Microsoft Word .doc Font Parsing Overflow

Network Security News – Wednesday, July 13, 2005 Events

Microsoft Word .doc Font Parsing Overflow

A local overflow exists in Microsoft Word for Windows. Word fails to check the length of font information in .doc files resulting in a stack based overflow. With a specially crafted document, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17829

UBB.threads Cookie Data language Parameter Local File Inclusion

UBB.threads contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to language preferences extracted from the cookie not properly sanitizing the 'language' parameter. This may allow an attacker to include an arbitrary file location, appended with a null byte (%00), that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17512

UBB.threads addaddress.php Cross Site Request Forgery

UBB.threads contains a flaw that allows a remote cross site request forgery attack. This flaw exists because the application does not validate input upon submission to the 'addaddress.php' script. This could allow a malicious user to create a specially crafted URL that would execute arbitrary code in a user's browser, with the permissions of the user viewing the URL, within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17521

ActivePost Standard Plaintext Password Disclosure

ActivePost Standard contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text passwords when a user enters in the conference menu, the server sends all the information of the available rooms including the plain-text passwords of the conference rooms that are password protected.. Read more at osvdb.org/16201

ActivePost Standard File Upload Traversal

ActivePost Standard contains a flaw that allows a remote attacker to upload any file outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the filename variable.. Read more at osvdb.org/16200

ActivePost Standard File Upload Filename Overflow DoS

ActivePost Standard contains a flaw that may allow a remote denial of service. The issue is triggered when a filename that is longer than 4074 characters is uploaded, and will result in loss of availability for the service.. Read more at osvdb.org/16199