Vulns .:: illegalaccess.org, Errare humanum est, perseverare diabolicum, corrigere divinum! ::.

CVE-2010-2897

Please wait a while for a release of details on the Windows kernel bug workaround in Chrome (cve:CVE-2010-2897).

Affected Applications: Chrome
Affected Platforms: Windows

Note: This discovery qualified for the Google $1337 reward.

CVE-2010-0739

TeX Live incorrectly handled certain dvi files. If a user or automated process were tricked into processing a malformed dvi file, the attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (cve:CVE-2010-0739).

Affected Application: TeX Live
Affected Platforms: Generic

CVE-2010-0538

The Java implementation of Mac OSX 10.5 allowed an out of bounds memory access issue with in the handling of mediaLibImage objects from the com.sun.medialib.mlib package. A visit to a web page containing a maliciously crafted untrusted Java applet may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user (cve:CVE-2010-0539).

Affected Application: Java
Affected Platforms: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.3, Mac OS X Server v10.6.3

CVE-2010-0448, CVE-2010-0449, CVE-2010-0450

Several vulnerabilities in the web UI of HP SOA Registry Foundation were discovered. It allowed attackers to exploit remote Unauthorized Access to Data, content injection via cross Site scriptings (XSS), and privilege escalation vectors (cve:CVE-2010-0448, cve:CVE-2010-0449 and cve:CVE-2010-0450).

CVE-2010-0448 - unauthorized access to data
CVE-2010-0449 - XSS
CVE-2010-0450 - privilege escalation

Affected Applications: HP SOA Registry Foundation
Affected Platforms: Generic bug

CVE-2010-0395

Openoffice allowed the execution of Python code when browsing macros of a document, even when the macros have been disabled (a fact that is explitly shown in an alert box). This flaw allowed an attacker to use a handcrafted document, to execute arbitrary python code with the rights of the user running the Openoffice suite (cve:CVE-2010-0395 ).

Affected Applications: OpenOffice, StarOffice, NeoOffice, etc.
Affected Platforms: Generic bug

CVE-2010-0091

An untrusted applet could access clipboard information if a drag operation was performed over that applet's canvas. This could lead to an information leak, while dragging data over the applet canvas from one window of another application to a second one.

Affected Applications: Java
Affected Platforms: Generic bug