|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : SecurityAlert | ||||
 SecurityAlert : 886 CVE : CVE-2006-2297 SecurityRisk : Low  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Given : No Credit : Reversemode (advisories reversemode com) Published : 15.05.2006
Advisory Text : Microsoft Infotech Storage System Library (itss.dll) is prone to a heap corruption vulnerability. This issue is due to the failure of the library to properly check a specially crafted CHM file. The successful exploitation of this flaw would allow to execute arbitrary code. Itss.dll is the system library, which deals with CHM/ITS format. Microsoft rates the CHM file format as potentially dangerous,similar to an executable file. Nevertheless, this flaw is triggered just decompiling the malicious CHM file (using hh -decompile), thus malicious attackers could trick the user to perform this operation or even, advanced users or researchers could try to decompile before opening it. Microsoft plans to address this issue in the next Service Pack. Due to this fact, users of certain Windows versions should implement their own protection mechanism. Advisory and proof of concept available at www.reversemode.com Regards, Rubén Santamarta Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |