Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system.
e85735c3e297446cefa2f372abec28e211d0a44ffa2d1cc7c2afff07bd24cd6bTrend Micro Maximum Security is vulnerable to arbitrary code execution as it allows for creation of registry key to target a process running as SYSTEM. This can allow a malware to gain elevated privileges to take over and shutdown services that require SYSTEM privileges like Trend Micros "Asmp" service "coreServiceShell.exe" which does not allow Administrators to tamper with them. This could allow an attacker or malware to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. Note administrator privileges are required to exploit this vulnerability.
2bef0a7498592f26d2748979ed451cc8771185733de0a4a4c86834cf8e60b081A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle Solaris 10 1/13 (Update 11) and earlier, allows local users to gain root privileges via a long palette name passed to dtsession in a malicious .Xdefaults file. Note that Oracle Solaris CDE is based on the original CDE 1.x train, which is different from the CDE 2.x codebase that was later open sourced. Most notably, the vulnerable buffer in the Oracle Solaris CDE is stack-based, while in the open source version it is heap-based.
d25b46d48230e23cf621654e72fc9113aa59c9c5cd75e5f0f889790d85edd1e5A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.
a03fb7575a6762318b5f522c1cd86e250b04e78f95dc0676d4b6ae90596cb912Ubuntu Security Notice 4241-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, or execute arbitrary code. It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
a603d0f1422c63c0f865910e3f32286250ba5122b98aab03efc19e2e49087c05Ubuntu Security Notice 4240-1 - It was discovered that Kamailio incorrectly handled a specially crafted file. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
7e0dc81479bfcc0c57300ca4406f4dac4dcc0a6fe0026c1ff5563c2693a3debcWordPress Time Capsule plugin version 1.21.16 suffers from an authentication bypass vulnerability.
86da555b42350aa16060d960061fde9cd81c6538aa8fdaaa89443612d1d88d61GTalk Password Finder version 2.2.1 suffers from a denial of service vulnerability.
184769acddcba4b7da8b9827b611c276819e38e9e258de8913756bdc44c76ab9WordPress InfiniteWP Client plugin versions prior to 1.9.4.5 suffer from an authentication bypass vulnerability.
db0e9fdcc7fd8dd5eb2e720a3bbac3e66d6ef45436d0bd2833d7386ba00db410Torrent FLV Converter version 1.51 Build 117 suffers from a stack overflow vulnerability.
4c9f73fd027f78ea445632f6526334adbb2e12d4db21f42bb9ede94a818fc8bbAPKF Product Key Finder version 2.5.8.0 suffers from a denial of service vulnerability.
f3f319133c9bdfeb656a8d117ac52f61f46e3c7e66e30d0f3c6abc1b5ed63786
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed