TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com.tw/epaper/
DragonSoft (Chinese/English) Vulnerability and Threat Knowledge Base:
. Chinese Version: http://vdb.dragonsoft.com.tw/
. English Version: http://vdb.dragonsoft.com/
Contents:
* 19 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2005/01/13
Name: MS05-003:Windows Indexing Service Allow Remote Code Execution-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2136
Description (English): http://vdb.dragonsoft.com/detail.php?id=2136
Date Reported: 2005/01/13
Name: MS05-003:Windows Indexing Service Allow Remote Code Execution-XP
Risk: High
Category: MS HotFix
Affect OS: Windows XP
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2135
Description (English): http://vdb.dragonsoft.com/detail.php?id=2135
Date Reported: 2005/01/13
Name: MS05-003:Windows Indexing Service Allow Remote Code Execution-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2134
Description (English): http://vdb.dragonsoft.com/detail.php?id=2134
Date Reported: 2004/12/27
Name: MS05-002:Windows LoadImage API Function Integer Overflow Vulnerability-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2133
Description (English): http://vdb.dragonsoft.com/detail.php?id=2133
Date Reported: 2004/12/27
Name: MS05-002:Windows LoadImage API Function Integer Overflow Vulnerability-XP
Risk: High
Category: MS HotFix
Affect OS: Windows XP
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2132
Description (English): http://vdb.dragonsoft.com/detail.php?id=2132
Date Reported: 2004/12/27
Name: MS05-002:Windows LoadImage API Function Integer Overflow Vulnerability-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2131
Description (English): http://vdb.dragonsoft.com/detail.php?id=2131
Date Reported: 2004/12/27
Name: MS05-002:Windows LoadImage API Function Integer Overflow Vulnerability-NT4
Risk: High
Category: MS HotFix
Affect OS: NT4
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2124
Description (English): http://vdb.dragonsoft.com/detail.php?id=2124
Date Reported: 2004/12/27
Name: Windows winhlp32.exe Phrase Integer Buffer Overflow Vulnerability
Risk: High
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2122
Description (English): http://vdb.dragonsoft.com/detail.php?id=2122
Date Reported: 2004/12/27
Name: Windows winhlp32.exe Phrase Heap Buffer Overflow Vulnerability
Risk: High
Category: MS HotFix
Affect OS: Windows NT4, 2000, XP, 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2121
Description (English): http://vdb.dragonsoft.com/detail.php?id=2121
Date Reported: 2004/12/27
Name: IBM DB2 REC2XML and GENERATE_DISTFILE Buffer Overflow Vulnerabilities
Risk: High
Category: IBM DB2
Affect OS: Windows, UNIX
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2120
Description (English): http://vdb.dragonsoft.com/detail.php?id=2120
Date Reported: 2004/12/27
Name: MS05-002:Windows ANI File DoS Vulnerability-2003
Risk: High
Category: MS HotFix
Affect OS: Windows 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2130
Description (English): http://vdb.dragonsoft.com/detail.php?id=2130
Date Reported: 2004/12/27
Name: MS05-002:Windows ANI File DoS Vulnerability-XP
Risk: High
Category: MS HotFix
Affect OS: Windows XP
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2129
Description (English): http://vdb.dragonsoft.com/detail.php?id=2129
Date Reported: 2004/12/27
Name: MS05-002:Windows ANI File DoS Vulnerability-2000
Risk: High
Category: MS HotFix
Affect OS: Windows 2000
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2128
Description (English): http://vdb.dragonsoft.com/detail.php?id=2128
Date Reported: 2004/12/27
Name: MS05-002:Windows ANI File DoS Vulnerability-NT4
Risk: High
Category: MS HotFix
Affect OS: NT4
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2123
Description (English): http://vdb.dragonsoft.com/detail.php?id=2123
Date Reported: 2004/12/27
Name: Oracle Database Server Trigger Abuse Vulnerability
Risk: High
Category: Oracle
Affect OS: Windows, UNIX
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2118
Description (English): http://vdb.dragonsoft.com/detail.php?id=2118
Date Reported: 2004/12/26
Name: PHP Multiple Remote Code Execution Vulnerabilities
Risk: High
Category: Web Servers
Affect OS: Windows, UNIX
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2117
Description (English): http://vdb.dragonsoft.com/detail.php?id=2117
Date Reported: 2005/01/13
Name: MS05-001:Windows HTML Help Control Cross-Domain Vulnerability-2003
Risk: Medium
Category: MS HotFix
Affect OS: Windows 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2127
Description (English): http://vdb.dragonsoft.com/detail.php?id=2127
Date Reported: 2005/01/13
Name: MS05-001:Windows HTML Help Control Cross-Domain Vulnerability-XP
Risk: Medium
Category: MS HotFix
Affect OS: Windows XP
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2126
Description (English): http://vdb.dragonsoft.com/detail.php?id=2126
Date Reported: 2005/01/13
Name: MS05-001:Windows HTML Help Control Cross-Domain Vulnerability-2000
Risk: Medium
Category: MS HotFix
Affect OS: Windows 2000
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=2125
Description (English): http://vdb.dragonsoft.com/detail.php?id=2125
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) 2002 DragonSoft Security Associate, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent
of the DragonSoft Security Associate. If you wish to reprint the whole or any
part of this document in any other medium excluding electronic media, please email
alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise,
with regard to this information or its use. Any use of this information is at
the user's risk. In no event shall the author/distributor be held liable for any
damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft
vdb_adm@dragonsoft.com of DragonSoft Security Associate, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software
and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including
vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associate, Inc. http://www.dragonsoft.com/
Tel. +886-3-5630989
Fax. +886-3-5797758
6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300, R.O.C
|
|
|
