Monthly Archive: April 2004

The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary...

Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. Date published : 2004-04-16 http://www.us-cert.gov/cas/techalerts/TA04-104A.html http://www.kb.cert.org/vuls/id/353956

An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with...

Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing...

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. Date published : 2004-04-07 http://www.securityfocus.com/bid/10008 http://www.securityfocus.com/archive/1/359025

Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." Date published : 2004-04-07 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/mhonarc/security-announce/msg00047.html

Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. Date published : 2004-04-07 http://docs.info.apple.com/article.html?artnum=61798 http://lists.apple.com/mhonarc/security-announce/msg00047.html

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. Date published : 2004-04-07 http://marc.info/?l=bugtraq&m=108118352303273&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15729

Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. Date published : 2004-04-06 http://www.securityfocus.com/bid/10041 http://www.kb.cert.org/vuls/id/354838

mysqlbug in MySQL allows local users to overwrite arbitrary files via a symlink attack on the failed-mysql-bugreport temporary file. Date published : 2004-04-06 http://www.securityfocus.com/bid/9976 http://marc.info/?l=bugtraq&m=108023246916294&w=2

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in...

Buffer overflow in the win32_stat function for (1) ActiveState’s ActivePerl and (2) Larry Wall’s Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character....

oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value. Date published : 2004-04-06 http://www.securityfocus.com/bid/9980 http://www.time-travellers.org/oftpd/oftpd-dos.html

Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. Date published : 2004-04-06 http://www.securityfocus.com/bid/10005...