IBM Internet Security Systems Internet Threat Information

IBM Internet Security Systems Internet Threat Information http://www.iss.net en 2007 IBM Internet Security Systems. All rights reserved worldwide. Oracle WebLogic Server Apache Connector Remote Code Execution http://www.iss.net/threats/299.html Oracle WebLogic Server (formerly known as BEA WebLogic Server) is vulnerable to a buffer overflow, which would cause a denial of service and potentially remote code execution. Fri, 1 Aug 2008 00:00:00 -0400 Multiple Vendors Vulnerable to DNS Cache Poisoning http://www.iss.net/threats/298.html Multiple vendor DNS protocol implementations could allow a remote attacker to poison the DNS cache.  Patches that resolve the vulnerability on the DNS may be rendered ineffective if the DNS is behind a NAT device that does not randomize ports. Public exploit code was made available on July 24, 2008.  At the time of this update, neither X-Force nor IBM MSS has witness any active exploitation nor the integration of this exploit into any exploit toolkits. Thu, 17 Jul 2008 00:00:00 -0400 Microsoft ActiveX Snapshot Viewer for Microsoft Access RCE http://www.iss.net/threats/297.html Microsoft ActiveX Snapshot Viewer for Microsoft Access could allow a remote attacker to execute arbitrary code on the system.  Targeted exploitation was reported on July 7, but X-Force has been monitoring toolkit-related mass exploitation since July 10.  As of July 24, exploitation has continued to escalate.  See technical description for more details. Mon, 7 Jul 2008 00:00:00 -0400 Microsoft Dynamics GP Multiple (4) Buffer Overflows http://www.iss.net/threats/296.html The Microsoft Dynamics GP is vulnerable to four heap and stack-based buffer overflows. A remote attacker could overflow the buffer and execute arbitrary code or gain control of the affected system by sending malicious queries to the Distributed Process Server or Distributed Process Manager. Mon, 30 Jun 2008 00:00:00 -0400 Microsoft Windows DirectX SAMI Code Execution http://www.iss.net/threats/295.html Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system. Tue, 10 Jun 2008 00:00:00 -0400 Microsoft Windows MJPEG Codec Multiple Overflows http://www.iss.net/threats/294.html The Microsoft MJPEG codec is vulnerable to multiple stack-based buffer overflows when parsing specially crafted files. A remote attacker could overflow the buffer and execute arbitary code within the context of the user viewing the malicious file. Tue, 10 Jun 2008 00:00:00 -0400