[CLOSE] OSVDB ID : 79112 - Disclosed: 2010-12-31

Description:

Microsoft Virtual PC is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., midimap.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a vmc file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79114 - Disclosed: 2010-12-31

Description:

Microsoft Clip Organizer is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., twcgst.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a mpf file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79115 - Disclosed: 2010-12-31

Description:

Microsoft MS Clip Book Viewer is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., mfaphook.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79116 - Disclosed: 2010-12-31

Description:

Microsoft Snapshot Viewer is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., mfc71enu.dll, mfc71loc.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a snp file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79117 - Disclosed: 2010-12-31

Description:

Microsoft Windows Program Group is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., imm.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a grp file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79118 - Disclosed: 2010-12-31

Description:

Microsoft RDP Client is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., dwmapi.dll for Win7 or ieframe.dll for XPSP3). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a rdp file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79120 - Disclosed: 2010-12-31

Description:

Microsoft Live Writer is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., peerdist.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a wpost file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79101 - Disclosed: 2010-12-31

Description:

Aviscreen Pro is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., iccvid.dll, ir32_32.dll, yuv_32.dll, msrle32.dll, msvidc32.dll, msyuv.dll, tsbyuv.dll, iacenc.dll, tsbyuv.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79104 - Disclosed: 2010-12-31

Description:

Citrix ICA Client is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., pncachen.dll, wfapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an ICA file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79105 - Disclosed: 2010-12-31

Description:

gDoc Fusion is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., wintab32.dll, ssleay32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79106 - Disclosed: 2010-12-31

Description:

Encase is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., rsaenh.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a endump file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79107 - Disclosed: 2010-12-31

Description:

Forensic Toolkit is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a ftk file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79109 - Disclosed: 2010-12-31

Description:

Inkscape is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., quserex.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a svgz file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79110 - Disclosed: 2010-12-31

Description:

Kineti Count is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a kcp file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79111 - Disclosed: 2010-12-31

Description:

Mediamonkey is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79121 - Disclosed: 2010-12-31

Description:

Moovida Media Player is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., ibc.dll, quserex.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79122 - Disclosed: 2010-12-31

Description:

Muvee Reveal is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., peerdist.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a rvl file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79123 - Disclosed: 2010-12-31

Description:

Omnipeek Personal is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., mfc71loc.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79124 - Disclosed: 2010-12-31

Description:

Forensic CaseNotes is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., credssp.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a notes file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79125 - Disclosed: 2010-12-31

Description:

Roxio Central is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., homeutils10.dll, dlaapi_w.dll, sonichttpclient10.dll, tfswapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79126 - Disclosed: 2010-12-31

Description:

SMPlayer is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., wintab32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79127 - Disclosed: 2010-12-31

Description:

Steam Games is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., steamgamesupport.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79128 - Disclosed: 2010-12-31

Description:

SoMud P2P is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., wintab32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a torrent file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79129 - Disclosed: 2010-12-31

Description:

PDFXChange Viewer is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., wintab32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a pdf file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79099 - Disclosed: 2010-12-31

Description:

Adobe Fireworks is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79100 - Disclosed: 2010-12-31

Description:

Aladdin eToken PKI Client is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., wintab32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79113 - Disclosed: 2010-12-31

Description:

Microsoft Movie Maker is prone to a flaw in the way it loads dynamic-link libraries (DLL) (via hhctrl.ocx). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 74340 - Disclosed: 2010-12-31

Description:

HP Photo Creative is prone to an overflow condition. The audio.Record.1 ActiveX Control in ContentMan.dll fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted string, a remote attacker can cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 79102 - Disclosed: 2010-12-31

Description:

Brava PDF Reader is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a PDF (among other types) file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79103 - Disclosed: 2010-12-31

Description:

HexWorkshop is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., pe932d.dll, pe936d.dll, pegrc32d.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 79108 - Disclosed: 2010-12-31

Description:

IBM Rational License Key Administrator is prone to a flaw in the way it loads dynamic-link libraries (DLL) (e.g., ibfs32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a upd file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 80747 - Disclosed: 2010-12-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 87356 - Disclosed: 2010-12-31

Description:

Oracle MySQL contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in do_div_mod during the handling of a DIV expressions, which will result in a loss of availability for the system.

[CLOSE] OSVDB ID : 71023 - Disclosed: 2010-12-30

Description:

GNU contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via patches. This directory traversal attack would allow the attacker to create and modify arbitrary files.

[CLOSE] OSVDB ID : 70854 - Disclosed: 2010-12-30

Description:

vBSEO contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'Title' field before it is used. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70466 - Disclosed: 2010-12-30

Description:

WebKit contains typecasting flaws in the 'MediaDocument::defaultEventHandler' and 'MediaDocument::replaceMediaElementTimerFired' functions in WebCore/html/MediaDocument.cpp when handling descendant video elements for a node. With a specially crafted web page, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70414 - Disclosed: 2010-12-30

Description:

Wing FTP Server] contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition of admin users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 73691 - Disclosed: 2010-12-30

Description:

Xoda contains multiple unspecified flaws that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 70234 - Disclosed: 2010-12-30

Description:

WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input containing protocol strings in the KSES library before use. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70233 - Disclosed: 2010-12-30

Description:

By default, CA ARCserve D2D deploys Axis2 with default credentials. The admin account has a password of axis2 which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access. An attacker may also then upload a crafted .aar file to execute arbitrary code.