 |
XSS in IBM WebSphere Portal & Lotus WCM
updated: 25-Apr-10
Certain cross site scripting vulnerabilities were identified in an IBM Websphere Portal Server and Lotus Web Content Management deployment.
The login page takes the query string from the request URL and embeds it into the HTML response as the value of a form field named success.
An attacker can inject script into a URL pointing at the vulnerable page, and attack system users by sending it to them. Users, who follow the link, will be attacked with the injected script.
Install the patch from IBM.
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21421469
EMC HomeBase Server Arbitrary File Upload Vulnerability
updated: 25-Apr-10
EMC HomeBase Server 6.2.x and 6.3.x contains a vulnerability that may allow an unauthenticated remote user to upload arbitrary files on the affected HomeBase Server.
A flaw exists within the HomeBase SSL Service that may be exploited by unauthenticated remote user to upload arbitrary files on the affected HomeBase Server. Successful exploitation may result in code execution
Update to the latest version.
Multiple Vendor NOS Microsystems getPlus Downloader Input Validation Vulnerability
updated: 25-Apr-10
An input validation vulnerability was reported in NOS Microsystems's getPlus Download Manager 1.5.2.35, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user.
The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain.
Install the update from Adobe.
Reference
http://www.adobe.com/support/security/bulletins/apsb10-08.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=856
Avast! aavmker4.sys Kernel Memory Corruption
updated: 25-Apr-10
The kernel driver aavmker4.sys shipped with avast! 4.8 and 5.0 contains a vulnerability in the code that handles IOCTL requests. Exploitation of this vulnerability can result in local denial of service attacks (system crash due to a kernel panic), or local execution of arbitrary code at the kernel level (complete system compromise).
Install the update from vendor.
Reference
http://forum.avast.com/index.php?topic=55484.0
http://www.trapkit.de/advisories/TKADV2010-003.txt
CA eHealth Performance Manager Cross Site Scripting
updated: 25-Apr-10
A cross-site scripting vulnerability exists in CA eHealth Performance Manager 6.2.x and prior, due to insufficient validation of certain characters in web interface requests. An attacker, who can have an unsuspecting user follow a malicious URL, can conduct cross-site scripting attacks.
Follow the workaround from CA.
Symantec Antivirus 10.0 ActiveX Buffer Overflow
updated: 25-Apr-10
Symantec Antivirus Client Proxy 10, CLIproxy.dll contains ActiveX component which is vulnerable to Buffer overflow attack.
Install the fix from Symantec.
Reference
http://dsecrg.com/pages/vul/show.php?id=139
Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
updated: 25-Apr-10
Mozilla Firefox 3.0.x lacks the cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.
Install the update from Mozilla Firefox.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-019
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
CA Service Desk XSS
updated: 25-Apr-10
CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk is potentially susceptible to a cross-site scripting vulnerability.
Follow the instructions in CA technical document.
Reference
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC503137
Backdoor and Vulnerabilities in Xerox WorkCentre Printers Web Interface
updated: 25-Apr-10
Xerox WorkCentre 5665/5675/5687 version 21.120.39.000 contains 2 vulnerabilities.
There is a script named "YoUgoT_It.php" that creates the correct checksum for any folder. By simply calling the script with the folder name as argument, an attacker can access any folder.
Besides, in multiple instances, when a password is required to access certain pages, the developers seemed to forget the vital "die()" or "exit()"
statement after the redirect. This allows an attacker access to multiple pages that would require authentication.
Follow the solution from vendor.
Reference
http://www.xerox.com/downloads/usa/en/c/cert_XRX10-002_v1.0.pdf
https://www.sec-consult.com/advisories_e.html#a65
SphereCMS Blind SQL Injection Vulnerability
updated: 19-Feb-10
The archive page of SphereCMS 1.1 alpha is vulnerable to SQL injection. The GET variable, namely 'view', is not sanitized correctly in the SQL query. This hole can be used for extracting admin password.
The parameters must be sanitized using the context sensitive sanitizing function provided by MySQL (mysql_real_escape_string), instead of manual sanitizing which is usually error prone.
Reference
http://www.bugreport.ir/index_68.htm
Multiple Vulnerabilities in Cisco Security Agent
updated: 19-Feb-10
The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration.
Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition.
Install the software updates from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100217-csa.shtml
Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
updated: 19-Feb-10
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service Vulnerability
* Crafted TCP Segment Denial of Service Vulnerability
* Crafted Internet Key Exchange (IKE) Message Denial of Service Vulnerability
* NT LAN Manager version 1 (NTLMv1) Authentication Bypass Vulnerability
Install the software updates from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100217-asa.shtml
Mozilla Firefox Memory Corruption Vulnerability
updated: 19-Feb-10
A vulnerability was reported in Mozilla Firefox 3.0.15 and 3.5.4, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused by an error when handling out-of-memory conditions. This can be exploited to corrupt memory and execute arbitrary code via a specially crafted web page.
Update to version 3.0.18 or 3.5.8.
Reference
http://secunia.com/secunia_research/2009-45/
Cross Site Scripting on Portwise SSL VPN
updated: 19-Feb-10
The Portwise SSL-VPN v4.6 portal login page is vulnerable to cross site scripting.
An attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link to a Portwise Portal-based site. Such code would run within the security context of the target domain. This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e.: session IDs) to unauthorized third parties.
Ensure all input parameters (especially "reloadFrame") are filtered sufficiently before beign echoed back to the client.
Reference
http://www.procheckup.com/Vulnerabilities.php
Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service
updated: 19-Feb-10
A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. The vulnerability exists when SCCP inspection is enabled.
Install the software updates from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100217-fwsm.shtml
IBM Cognos Server Backdoor Account Remote Code Execution Vulnerability
updated: 19-Feb-10
A vulnerability was reported in IBM Cognos, due to a hidden manager-level account with a default password defined in the user configuration of the bundled Tomcat server. This server can be reached via HTTP on TCP port 19300. A malicious attacker can use this account to manage or deploy a servlet onto the server. By abusing this ability a remote attacker can execute arbitrary code under the context of the user running the Tomcat server.
Install the update from IBM.
Reference
http://www-01.ibm.com/support/docview.wss?uid=swg21419065
http://www.zerodayinitiative.com/advisories/ZDI-10-018
krb5-1.7 KDC denial of service
updated: 19-Feb-10
A denial of service vulnerability was reported in KDC in MIT krb5-1.7 and later, due to improper input validation in the KDC can cause an assertion failure and process termination.
An unauthenticated remote attacker can send an invalid request to a KDC process that will cause it to crash due to an assertion failure, creating a denial of service.
Install the patch from the developer.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283
OpenOffice.org Word Document Handling Heap Overflow Vulnerabilities
updated: 19-Feb-10
Critical vulnerabilities were reported in OpenOffice.org < 3.2.
The first vulnerability is caused by a heap overflow error when processing malformed "sprmTDefTable" records in a Word document, which could be exploited by attackers to execute arbitrary code.
The second vulnerability is caused by a heap overflow error when processing malformed "sprmTSetBrc" records in a Word document, which could be exploited by attackers to compromise a vulnerable system.
Upgrade to OpenOffice.org version 3.2.
Reference
http://www.vupen.com/english/research.php
MS10-015 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
updated: 19-Feb-10
Two vulnerabilities were reported in Microsoft Windows Kernel due to the way the kernel handles certain exceptions or a double free condition.
The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application. To exploit either vulnerability, an attacker must have valid logon credentials and be able to log on locally. The vulnerabilities could not be exploited remotely or by anonymous users.
All supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 for 32-bit Systems are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-015.mspx
MS10-014 - Vulnerability in Kerberos Could Allow Denial of Service
updated: 19-Feb-10
A denial of service vulnerability exists in implementations of Kerberos. The vulnerability is due to improper handling of Ticket-Granting-Ticket renewal requests by a client on a remote, non-Windows realm in a mixed-mode Kerberos implementation. An attacker who successfully exploited this vulnerability could cause the affected Windows domain controller to stop responding.
All supported editions of Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-014.mspx
MS10-013 - Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution
updated: 19-Feb-10
A remote code execution vulnerability exists in the way that Microsoft DirectShow parses AVI media files. This vulnerability could allow remote code execution if a user opened a specially crafted AVI file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
All supported editions of Microsoft Windows except for all supported Itanium-based editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-013.mspx
MS10-012 Vulnerabilities in SMB Server Could Allow Remote Code Execution
updated: 19-Feb-10
Several privately reported vulnerabilities in Microsoft Server Message Block (SMB) Protocol software when handling specially crafted SMB (SMB) packets. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities.
All supported editions of Microsoft Windows are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-012.mspx
MS10-011 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege
updated: 19-Feb-10
An elevation of privilege vulnerability exists because the Windows Client/Server Run-time Subsystem (CSRSS) does not properly terminate user processes when a user logs out. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
All supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-011.mspx
MS10-010 Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service
updated: 19-Feb-10
A denial of service vulnerability exists in Hyper-V on Windows Server 2008 and Windows Server 2008 R2. The vulnerability is due to insufficient validation of specific sequences of machine instructions by Hyper-V. An attacker who successfully exploited this vulnerability could cause the affected Hyper-V system to stop responding. This would affect all virtual machines hosted by that system.
All supported x64-based editions of Windows Server 2008 and Windows Server 2008 R2 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-010.mspx
MS10-009 Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution
updated: 19-Feb-10
4 vulnerabilities were reported in Microsoft Windows TCP/IP stack. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled. An attacker could try to exploit the vulnerability by creating specially crafted ICMPv6 packets and sending the packets to a system with IPv6 enabled. This vulnerability may only be exploited if the attacker is on-link.
Windows Vista and Windows Server 2008 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-009.mspx
MS10-008 Cumulative Security Update of ActiveX Kill Bits
updated: 19-Feb-10
A remote code execution vulnerability exists in the Microsoft Data Analyzer ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
All supported editions of Microsoft Windows 2000 and Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
MS10-007 Vulnerability in Windows Shell Handler Could Allow Remote Code Execution
updated: 19-Feb-10
A remote code execution vulnerability exists in affected versions of Microsoft Windows. The vulnerability results from the incorrect validation of input sent to the ShellExecute API function. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Windows 2000, Windows XP, and Windows Server 2003 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-007.mspx
MS10-006 Vulnerabilities in SMB Client Could Allow Remote Code Execution
updated: 19-Feb-10
An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB responses. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB response to a client-initiated SMB request. An attacker who successfully exploited this vulnerability could take complete control of the system.
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, Windows Vista, Windows Server 2008 and Windows Server 2008 R2 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-006.mspx
MS10-005 Vulnerability in Microsoft Paint Could Allow Remote Code Execution
updated: 19-Feb-10
A remote code execution vulnerability exists in the way that Microsoft Paint decodes JPEG images. The vulnerability could allow remote code execution if a user opens a specially crafted JPEG image file in Microsoft Paint. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Microsoft Windows 2000, Windows XP, and Windows Server 2003 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-005.mspx
MS10-004 Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution
updated: 19-Feb-10
Six privately reported vulnerabilities in Microsoft Office PowerPoint. The vulnerabilities could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Office PowerPoint 2002 and Microsoft Office PowerPoint 2003, and Microsoft Office 2004 for Mac are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-004.mspx
MS10-003 Vulnerability in Microsoft Office Could Allow Remote Code Execution
updated: 19-Feb-10
A remote code execution vulnerability exists in the way Microsoft Office handles specially crafted Office files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Office XP and Microsoft Office 2004 for Mac are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-003.mspx
HP ProLiant Support Pack 8.30 for Windows, Remote Code Execution, Information Disclosure
updated: 19-Feb-10
Potential security vulnerabilities have been identified with HP ProLiant Support Pack 8.30 for Windows. The vulnerabilities could be exploited remotely to execute code and to gain unauthorized access to information.
Install the update from HP.
SAP WebDynpro Runtime XSS/CSS Injection
updated: 19-Feb-10
The WebDynpro Runtime of SAP NetWeaver 2004 < SP21 and SAP NetWeaver 2004s < SP13 suffers from a Cross-Site Scripting / CSS Injection vulnerability, which may enable remote attacks to perform different kind of attacks over SAP users.
Upon a successful exploitation, he would be able to obtain sensitive information from legitimate users through complex social engineering attacks and/or exploit vulnerabilities in their systems in order to take control of them.
Install the patch from vendor.
Reference
https://service.sap.com/sap/support/notes/1424863
SAP J2EE Authentication Phishing Vector
updated: 19-Feb-10
The Authentication mechanism of the SAP J2EE Engine (which is shared by the Enterprise Portal and other solutions) suffers from a phishing vector vulnerability, which may allow a remote attacker to perform different attacks to the organization's SAP users.
By exploiting this vulnerability, an internal or external attacker would be able perform attacks on the Organization's users through weaknesses in the SAP system.
SAP JAVA CORE 6.40 < SP26, SAP JAVA CORE 7.00 < SP02, SAP JAVA CORE 7.01 < SP07 and SAP JAVA CORE 7.02 < SP03 are affected. Install the patch from vendor.
Reference
https://service.sap.com/sap/support/notes/1175239
HP Network Node Manager (NNM), Remote Execution of Arbitrary Commands
updated: 19-Feb-10
A potential security vulnerability has been identified with HP Network Node Manager (NNM). The vulnerability could be exploited remotely to execute arbitrary commands.
HP Network Node Manager v8.10, v8.11, v8.12, v8.13 running on HP-UX, Linux, Solaris, and Windows are affected. Install the patch from vendor.
Multiple Vulnerabilities in Cisco IronPort Encryption Appliance
updated: 19-Feb-10
Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.
Install the software updates from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100210-ironport.shtml
HP Operations Agent Running on Solaris 10, Remote Unauthorized Access
updated: 19-Feb-10
A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access.
HP Operations Agent 8.51, 8.52, 8.53, 8.60 running on Solaris 10 (sparc/x86/x64) are affected. Install the update from HP.
libmikmod Module Parsing Vulnerabilities
updated: 19-Feb-10
Multiple vulnerabilities were discovered in libmikmod 3.1.12, which can be exploited by malicious people to potentially compromise a user's system.
Three boundary errors in the Impulse Tracker parser when parsing an instrument containing a column, panning, or pitch envelope with more than ENVPOINTS (32) points can result in a heap-based buffer overflow. Besides, a boundary error in the Ultratracker parser when parsing a file with more than UF_MAXCHAN (64) channels can result in a heap-based buffer overflow.
Successful exploitation may allow arbitrary code execution in the context of the process using the libmikmod library when opening a specially crafted module file.
Upgrade to the latest version.
Reference
http://secunia.com/secunia_research/2009-55/
LANDesk OS command injection
updated: 19-Feb-10
A security vulnerability was discovered in LANDesk Management Suite: a cross-site request forgery which allows an external remote attacker to make a command injection that can be used to execute arbitrary code using the web server user.
As a result, an attacker can remove the firewall and load a kernel module, allowing root access to the appliance. It also can be used as a non-persistent XSS.
LANDesk Management Gateway 4.2-1.8, 4.0-1.48 and older are affected. Upgrade to a safer version.
Reference
http://www.coresecurity.com/content/landesk-csrf-vulnerability
IPSwitch IMAIL 11.01 Multiple Vulnerabilities
updated: 19-Feb-10
IPSwitch IMAIL contains 2 vulnerabilities. By default, IMail allows Internet Guest Account to have "Full Control" to the following registry key, including its subkeys and values. As well as the default IMail directory: HKEY_LOCAL_MACHINE\SOFTWARE\Ipswitch\IMail and
C:\Program Files\Ipswitch\IMail\. Moreover, the IMail password decryption algorithm implemented in IMailsec.dll is also reversible.
PoC exploit has been released.
Apple Safari 4.0.4 Denial of Service
updated: 19-Feb-10
A remotely exploitable vulnerability has been found in the JavaScript Engine of the Apple Safari browser 4.0.4 an prior (based on Webkit Engine).
This is possible due to a failure in handling exceptional conditions. This issue is caused by a memory corruption error when handling JavaScript elements, which could be exploited by remote attackers to crash the browser by tricking a user into visiting a specially crafted web page.
Install the fix from Apple.
Reference
http://www.majorsecurity.info/index_2.php?adv=major_rls64
HP System Management Homepage for Linux and Windows, Remote Cross Site Scripting
updated: 19-Feb-10
A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.
HP System Management Homepage for Windows all versions prior to 6.0, HP System Management Homepage for Linux (x86) all versions prior to 6.0, and HP System Management Homepage for Linux (AMD64/EM64T) all versions prior to 6.0 are affected.
Install the update from HP.
Vulnerability in Internet Explorer Could Allow Information Disclosure
updated: 19-Feb-10
If a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location.
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.
Reference
http://www.microsoft.com/technet/security/advisory/980088.mspx
HP OpenVMS RMS, Local Escalation of Privilege
updated: 19-Feb-10
A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege.
RMS patch kit VMS83A_RMS-V1000 dated September 2009 and update kit VMS83A_UPDATE-V1100 dated November 2009 are affected. Install the fix from HP.
Corel Paint Shop Pro Photo X2 FPX Heap Overflow
updated: 19-Feb-10
Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.
Corel Paint Shop Pro Photo X2 Ultimate 12.50. Older versions are probably affected too, but they were not checked.
Reference
http://www.coresecurity.com/content/corel-paintshop-heap-overflow
RealNetworks RealPlayer 11 HTTP Chunked Encoding Integer Overflow Vulnerability
updated: 19-Feb-10
An integer overflow vulnerability was reported in RealPlayer 11, when handling of the 'chunked'
Transfer-Encoding method.
This method breaks the file the server is sending into 'chunks'. For each chunk, the server first sends the length of the chunk in hexadecimal, followed by the chunk data. This is repeated until there are no more chunks. The server then sends a chunk length of zero (0) indicating the end of the transfer. When processing these chunks, an integer overflow occurs, which results in a heap overflow. This leads to the execution of arbitrary code.
Install the fix from the developer.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/
Cisco Secure Desktop XSS/JavaScript Injection
updated: 19-Feb-10
The Cisco Secure Desktop web application does not sufficiently verify if a well-formed request was provided by the user who submitted the POST request, resulting in a cross-site scripting vulnerability.
Cisco Secure Desktop 3.4.2048 and older versions are affected. Upgrade to the latest version.
Reference
http://tools.cisco.com/security/center/viewAlert.x?alertId=19843
http://www.coresecurity.com/content/cisco-secure-desktop-xss
Real Networks RealPlayer Compressed GIF Handling Integer Overflow
updated: 19-Feb-10
An integer overflow vulnerability was reported RealPlayer version 11, when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code.
Install the fix from the developer.
RealNetworks RealPlayer CMediumBlockAllocator Integer Overflow Vulnerability
updated: 19-Feb-10
An integer overflow vulnerability was reported in Real Player. This problem specifically exists in the CMediumBlockAllocator::Alloc method. When calculating the size of a memory allocation, an integer overflow occurs. This leads to heap corruption, which can result in the execution of arbitrary code.
Real Player versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on Windows. Other versions may also be affected. Install the patch from the developer.
|
|
