Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-254: Vulnerabilities in GDI

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-254: Vulnerabilities in GDI
# 1  
Old 04-11-2008
S-254: Vulnerabilities in GDI
Several remote code execution vulnerabilities exist in the way that GDI handles: 1) integer valculations; and 2) filename parameters in EMF files. The vulnerability could allow remote code execution if a user opens a specially crafted EMF or WMF image file. The risk is HIGH. An attacker who successfully exploited this vulnerability could take complete control of an affected system. This exploit has been seen in the wild.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

3 More Discussions You Might Find Interesting

1. Red Hat

Openssl vulnerabilities

Hi there, The following openssl package are installed on the machine (openssl-1.0.0-27.el6_4.2.x86_64). It isn't the last version but I need to known if this content Vulnerabilities... How to check that on RedHat? Could you please tell me how to find this information?? Thankx (3 Replies)
Discussion started by: hiero_nymus
3 Replies

2. HP-UX

[Solved] ssh debug1: Exit status 254 problem

Hello; Am experiencing odd problem with ssh: ========= ssh -vvv remote_host : : debug2: channel 0: rcvd adjust 65536 debug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0... (4 Replies)
Discussion started by: delphys
4 Replies

3. Solaris

What are the NTP 3 vulnerabilities?

Hi Guru I need to know which version of NTP is install in Solaris 10 box. How can I check it. IF NTP 3 in implemented then somebody told me implement NTP 4 due to security reasons, for that I have to tell what are the vulnerabilities present in NTP 3 to higher authorities. I could not able... (5 Replies)
Discussion started by: amity
5 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

mb_eregi_replace

MB_EREGI_REPLACE(3)							 1						       MB_EREGI_REPLACE(3)

mb_eregi_replace - Replace regular expression with multibyte support ignoring case

SYNOPSIS

       string mb_eregi_replace (string	$pattern, string  $replace, string  $string, [string  $option = "msri"])

DESCRIPTION

	Scans $string for matches to $pattern, then replaces the matched text with $replacement.

PARAMETERS

	      o $pattern
		- The regular expression pattern. Multibyte characters may be used. The case will be ignored.

	      o $replace
		- The replacement text.

	      o $string
		- The searched string.

	      o $option
		-$option has the same meaning as in mb_ereg_replace(3).

RETURN VALUES

	The resultant string or FALSE on error.

NOTES

       Note

	      The  internal  encoding  or the character encoding specified by mb_regex_encoding(3) will be used as the character encoding for this
	      function.

       Warning

	      Never use the e modifier when working on untrusted input. No automatic escaping will happen (as  known  from  preg_replace(3)).  Not
	      taking care of this will most likely create remote code execution vulnerabilities in your application.

SEE ALSO

       mb_regex_encoding(3), mb_ereg_replace(3).

PHP Documentation Group 												       MB_EREGI_REPLACE(3)