Advisories
Vulnerability Database
PoC
Viruses
Research Lab

CVE-2010-2903


Published: 28-07-2010
Updated: 30-07-2010

Product:
google: chrome 0.1.38.1
google: chrome 0.1.38.2
google: chrome 0.1.38.4
google: chrome 0.1.40.1
google: chrome 0.1.42.2
google: chrome 0.1.42.3
google: chrome 0.2.149.27
google: chrome 0.2.149.29
google: chrome 0.2.149.30
google: chrome 0.2.152.1
google: chrome 0.2.153.1
google: chrome 0.3.154.0
google: chrome 0.3.154.3
google: chrome 0.4.154.18
google: chrome 0.4.154.22
google: chrome 0.4.154.31
google: chrome 0.4.154.33
google: chrome 1.0.154.36
google: chrome 1.0.154.39
google: chrome 1.0.154.42
google: chrome 1.0.154.43
google: chrome 1.0.154.46
google: chrome 1.0.154.48
google: chrome 1.0.154.52
google: chrome 1.0.154.53
google: chrome 1.0.154.59
google: chrome 1.0.154.64
google: chrome 1.0.154.65
google: chrome 2.0.156.1
google: chrome 2.0.157.0
google: chrome 2.0.157.2
google: chrome 2.0.158.0
google: chrome 2.0.159.0
google: chrome 2.0.169.0
google: chrome 2.0.169.1
google: chrome 2.0.170.0
google: chrome 2.0.172
google: chrome 2.0.172.2
google: chrome 2.0.172.27
google: chrome 2.0.172.28
google: chrome 2.0.172.30
google: chrome 2.0.172.31
google: chrome 2.0.172.33
google: chrome 2.0.172.37
google: chrome 2.0.172.38
google: chrome 2.0.172.8
google: chrome 3.0.182.2
google: chrome 3.0.190.2
google: chrome 3.0.193.2
google: chrome 3.0.195.2
google: chrome 3.0.195.21
google: chrome 3.0.195.24
google: chrome 3.0.195.25
google: chrome 3.0.195.27
google: chrome 3.0.195.32
google: chrome 3.0.195.33
google: chrome 3.0.195.36
google: chrome 3.0.195.37
google: chrome 3.0.195.38
google: chrome 4.0.212.0
google: chrome 4.0.212.1
google: chrome 4.0.221.8
google: chrome 4.0.222.0
google: chrome 4.0.222.1
google: chrome 4.0.222.12
google: chrome 4.0.222.5
google: chrome 4.0.223.0
google: chrome 4.0.223.1
google: chrome 4.0.223.2
google: chrome 4.0.223.4
google: chrome 4.0.223.5
google: chrome 4.0.223.7
google: chrome 4.0.223.8
google: chrome 4.0.223.9
google: chrome 4.0.224.0
google: chrome 4.0.229.1
google: chrome 4.0.235.0
google: chrome 4.0.236.0
google: chrome 4.0.237.0
google: chrome 4.0.237.1
google: chrome 4.0.239.0
google: chrome 4.0.240.0
google: chrome 4.0.241.0
google: chrome 4.0.242.0
google: chrome 4.0.243.0
google: chrome 4.0.244.0
google: chrome 4.0.245.0
google: chrome 4.0.245.1
google: chrome 4.0.246.0
google: chrome 4.0.247.0
google: chrome 4.0.248.0
google: chrome 4.0.249.0
google: chrome 4.0.249.1
google: chrome 4.0.249.10
google: chrome 4.0.249.11
google: chrome 4.0.249.12
google: chrome 4.0.249.14
google: chrome 4.0.249.16
google: chrome 4.0.249.17
google: chrome 4.0.249.18
google: chrome 4.0.249.19
google: chrome 4.0.249.2
google: chrome 4.0.249.20
google: chrome 4.0.249.21
google: chrome 4.0.249.22
google: chrome 4.0.249.23
google: chrome 4.0.249.24
google: chrome 4.0.249.25
google: chrome 4.0.249.26
google: chrome 4.0.249.27
google: chrome 4.0.249.28
google: chrome 4.0.249.29
google: chrome 4.0.249.3
google: chrome 4.0.249.30
google: chrome 4.0.249.31
google: chrome 4.0.249.32
google: chrome 4.0.249.33
google: chrome 4.0.249.34
google: chrome 4.0.249.35
google: chrome 4.0.249.36
google: chrome 4.0.249.37
google: chrome 4.0.249.38
google: chrome 4.0.249.39
google: chrome 4.0.249.4
google: chrome 4.0.249.40
google: chrome 4.0.249.41
google: chrome 4.0.249.42
google: chrome 4.0.249.43
google: chrome 4.0.249.44
google: chrome 4.0.249.45
google: chrome 4.0.249.46
google: chrome 4.0.249.47
google: chrome 4.0.249.48
google: chrome 4.0.249.49
google: chrome 4.0.249.5
google: chrome 4.0.249.50
google: chrome 4.0.249.51
google: chrome 4.0.249.52
google: chrome 4.0.249.53
google: chrome 4.0.249.54
google: chrome 4.0.249.55
google: chrome 4.0.249.56
google: chrome 4.0.249.57
google: chrome 4.0.249.58
google: chrome 4.0.249.59
google: chrome 4.0.249.6
google: chrome 4.0.249.60
google: chrome 4.0.249.61
google: chrome 4.0.249.62
google: chrome 4.0.249.63
google: chrome 4.0.249.64
google: chrome 4.0.249.65
google: chrome 4.0.249.66
google: chrome 4.0.249.67
google: chrome 4.0.249.68
google: chrome 4.0.249.69
google: chrome 4.0.249.7
google: chrome 4.0.249.70
google: chrome 4.0.249.71
google: chrome 4.0.249.72
google: chrome 4.0.249.73
google: chrome 4.0.249.74
google: chrome 4.0.249.75
google: chrome 4.0.249.76
google: chrome 4.0.249.77
google: chrome 4.0.249.78
google: chrome 4.0.249.79
google: chrome 4.0.249.8
google: chrome 4.0.249.80
google: chrome 4.0.249.81
google: chrome 4.0.249.82
google: chrome 4.0.249.89
google: chrome 4.0.249.9
google: chrome 4.0.250.0
google: chrome 4.0.250.2
google: chrome 4.0.251.0
google: chrome 4.0.252.0
google: chrome 4.0.254.0
google: chrome 4.0.255.0
google: chrome 4.0.256.0
google: chrome 4.0.257.0
google: chrome 4.0.258.0
google: chrome 4.0.259.0
google: chrome 4.0.260.0
google: chrome 4.0.261.0
google: chrome 4.0.262.0
google: chrome 4.0.263.0
google: chrome 4.0.264.0
google: chrome 4.0.265.0
google: chrome 4.0.266.0
google: chrome 4.0.267.0
google: chrome 4.0.268.0
google: chrome 4.0.269.0
google: chrome 4.0.271.0
google: chrome 4.0.272.0
google: chrome 4.0.275.0
google: chrome 4.0.275.1
google: chrome 4.0.276.0
google: chrome 4.0.277.0
google: chrome 4.0.278.0
google: chrome 4.0.286.0
google: chrome 4.0.287.0
google: chrome 4.0.288.0
google: chrome 4.0.288.1
google: chrome 4.0.289.0
google: chrome 4.0.290.0
google: chrome 4.0.292.0
google: chrome 4.0.294.0
google: chrome 4.0.295.0
google: chrome 4.0.296.0
google: chrome 4.0.299.0
google: chrome 4.0.300.0
google: chrome 4.0.301.0
google: chrome 4.0.302.0
google: chrome 4.0.302.1
google: chrome 4.0.302.2
google: chrome 4.0.302.3
google: chrome 4.0.303.0
google: chrome 4.0.304.0
google: chrome 4.0.305.0
google: chrome 4.1.249.0
google: chrome 4.1.249.1001
google: chrome 4.1.249.1004
google: chrome 4.1.249.1006
google: chrome 4.1.249.1007
google: chrome 4.1.249.1008
google: chrome 4.1.249.1009
google: chrome 4.1.249.1010
google: chrome 4.1.249.1011
google: chrome 4.1.249.1012
google: chrome 4.1.249.1013
google: chrome 4.1.249.1014
google: chrome 4.1.249.1015
google: chrome 4.1.249.1016
google: chrome 4.1.249.1017
google: chrome 4.1.249.1018
google: chrome 4.1.249.1019
google: chrome 4.1.249.1020
google: chrome 4.1.249.1021
google: chrome 4.1.249.1022
google: chrome 4.1.249.1023
google: chrome 4.1.249.1024
google: chrome 4.1.249.1025
google: chrome 4.1.249.1026
google: chrome 4.1.249.1027
google: chrome 4.1.249.1028
google: chrome 4.1.249.1029
google: chrome 4.1.249.1030
google: chrome 4.1.249.1031
google: chrome 4.1.249.1032
google: chrome 4.1.249.1033
google: chrome 4.1.249.1034
google: chrome 4.1.249.1035
google: chrome 4.1.249.1036
google: chrome 4.1.249.1037
google: chrome 4.1.249.1038
google: chrome 4.1.249.1039
google: chrome 4.1.249.1040
google: chrome 4.1.249.1041
google: chrome 4.1.249.1042
google: chrome 4.1.249.1043
google: chrome 4.1.249.1044
google: chrome 4.1.249.1045
google: chrome 4.1.249.1046
google: chrome 4.1.249.1047
google: chrome 4.1.249.1048
google: chrome 4.1.249.1049
google: chrome 4.1.249.1050
google: chrome 4.1.249.1051
google: chrome 4.1.249.1052
google: chrome 4.1.249.1053
google: chrome 4.1.249.1054
google: chrome 4.1.249.1055
google: chrome 4.1.249.1056
google: chrome 4.1.249.1057
google: chrome 4.1.249.1058
google: chrome 4.1.249.1059
google: chrome 4.1.249.1060
google: chrome 4.1.249.1061
google: chrome 4.1.249.1062
google: chrome 4.1.249.1063
google: chrome 4.1.249.1064
google: chrome 5.0.306.0
google: chrome 5.0.306.1
google: chrome 5.0.307.1
google: chrome 5.0.307.10
google: chrome 5.0.307.11
google: chrome 5.0.307.3
google: chrome 5.0.307.4
google: chrome 5.0.307.5
google: chrome 5.0.307.6
google: chrome 5.0.307.7
google: chrome 5.0.307.8
google: chrome 5.0.307.9
google: chrome 5.0.308.0
google: chrome 5.0.309.0
google: chrome 5.0.313.0
google: chrome 5.0.314.0
google: chrome 5.0.314.1
google: chrome 5.0.315.0
google: chrome 5.0.316.0
google: chrome 5.0.317.0
google: chrome 5.0.317.1
google: chrome 5.0.317.2
google: chrome 5.0.318.0
google: chrome 5.0.319.0
google: chrome 5.0.320.0
google: chrome 5.0.321.0
google: chrome 5.0.322.0
google: chrome 5.0.322.1
google: chrome 5.0.322.2
google: chrome 5.0.323.0
google: chrome 5.0.324.0
google: chrome 5.0.325.0
google: chrome 5.0.326.0
google: chrome 5.0.327.0
google: chrome 5.0.328.0
google: chrome 5.0.329.0
google: chrome 5.0.330.0
google: chrome 5.0.332.0
google: chrome 5.0.333.0
google: chrome 5.0.334.0
google: chrome 5.0.335.0
google: chrome 5.0.335.1
google: chrome 5.0.335.2
google: chrome 5.0.335.3
google: chrome 5.0.335.4
google: chrome 5.0.336.0
google: chrome 5.0.337.0
google: chrome 5.0.338.0
google: chrome 5.0.339.0
google: chrome 5.0.340.0
google: chrome 5.0.341.0
google: chrome 5.0.342.0
google: chrome 5.0.342.1
google: chrome 5.0.342.2
google: chrome 5.0.342.3
google: chrome 5.0.342.4
google: chrome 5.0.342.5
google: chrome 5.0.342.6
google: chrome 5.0.342.7
google: chrome 5.0.342.8
google: chrome 5.0.342.9
google: chrome 5.0.343.0
google: chrome 5.0.344.0
google: chrome 5.0.345.0
google: chrome 5.0.346.0
google: chrome 5.0.347.0
google: chrome 5.0.348.0
google: chrome 5.0.349.0
google: chrome 5.0.350.0
google: chrome 5.0.350.1
google: chrome 5.0.351.0
google: chrome 5.0.353.0
google: chrome 5.0.354.0
google: chrome 5.0.354.1
google: chrome 5.0.355.0
google: chrome 5.0.356.0
google: chrome 5.0.356.1
google: chrome 5.0.356.2
google: chrome 5.0.357.0
google: chrome 5.0.358.0
google: chrome 5.0.359.0
google: chrome 5.0.360.0
google: chrome 5.0.360.3
google: chrome 5.0.360.4
google: chrome 5.0.360.5
google: chrome 5.0.361.0
google: chrome 5.0.362.0
google: chrome 5.0.363.0
google: chrome 5.0.364.0
google: chrome 5.0.365.0
google: chrome 5.0.366.0
google: chrome 5.0.366.1
google: chrome 5.0.366.2
google: chrome 5.0.366.3
google: chrome 5.0.366.4
google: chrome 5.0.367.0
google: chrome 5.0.368.0
google: chrome 5.0.369.0
google: chrome 5.0.369.1
google: chrome 5.0.369.2
google: chrome 5.0.370.0
google: chrome 5.0.371.0
google: chrome 5.0.372.0
google: chrome 5.0.373.0
google: chrome 5.0.374.0
google: chrome 5.0.375.0
google: chrome 5.0.375.1
google: chrome 5.0.375.10
google: chrome 5.0.375.11
google: chrome 5.0.375.12
google: chrome 5.0.375.13
google: chrome 5.0.375.14
google: chrome 5.0.375.15
google: chrome 5.0.375.16
google: chrome 5.0.375.17
google: chrome 5.0.375.18
google: chrome 5.0.375.19
google: chrome 5.0.375.2
google: chrome 5.0.375.20
google: chrome 5.0.375.21
google: chrome 5.0.375.22
google: chrome 5.0.375.23
google: chrome 5.0.375.25
google: chrome 5.0.375.26
google: chrome 5.0.375.27
google: chrome 5.0.375.28
google: chrome 5.0.375.29
google: chrome 5.0.375.3
google: chrome 5.0.375.30
google: chrome 5.0.375.31
google: chrome 5.0.375.32
google: chrome 5.0.375.33
google: chrome 5.0.375.34
google: chrome 5.0.375.35
google: chrome 5.0.375.36
google: chrome 5.0.375.37
google: chrome 5.0.375.38
google: chrome 5.0.375.39
google: chrome 5.0.375.4
google: chrome 5.0.375.40
google: chrome 5.0.375.41
google: chrome 5.0.375.42
google: chrome 5.0.375.43
google: chrome 5.0.375.44
google: chrome 5.0.375.45
google: chrome 5.0.375.46
google: chrome 5.0.375.47
google: chrome 5.0.375.48
google: chrome 5.0.375.49
google: chrome 5.0.375.5
google: chrome 5.0.375.50
google: chrome 5.0.375.51
google: chrome 5.0.375.52
google: chrome 5.0.375.53
google: chrome 5.0.375.54
google: chrome 5.0.375.55
google: chrome 5.0.375.56
google: chrome 5.0.375.57
google: chrome 5.0.375.58
google: chrome 5.0.375.59
google: chrome 5.0.375.6
google: chrome 5.0.375.60
google: chrome 5.0.375.61
google: chrome 5.0.375.62
google: chrome 5.0.375.63
google: chrome 5.0.375.64
google: chrome 5.0.375.65
google: chrome 5.0.375.66
google: chrome 5.0.375.67
google: chrome 5.0.375.68
google: chrome 5.0.375.69
google: chrome 5.0.375.7
google: chrome 5.0.375.70
google: chrome 5.0.375.71
google: chrome 5.0.375.72
google: chrome 5.0.375.73
google: chrome 5.0.375.74
google: chrome 5.0.375.75
google: chrome 5.0.375.76
google: chrome 5.0.375.77
google: chrome 5.0.375.78
google: chrome 5.0.375.79
google: chrome 5.0.375.8
google: chrome 5.0.375.80
google: chrome 5.0.375.81
google: chrome 5.0.375.82
google: chrome 5.0.375.83
google: chrome 5.0.375.84
google: chrome 5.0.375.85
google: chrome 5.0.375.86
google: chrome 5.0.375.87
google: chrome 5.0.375.88
google: chrome 5.0.375.89
google: chrome 5.0.375.9
google: chrome 5.0.375.90
google: chrome 5.0.375.91
google: chrome 5.0.375.92
google: chrome 5.0.375.93
google: chrome 5.0.375.94
google: chrome 5.0.375.95
google: chrome 5.0.375.96
google: chrome 5.0.375.97
google: chrome 5.0.375.98
google: chrome 5.0.375.99

Severity: High (10.0)

CVSS vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Potential loss type: Integrity, Confidentiality, Availability

Vulnerability description:
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors.

Patch available: No

References:
SECUNIA: http://secunia.com/advisories/40743
CONFIRM: http://googlechromereleases.blogspot.com/2010/07/stable-channel-update ...
CONFIRM: http://code.google.com/p/chromium/issues/detail?id=48597

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities

Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities th ...

02 september, 2010

Cisco Security Advisory: Cisco Unified Presence Denial of Service Vulnerabilities

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the ...

02 september, 2010

Cisco Security Advisory: Cisco IOS Software TCP Denial of Service Vulnerability

Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulner ...

13 august, 2010

MS10-060: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and ...

11 august, 2010

MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)

This security update resolves one publicly disclosed vulnerability and one privately reported vulner ...

11 august, 2010

MS10-058: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)

This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more ...

11 august, 2010

CVE-2010-3197

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

National Vulnerability Database 31 august, 2010

CVE-2010-3196

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

National Vulnerability Database 31 august, 2010

CVE-2010-3195

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

National Vulnerability Database 31 august, 2010

CVE-2010-3194

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.

National Vulnerability Database 31 august, 2010

CVE-2010-3193

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.

National Vulnerability Database 31 august, 2010

CVE-2010-2365

Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

National Vulnerability Database 31 august, 2010

CVE-2010-2364

Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

National Vulnerability Database 31 august, 2010

CVE-2010-3191

Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .cptx file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

National Vulnerability Database 31 august, 2010

CVE-2010-3190

Untrusted search path vulnerability in ATL MFC Trace Tool (AtlTraceTool8.exe), as used in Microsoft Visual Studio, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a TRC, cur, rs, rct, or res file.

National Vulnerability Database 31 august, 2010

CVE-2010-3189

The extSetOwner function in the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) in Trend Micro Internet Security Pro 2010 allows remote attackers to execute arbitrary code via an invalid address that is dereferenced as a pointer.

National Vulnerability Database 31 august, 2010

CVE-2010-3188

SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page.

National Vulnerability Database 31 august, 2010

CVE-2010-1818

The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshaling of an untrusted pointer.

National Vulnerability Database 31 august, 2010

CVE-2010-3035

Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers to cause a denial of service (peering reset) via a crafted prefix announcement, as demonstrated in the wild in August 2010 with attribute type code 99, aka Bug ID CSCti62211.

National Vulnerability Database 30 august, 2010

CVE-2010-2712

Unspecified vulnerability in Software Distributor (sd) in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors.

National Vulnerability Database 30 august, 2010

CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

National Vulnerability Database 30 august, 2010
Search
Sun Microsystems

This Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product

This Sun Alert covers CVE-2010-0896 for the mail component of the Sun Convergence product.

14 april, 2010

This Alert Covers CVE-2010-0893 for the Mail Component of the Sun Convergence Product

This Alert covers CVE-2010-0893 for the mail component of the Sun Convergence product.

14 april, 2010

SunOS 5.10_x86: ucode driver patch

6905530 processor microcode code can panic when retrieving microcode revision.

02 february, 2010

Red Hat

[RHSA-2010:0679-01] Moderate: rpm security and bug fix update

Red Hat Security Advisory - Moderate: rpm security and bug fix update

07 september, 2010

[RHSA-2010:0678-01] Moderate: rpm security update

Red Hat Security Advisory - Moderate: rpm security update

07 september, 2010

[RHSA-2010:0677-01] Important: kernel security update

Red Hat Security Advisory - Important: kernel security update

07 september, 2010

╨ю╤

Microsoft Windows XP Indeo Filter DLL Hijacking PoC

Target: Microsoft Windows XP
Impact: Code execution

avast! <= 5.0.594 license files DLL Hijacking Exploit (mfc90loc.dll)

Target: avast! 5.0.594 and previous versions
Impact: Code execution

Windows Live Mail DLL Hijacking Exploit (dwmapi.dll)

Target: Windows Live Mail
Impact: Code execution

AdvertismentAbout ProjectContact UsCopyrightExportRSSMy SettingsMap