CVE-2008-3614
https://notcve.org/view.php?id=CVE-2008-3614
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. Desbordamiento de entero en Apple QuickTime anterior 7.5.5 sobre Windows, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada que lanza un corrupción de montículo (heap). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=744 http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://secunia.com/advisories/31821 http://secunia.com/advisories/31882 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://support.apple.com/kb/HT3137 http://www.securityfocus.com/bid/31086 http://www.securitytracker.com/id?1020879 • CWE-189: Numeric Errors •
CVE-2007-5348 – Microsoft Internet Explorer - GDI+ (PoC) (MS08-052)
https://notcve.org/view.php?id=CVE-2007-5348
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability." Desbordamiento de enteros en GDI+ en Microsoft Internet Explorer versión 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works versión 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versión 1.0, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo de imagen con tamaño degradado creados en la entrada de relleno de degradado, que activa un desbordamiento de búfer en la región heap de la memoria relacionado con las bibliotecas GdiPlus.dll y VGX.DLL, también se conoce como "GDI+ VML Buffer Overrun Vulnerability." • https://www.exploit-db.com/exploits/6619 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743 http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/bid/31018 http://www.securitytracker.com/id?1020834 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 https://docs.microsoft.com/en-us/secur • CWE-189: Numeric Errors •
CVE-2008-3013 – Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2008-3013
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability." La biblioteca gdiplus.dll en GDI en Microsoft Internet Explorer versión 6 SP1, Windows XP SP2 y SP3, Server 2003 SP1 y SP2, Vista Gold y SP1, Server 2008, Office XP SP3, Office 2003 SP2 y SP3, 2007 Microsoft Office System Gold y SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works versión 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 y 2008, y Forefront Client Security versión 1.0, permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo de imagen GIF malformado que contiene muchos marcadores de extensión para extensiones de control gráfico y etiquetas desconocidas posteriores, también se conoce como "GDI+ GIF Parsing Vulnerability." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows XP, Server and Vista. User interaction is required in that a user must open a malicious image file or browse to a malicious website. The specific flaws exist in the GDI+ subsystem when parsing maliciously crafted GIF files. By supplying a malformed graphic control extension an attacker can trigger an exploitable memory corruption condition. • https://www.exploit-db.com/exploits/6716 http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html http://marc.info/?l=bugtraq&m=122235754013992&w=2 http://secunia.com/advisories/32154 http://www.securityfocus.com/archive/1/496154/100/0/threaded http://www.securityfocus.com/bid/31020 http://www.securitytracker.com/id?1020836 http://www.us-cert.gov/cas/techalerts/TA08-253A.html http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com • CWE-399: Resource Management Errors •
CVE-2008-3635 – Apple QuickTime IV32 Codec Parsing Stack Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-3635
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. Desbordamiento de búfer basado en pila en QuickTimeInternetExtras.qtx en un codec de Indeo v3.2 (también conocido como IV32) de terceros que no se ha especificado y que es para QuickTime, cuando se utiliza con Apple QuickTime anterior a 7.5.5 en Windows; permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de película manipulado. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of QuickTime files that utilize the Indeo video codec. A lack of proper bounds checking within QuickTimeInternetExtras.qtx can result in a stack based buffer overflow leading to arbitrary code execution under the context of the currently logged in user. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00000.html http://secunia.com/advisories/31821 http://securitytracker.com/id?1020841 http://support.apple.com/kb/HT3027 http://www.securityfocus.com/archive/1/496201/100/0/threaded http://www.securityfocus.com/bid/31086 http://www.vupen.com/english/advisories/2008/2527 http://www.zerodayinitiative.com/advisories/ZDI-08-057 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-3842
https://notcve.org/view.php?id=CVE-2008-3842
Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a query string containing a "</" (less-than slash) sequence. Validación de la petición (también conocido como los filtros ValidateRequest) en ASP.NET de Microsoft .NET Framework sin la actualización MS07-040 no detecta correctamente entradas de cliente peligrosas, lo cual permite a atacantes remotos llevar a cabo un ataque de secuencia de comandos en sitios cruzados (XSS), como lo demostrado por una cadena de consulta que contiene una secuencia "</" (menos-que barra invertida). • http://securityreason.com/securityalert/4193 http://www.procheckup.com/PDFs/bypassing-dot-NET-ValidateRequest.pdf http://www.securityfocus.com/archive/1/495667/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/44741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •