory on the stack and eventually passed to a fprintf() function as a format string. This allows the malicious user to alter the control flow and to execute malicious code with the permissions of the user running the application.. Read more at osvdb.org/19892

Mac OS X Mail.app Kerberos 5 SMTP Authentication Arbitrary Memory Disclosure

Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when Kerberos 5 authentication is used in Mail.app, which may append uninitialized memory to a message resulting in a loss of confidentiality.. Read more at osvdb.org/19705

Webroot Desktop Firewall PWIWrapper.dll FirewallNTService.exe Overflow

A local overflow exists in Webroot Desktop Firewall. The 'PWIWrapper.dll' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.. Read more at osvdb.org/19868

Webroot Desktop Firewall DeviceIoControl() Local DoS

Webroot Desktop Firewall contains a flaw that may allow a local denial of service. The issue is triggered when sending specific 'DeviceIoControl()' commands to the firewall driver, which may allow a malicious user to disable the firewall resulting in a loss of availability.. Read more at osvdb.org/19869

Sony PSP Photo Viewer TIFF File Overflow

A remote overflow exists in PSP (PlayStation Portable). The TIFF library of the Photo Viewer application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted TIFF file, a remote attacker can cause the device to crash resulting in a loss of availability.. Read more at osvdb.org/19665

HAURI Anti-Virus ALZ Archive Filename Overflow

A remote overflow exists in multiple HAURI anti-virus products. The issue is due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive resulting in a stack-based buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity. This requires that compressed file scanning is enabled.. Read more at osvdb.org/19878

ALZip ALZ Archive Handling Overflow

A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted ALZ archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19889

ALZip ARJ/ZIP/UUE/XXE Archive Handling Overflow

A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted ARJ, ZIP, UUE or XXE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19890

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software