Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 20

Remote code execution in Microsoft Word
CVE-2006-6561

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused by boundary error when processing  an unchecked word count in Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


i

This vulnerability was publicly disclosed by Disco Jonny.

Software: Microsoft Word

Known/fameous malware:

Bloodhound.Exploit.108.

This vulnerability was publicly disclosed by Disco Jonny.

Remote code execution in Microsoft Word
CVE-2006-6456

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused by boundary error when handling Word files with a specially crafted data structure. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


Software: Microsoft Word

Known/fameous malware:

Trojan.Mdropper.U

Remote code execution in Microsoft Word
CVE-2006-5994

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused by boundary error when handling Word files with a specially crafted string. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


Software: Microsoft Word

Known/fameous malware:

Bloodhound.Exploit.106

Remote code execution in Microsoft XML Core Services
CVE-2006-5745

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an error in XMLHTTP ActiveX control within Microsoft XML Core Services. A remote unauthenticated attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited.

i

The issue was discovered in the wild by ISS xForce.

Software: Microsoft XML Core Services

The issue was discovered in the wild by ISS xForce.

Remote code execution in Visual Studio WMIObjectBroker2 ActiveX control
CVE-2006-4704

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect handling of input data in Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX control (WmiScriptUtils.dll), bundled with Visual Studio 2005. A remote unauthenticated attacker can trick the victim to open a specially crafted web page or HTML file and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited.

i

This vulnerability was publicly reported by Michal Bucko and H D Moore.

Software: Visual Studio

This vulnerability was publicly reported by Michal Bucko and H D Moore.

Remote code execution in WebViewFolderIcon ActiveX control in Microsoft Windows
CVE-2006-3730

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of input parameters passed to vulnerable setSlice() method in WebViewFolderIcon ActiveX control (Web View). A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Windows

Remote code execution in Microsoft PowerPoint
CVE-2006-4694

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused by a boundary error when parsing malformed records within the PowerPoint file. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


i

It has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.

Software: Microsoft PowerPoint

Known/fameous malware:

Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F.

It has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.

Remote code execution in Microsoft Windows
CVE-2006-4868

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect handling of input data in Vector Markup Language (VML) implementation (VGX.dll) in Microsoft Windows. A remote unauthenticated attacker can trick the victim to open a specially crafted web page or HTML file and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being actively exploited.

i

This vulnerability was reported by Sunbelt Software.

Software: Windows

Known/fameous malware:

Bloodhound.Exploit.78

This vulnerability was reported by Sunbelt Software.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2006-4777

Heap-based buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow within DirectAnimation Path ActiveX control (daxctle.ocx) when handling unexpected input. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Microsoft Internet Explorer

Multiple vulnerabilities in Microsoft Word
CVE-2006-4534

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to stack-based buffer overflow. By persuading the victim to load and open a specially crafted Word document containing a malformed string, a remote attacker can execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.
i

This vulnerability was reported by Juha-Matti Laurio.

Software: Microsoft Office

Known/fameous malware:

Trojan.Mdropper.Q

This vulnerability was reported by Juha-Matti Laurio.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2006-4446

Heap-based buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow in DirectAnimation.PathControl ActiveX control (daxctle.ocx) when handling unexpected input. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Microsoft Internet Explorer

Buffer overflow in Microsoft Windows Server service
CVE-2006-3439

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in Microsoft Windows Server Service. A remote attacker can send a specially crafted packet to port 139/TCP or 445/TCP, trigger boundary error and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Windows

Remote code execution in Microsoft VBA
CVE-2006-3649

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to buffer overflow. By persuading the victim to open a malicious Office document containing Visual Basic for Applications (VBA) script, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.
i

The weakness was disclosed 08/08/2006 by Ka Chun Leung with Symantec.

Software: Microsoft Office

Known/fameous malware:

Trojan.Mdropper.N

The weakness was disclosed 08/08/2006 by Ka Chun Leung with Symantec.

Remote code execution in Microsoft PowerPoint
CVE-2006-3590

Memory corruption

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to memory corruption in mso.dll. By persuading the victim to open a specially crafted PPT file, containing a malformed shape container, a remote attacker can execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in complete compromise of vulnerable system.

Note: this vulnerability was being actively exploited.

Software: Microsoft PowerPoint

Known/fameous malware:

PPDropper.B Trojan.
Bloodhound.Exploit.79

Multiple vulnerabilities in Microsoft Office
CVE-2006-1540

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling malformed strings in Office documents. A remote attacker can create a specially crafted Office file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Microsoft Office

Multiple vulnerabilities in Microsoft Excel
CVE-2006-1301

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect handling of input data when processing a malformed SELECTION record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability was being actively exploited.

Software: Microsoft Excel

Multiple vulnerabilities in Microsoft Excel
CVE-2006-3059

Remote code execution

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to a stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName() function. By persuading the victim to open a specially crafted Excel file, a remote attacker can cause DoS conditions or execute arbitrary code via a long hyperlink.

Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Software: Microsoft Excel

Known/fameous malware:

Mdropper.J Trojan.

Remote code execution in Microsoft Word
CVE-2006-2492

Remote code execution

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to buffer overflow. By persuading the victim to open a specially crafted Word file containing a malformed object pointer, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Software: Microsoft Word

Known/fameous malware:

Mdropper.H Trojan.
SmartTag exploit.

Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2006-1359

Memory corruption

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in createTextRange() DHTML method when handling unexpected user input for radio button control. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Microsoft Internet Explorer

Known/fameous malware:

Kaspersky - Exploit.JS.CVE-2006-1359.d
Ikarus - Exploit.JS.CVE-2006-1359.d
Nod32 - JS/Exploit.CVE-2006-1359

Remote code execution in Microsoft Windows GDI
CVE-2005-4560

Buffer overflow

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in Microsoft Graphical Device Interface library (GDI32.DLL) when handling .wmf files. A remote attacker can create a specially crafted .wmf image file with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

i

This vulnerability was disclosed on December 27, 2005. We have decided however to include it into 2006 year due to very close timing.

Software: Windows

This vulnerability was disclosed on December 27, 2005. We have decided however to include it into 2006 year due to very close timing.