1. Webex Meeting Manager ActiveX Control Vulnerability
(News/CERT)

... to address a vulnerability that affects Cisco Webex Meeting Manager. This vulnerability is due to a buffer overflow condition in the "NewObject()" method within the WebexUCFObject ActiveX control (at...

2. RealPlayer Releases Update
(News/CERT)

...ory corruption. Local resource reference vulnerability in RealPlayer. RealPlayer SWF file heap-based buffer overflow. RealPlayer ActiveX import method buffer overflow. US-CERT encourages users to revi...

3. Mozilla Releases Firefox 3.0.1
(News/CERT)

...he workarounds provided in the documents to help mitigate the risks:MFSA 2008-34 : Remote code execution by overflowing CSS reference counter MFSA 2008-35 : Command-line URLs launch multiple tabs when...

4. Mozilla Releases Firefox 2.0.0.16
(News/CERT)

... the workarounds listed in the documents to help mitigate the risks.MFSA 2008-34 : Remote code execution by overflowing CSS reference counterMFSA 2008-35 : Command-line URLs launch multiple tabs when ...

5. Apple Releases QuickTime 7.5
(News/CERT)

...me 7.5 to address multiple vulnerabilities. These vulnerabilities include the following:a heap-based buffer overflow condition in the handling of PixData structures when processing a PICT image that m...

6. PHP 5.2.6 Released
(News/CERT)

... vulnerabilities. These vulnerabilities includean error in FastCGI SAPI which may result stack-based buffer overflow an integer overflow in printf() an error in init_request_info(), which may result i...

7. Common Data Format Buffer Overflow Vulnerability
(News/CERT)

... a vulnerability in Common Data Format (CDF) version 3.2 and earlier. This vulnerability is due to a buffer overflow condition in the handling of specially-crafted CDF files. Exploitation of this vuln...

8. ICQ Vulnerability
(News/CERT)

US-CERT is aware of public reports of a vulnerability in ICQ 6. This vulnerability is due to a heap buffer overflow condition in the "Personal Status Manager" feature that occurs when processing speci

9. Multiple ClamAV Vulnerabilities
(News/CERT)

...as released ClamAV 0.93 to address multiple vulnerabilities. Two of these vulnerabilities are due to buffer overflow conditions in the handling of Upack executables in libclamav/pe.c and PeSpin packed...

10. ClamAV PE Scanning Vulnerability
(News/CERT)

US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system.US-

11. Active Exploitation of GDI Vulnerabilities
(News/CERT)

...seen public reports of an exploit targeting vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a...

12. VLC Media Player Vulnerability
(News/CERT)

VLC has released a patch to address an integer overflow vulnerability in VLC Media Player. By convincing a user to open an MP4 file with a specially crafted RDRF atom, a remote attacker may be able to

13. Microsoft Jet Database Engine Vulnerability
(News/CERT)

...Advisory to address a vulnerability in Microsoft Jet Database Engine. This vulnerability is due to a buffer overflow condition in msjet40.dll. By convincing a user to open a Word document that is desi...

14. CA BrightStor ARCserve Backup Vulnerability
(News/CERT)

...tiveX control. Exploitation of this vulnerability may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code.US-CERT encourages users to do the following to help mit...

15. Cisco Releases Security Advisory to Address Multiple Vulnerabilities
(News/CERT)

...trol Server for Windows User-Changeable Password (UCP) application. These vulnerabilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation...

16. Sun Java SE Updates
(News/CERT)

...nment May Allow Untrusted JavaScript Code to Elevate Privileges through Java APIs Sun Alert 233327 - Buffer Overflow Vulnerability in Java Web Start May Allow an Untrusted Application to Elevate its P...

17. Novell iPrint Client Vulnerability
(News/CERT)

...update to address a vulnerability in iPrint Client for Windows.  This vulnerability is due to a buffer overflow in the"ExecuteRequest()" method of the "ienipp.ocx" ActiveX control. Exploitation o...

18. Public Exploit for Local Linux Kernel Vulnerability
(News/CERT)

...able for a vulnerability affecting Linux kernels 2.6.17 to 2.6.24.1. These kernel versions contain a buffer overflow vulnerability in the get_user_pages function which may allow an unprivileged local ...

19. Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities
(News/CERT)

...exploit code for vulnerabilities affecting Yahoo! Music Jukebox. These vulnerabilities are caused by buffer overflows in the Yahoo! MediaGrid ActiveX control and the YMP Datagrid ActiveX control. Succ...

20. Publicly Available Exploit for Facebook and MySpace Image Uploader Vulnerability
(News/CERT)

...rability affecting an image uploader used by Facebook and MySpace. This vulnerability is caused by a buffer overflow in Aurigma's ImageUploader ActiveX control. Successful exploitation of this vulnera...

21. GE Fanuc Product Vulnerabilities
(News/CERT)

...uc Proficy Real-Time Information Portal transmits authentication credentials in plain text (KB12459) Buffer Overflow Allows Remote Code Execution (KB12458) US-CERT will provide more information as it ...

22. Cisco Releases Security Advisory to Address Vulnerability in Cisco Unified Communication Manager
(News/CERT)

Cisco has released Security Advisory cisco-sa-20080116-cucmctl to address a heap overflow in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM). This vuln

23. Active Exploitation Using Malicious Microsoft Access Databases
(News/CERT)

US-CERT is aware of a stack buffer overflow vulnerability in the way that Microsoft Access handles specially crafted database files. Opening a specially crafted Microsoft Access Database (e.g., .MDB)