Page 180 of 897 results (0.004 seconds)

CVSS: 7.2EPSS: 0%CPEs: 43EXPL: 0

Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself. Desbordamiento de entero en un driver de terceros no especificado incluido en Apple iTunes anterior a la 8.0 para Windows, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securityresponse.symantec.com/avcenter/security/Content/2008.10.07a.html http://securitytracker.com/id?1020839 http://support.apple.com/kb/HT3025 http://www.gearsoftware.com/support/GEARAspi%20Security%20Information.pdf http://www.kb.cert.org/vuls/id/146896 http://www.securityfocus.com/archive/1/497131/100/0/threaded http://www.securityfocus.com/bid/31089 http://www.securitytracker.com/id?1020997 http:& • CWE-189: Numeric Errors •

CVSS: 2.6EPSS: 0%CPEs: 47EXPL: 0

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. Aplicación Itunes anterior a la v8 sobre Mac OS X 10.4.11, cuando iTunes Sharing se encuentra habilitado pero bloqueado por el cortafuegos del sistema, muestra información falsa (engañosa) sobre la seguridad del cortafuegos. Esto podría ser aprovechado por atacantes remotos. El administrador no obviaría esta cuestión si se le diera mejor información al respecto. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00001.html http://securitytracker.com/id?1020840 http://www.securityfocus.com/bid/31090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •