Search

Traffic File Update - October 2007

This Traffic IQ Professional update for October 2007 contains the latest application exploits, threats and security evasion techniques along with technical data and high quality security rules.

Traffic IQ Professional

Traffic File Update for October 2007

46 Application Exploits

Adobe ActionScript SecurityErrorEvent Security Bypass S
Backdoor Bumprat v1.2
Backdoor GhostVoice 1.2
Backdoor Nuclear RAT 2.1.0
Backdoor sharK 2.3.0 (Backdoor.Win32.VB.bax)
CA eTrust Intrusion Detection Caller.CallCode Code Execution S
CA eTrust Intrusion Detection Caller.DLL Remote Code Execution S
CA Multiple Products Arclib.DLL Malformed CHM File DoS S
Crystal Reports For Visual Studio RPT File Code Execution (MS07-052) S
Crystal Reports For Visual Studio RPT File Code Execution (Standard RPT File - MS07-052) S
HP OpenView OVTrace Multiple Remote Buffer Overflow S
HTTP Apple iPhone Mobile Safari Browser DoS S
HTTP Apple iPhone Mobile Safari Browser Remote Heap Overflow S
HTTP Ask Toolbar ShortFormat Property Remote Code Execution (DynamicSehRecord) S
HTTP Ask Toolbar ShortFormat Property Remote Code Execution (windows_exec) S
HTTP Ask Toolbar ShortFormat Property Remote Code Execution S
HTTP EnjoySAP SAP GUI ActiveX Control Buffer Overflow (shell_bind_tcp) S
HTTP Logitech VideoCall ActiveX Control Buffer Overflow (bind_shell) S
HTTP Microsoft Agent agentdpv.dll ActiveX Malformed URL Stack Overflow POC_1 S
HTTP Microsoft Agent agentdpv.dll ActiveX Malformed URL Stack Overflow S
HTTP Microsoft ASP.NET URI Canonicalization Unauthorized Web Access S
HTTP Microsoft ASP.NET URI Canonicalization Unauthorized Web Access_1 S
HTTP Opera Browser data URI Scheme Address Bar Spoofing S
HTTP Symantec NAVComUI.AxSysListView32 ActiveX Code Execution S
HTTP Symantec NAVComUI.AxSysListView32OAA ActiveX Code Execution
HTTP Symantec NAVCOMUI.DLL ActiveX (AxSysListView32) Code Execution S
HTTP Symantec NAVCOMUI.DLL ActiveX (AxSysListView32OAA) Code Execution S
HTTP Yahoo Widgets Engine YDPCTL.DLL ActiveX DoS S
IBM Tivoli Storage Manager Express CAD Service Buffer Overflow S
Microsoft Agent Trusted Content Spoofing (MS05-032) S
Microsoft DirectX RLE Compressed Targa Image Heap Overflow S
Microsoft OLE Automation SubstringData Integer Overflow (MS07-043) S
Microsoft SQL Server Distributed Management Objects Buffer Overflow S
Microsoft SQL Server sqldmo.dll Denial of Service S
Microsoft Windows Metafile AttemptWrite Heap Overflow S
Microsoft Windows URI Handler Command Execution (mailto) S
Microsoft Windows URI Handler Command Execution (news) S
Microsoft Windows URI Handler Command Execution (nntp) S
Microsoft Windows URI Handler Command Execution (snews) S
Microsoft Windows URI Handler Command Execution (telnet) S
RPC Trend Micro ServerProtect SPNTSVC.EXE Buffer Overflow S
Sun StarOffice, StarSuite and OpenOffice TIFF File Integer Overflow S
Trend Micro ServerProtect TMregChange() Stack Overflow S
VMware Workstation StartProcess (notepad) Code Execution S
VMware Workstation StartProcess Code Execution S
Windows Media Player Malformed Skin Header Code Execution (MS07-047) S

5 Evasions

Evasion HTML base64 (Ask Toolbar askBar.dll Buffer Overflow) S
Evasion HTML javascript escape (EnjoySAP SAP GUI ActiveX Overflow) S
Evasion HTML junk headers (Ask Toolbar askBar.dll Buffer Overflow) S
Evasion HTML Transfer Encoding Chunked (Logitech VideoCall) S
Evasion HTML unicode utf-16be (Logitech VideoCall) S


idappcom - Auditing, verifying and enhancing the capabilities of corporate security defences.

We do not use cookies for tracking users, displaying customised content or storing information about users, other than that required to maintain 'session state' for the login system for registered users. Please read our cookie policy for more information. Please note that by using this site you are consenting to the use of cookies.