Section: .. / 1003-advisories /
| /// File Name: |
03.02.10-1.txt |
Description:
|
iDefense Security Advisory 03.02.10 - Remote exploitation of a stack-based buffer overflow vulnerability in IBM Corp.'s Lotus Domino Web Access ActiveX control could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerable function takes an attacker-controlled URL, and copies it into a fixed-size stack buffer. No validation checks are performed on the length of the URL. By passing in a long URL string, it is possible to trigger a stack-based buffer overflow, resulting in the execution of arbitrary code.
| | Author: | Elazar Broad,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3783 | | Last Modified: | Mar 2 21:16:51 2010 |
| MD5 Checksum: | 0f49ae12b79795b324cf97c77a4b8051 |
|
| /// File Name: |
03.04.10-1.txt |
Description:
|
iDefense Security Advisory 03.04.10 - Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView Filter SDK allows attackers to execute arbitrary code with the privileges of the targeted application. This vulnerability occurs when processing specially crafted documents. When processing such a document, the software reads an integer value from the file and uses this integer, without validation, in an arithmetic operation to calculate the amount of memory to allocate. If a sufficiently large number is supplied, the calculation overflows, resulting in a buffer of insufficient size being allocated. The software then proceeds to copy data into this under-sized buffer. This results in an exploitable heap buffer overflow condition.
| | Author: | Joshua J. Drake ,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 4991 | | Related CVE(s): | CVE-2009-3032 | | Last Modified: | Mar 5 16:18:30 2010 |
| MD5 Checksum: | 02061082038dac3eab8518904cc3a6a6 |
|
| /// File Name: |
03.09.10-1.txt |
Description:
|
iDefense Security Advisory 03.09.10 - Remote exploitation of a type confusion vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is a type confusion vulnerability that occurs when parsing several related Excel record types. In this case, the type confusion is due to multiple records containing fields that identify the type of an object shared between them. By controlling memory outside of the bounds of the allocated heap chunk, an attacker can control a C++ object pointer used in a virtual function call. This can result in an area of memory being treated as a different type of object than it actually is, resulting in access outside of the bounds of the allocated object. iDefense has confirmed the existence of this vulnerability in all currently supported versions of Excel (2007 SP1/SP2, 2003 SP3, XP SP3), and also the currently unsupported Excel 2000 SP3. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
| | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 4148 | | Related CVE(s): | CVE-2010-0258 | | Last Modified: | Mar 10 10:09:49 2010 |
| MD5 Checksum: | bc5319861ff9ff807a6e7bfce8180ecb |
|
| /// File Name: |
03.09.10-2.txt |
Description:
|
iDefense Security Advisory 03.09.10 - Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs due to Excel using a local function variable without properly initializing it. This error occurs when parsing several related records inside of an Excel worksheet. When Excel parses certain records in a particular order, a stack variable may not be initialized properly. If an attacker can control the area of memory used for this variable, then it is possible to execute arbitrary code on the targeted host. iDefense has confirmed the existence of this vulnerability in Excel versions 2003 SP3, 2007 SP0, SP1, and SP3 . Previous versions do not appear to be affected. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
| | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3939 | | Related CVE(s): | CVE-2010-0262 | | Last Modified: | Mar 10 10:17:18 2010 |
| MD5 Checksum: | 4c6d869c98aaa46c8b7d0dec92b565e3 |
|
| /// File Name: |
03.09.10-3.txt |
Description:
|
iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXSET record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXSET record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
| | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3813 | | Related CVE(s): | CVE-2010-0261 | | Last Modified: | Mar 10 10:19:19 2010 |
| MD5 Checksum: | fcd3d4df59f6a8656e954ecae6950e45 |
|
| /// File Name: |
03.09.10-4.txt |
Description:
|
iDefense Security Advisory 03.09.10 - Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an MDXTUPLE record inside of the Excel Workbook globals stream. This record is used to store metadata for external data connections in the workbook. The vulnerability occurs when a MDXTUPLE record is broken up into several records. This could allow an attacker to trigger a heap based buffer overflow by controlling both the allocation size of a heap buffer and the number of bytes copied into this buffer. iDefense has confirmed the existence of this vulnerability in Excel versions 2007 SP0, SP1, and SP2. Previous versions do not appear to be affected as they do not support parsing the record that triggers the vulnerability. A full list of vulnerable Microsoft products can be found in Microsoft Security Bulletin MS10-017.
| | Author: | Sean Larsson,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3817 | | Related CVE(s): | CVE-2010-0260 | | Last Modified: | Mar 10 10:20:50 2010 |
| MD5 Checksum: | 361cae51b434d20705f58c6f7cde7793 |
|
| /// File Name: |
03.11.10-1.txt |
Description:
|
iDefense Security Advisory 03.11.10 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Google Chrome 3.0.195.38 and Safari 4.0.4. Previous versions are suspected to be vulnerable. A full list of affected Apple products can be found in Security Advisory APPLE-SA-2010-03-11-1 Safari 4.0.5.
| | Author: | iDefense Labs,wushi | | Homepage: | http://www.idefense.com/ | | File Size: | 4088 | | Related CVE(s): | CVE-2010-0040 | | Last Modified: | Mar 11 20:21:21 2010 |
| MD5 Checksum: | eff6f9943174490b261bb46a955f26ee |
|
| /// File Name: |
03.30.10-1.txt |
Description:
|
iDefense Security Advisory 03.30.10 - Remote exploitation of a use after free vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when an HTML object with an 'onreadystatechange' event handler is not properly freed. This event is used to perform actions when the state of some HTML object changes; for example, when a form has data input. Specifically, when certain properties of the object are changed, the event handler function object is freed, but a reference to it remains. When the object is later accessed, this invalid memory is treated as an object pointer, and one of its members is used to make an indirect function call. This results in the execution of arbitrary code.
| | Author: | iDefense Labs,wushi | | Homepage: | http://www.idefense.com/ | | File Size: | 3575 | | Related CVE(s): | CVE-2010-0491 | | Last Modified: | Mar 31 11:50:33 2010 |
| MD5 Checksum: | cc8039fd14f0ded54bdcbf218c4fe5d8 |
|
| /// File Name: |
03.30.10-2.txt |
Description:
|
iDefense Security Advisory 03.30.10 - Remote exploitation of a buffer overflow vulnerability in Oracle Corp.'s (formerly Sun Microsystems Inc.) Java Runtime Environment (JRE) could allow an attacker to execute arbitrary code with the privileges of the current user. The JRE is a platform that supports the execution of programs that are developed using the Java programming language. It is available for multiple platforms, including Windows, Linux and MacOS. The JRE platform also supports Java Applets, which can be loaded from Web pages. During the processing of an image file, user-controlled data is trusted and can result in an undersized allocation of a heap buffer. A copy operation into the heap buffer can lead to a heap overflow condition within the JRE. This condition may allow a remote attacker to subvert execution control and execute arbitrary code.
| | Author: | iDefense Labs,regenrecht | | Homepage: | http://www.idefense.com/ | | File Size: | 3715 | | Last Modified: | Mar 31 22:49:35 2010 |
| MD5 Checksum: | 23927a2f96a8ffb6ebc1a56c3a54cada |
|
| /// File Name: |
bsplayerml-overflow.txt |
Description:
|
BS.Player version 2.51 build 1022 (Media Library) suffers from a remote buffer overflow vulnerability.
| | Author: | LiquidWorm | | File Size: | 2569 | | Last Modified: | Mar 5 16:11:55 2010 |
| MD5 Checksum: | db8e6e9a787fd586eb5a106e6dbfb0f8 |
|
| /// File Name: |
CA20100304-01.txt |
Description:
|
CA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3176 | | Related CVE(s): | CVE-2009-3731 | | Last Modified: | Mar 4 23:06:25 2010 |
| MD5 Checksum: | c5e4abac93849cb90447a5c73fd5b883 |
|
| /// File Name: |
CA20100318-01.txt |
Description:
|
CA's support is alerting customers to security risks with CA ARCserve Backup. The version of JRE shipped with ARCserve Backup is potentially susceptible to multiple vulnerabilities and has also reached end of life. Support is providing JRE 1.6 upgrades as remediation.
| | Author: | Kevin Kotas | | Homepage: | http://www3.ca.com/ | | File Size: | 2468 | | Last Modified: | Mar 19 22:39:58 2010 |
| MD5 Checksum: | 39b4f795f0d4f2b19a949182519db623 |
|
| /// File Name: |
cisco-sa-20100303-cucm.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 18602 | | Related CVE(s): | CVE-2010-0587, CVE-2010-0588, CVE-2010-0590, CVE-2010-0591, CVE-2010-0592 | | Last Modified: | Mar 3 16:18:25 2010 |
| MD5 Checksum: | 8f79a3ba09942f130027f105ff436d73 |
|
| /// File Name: |
cisco-sa-20100303-dmp.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 10311 | | Related CVE(s): | CVE-2010-0573 | | Last Modified: | Mar 3 16:59:38 2010 |
| MD5 Checksum: | 761596ce9c824b2c8dc4fcdfed2a5380 |
|
| /// File Name: |
cisco-sa-20100324-cucme.txt |
Description:
|
Cisco Security Advisory - Devices running Cisco IOS Software and configured for Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) operation are affected by two denial of service vulnerabilities that may result in a device reload if successfully exploited. The vulnerabilities are triggered when the Cisco IOS device processes specific, malformed Skinny Call Control Protocol (SCCP) messages.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 104741 | | Related CVE(s): | CVE-2010-0585, CVE-2010-0586 | | Last Modified: | Mar 24 14:23:15 2010 |
| MD5 Checksum: | 0602e27ca8052306eb93492a9a37fb13 |
|
| /// File Name: |
cisco-sa-20100324-h323.txt |
Description:
|
Cisco Security Advisory - The H.323 implementation in Cisco IOS Software contains two vulnerabilities that may be exploited remotely to cause a denial of service (DoS) condition on a device that is running a vulnerable version of Cisco IOS Software. Cisco has released free software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities other than disabling H.323 on the vulnerable device if H.323 is not required.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 108284 | | Related CVE(s): | CVE-2010-0582, CVE-2010-0583 | | Last Modified: | Mar 24 14:24:42 2010 |
| MD5 Checksum: | ad6af61b7abd00a4ebb586984f5e36fd |
|
| /// File Name: |
cisco-sa-20100324-ipsec.txt |
Description:
|
Cisco Security Advisory - A malformed Internet Key Exchange (IKE) packet may cause a device running Cisco IOS Software to reload. Only Cisco 7200 Series and Cisco 7301 routers running Cisco IOS software with a VPN Acceleration Module 2+ (VAM2+) installed are affected. Cisco has released free software updates that address this vulnerability.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 93894 | | Related CVE(s): | CVE-2010-0578 | | Last Modified: | Mar 24 14:21:39 2010 |
| MD5 Checksum: | 4c276319b883ef0cd9b35acb08252777 |
|
| /// File Name: |
cisco-sa-20100324-ldp.txt |
Description:
|
Cisco Security Advisory - A device running Cisco IOS Software, Cisco IOS XE Software, or Cisco IOS XR Software is vulnerable to a remote denial of service (DoS) condition if it is configured for Multiprotocol Label Switching (MPLS) and has support for Label Distribution Protocol (LDP). A crafted LDP UDP packet can cause an affected device running Cisco IOS Software or Cisco IOS XE Software to reload. On devices running affected versions of Cisco IOS XR Software, such packets can cause the device to restart the mpls_ldp process. A system is vulnerable if configured with either LDP or Tag Distribution Protocol (TDP). Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 145438 | | Related CVE(s): | CVE-2010-0576 | | Last Modified: | Mar 24 14:34:18 2010 |
| MD5 Checksum: | aedd346562a2478cd2d4dbc1bc173d77 |
|
| /// File Name: |
cisco-sa-20100324-sccp.txt |
Description:
|
Cisco Security Advisory - Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload. Cisco has released free software updates that address this vulnerability. A workaround that mitigates this vulnerability is available.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 33654 | | Related CVE(s): | CVE-2010-0584 | | Last Modified: | Mar 24 14:31:15 2010 |
| MD5 Checksum: | e9a7ea810270c4434c2a9438e7d07e61 |
|
| /// File Name: |
cisco-sa-20100324-sip.txt |
Description:
|
Cisco Security Advisory - Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible. Cisco has released free software updates that address these vulnerabilities. For devices that must run SIP there are no workarounds; however, mitigations are available to limit exposure of the vulnerabilities.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 57395 | | Related CVE(s): | CVE-2010-0580, CVE-2010-0581, CVE-2010-0579 | | Last Modified: | Mar 24 14:26:14 2010 |
| MD5 Checksum: | a9892f9e7676d9be99cb428414849525 |
|
| /// File Name: |
cisco-sa-20100324-tcp.txt |
Description:
|
Cisco Security Advisory - Cisco IOS Software is affected by a denial of service vulnerability that may allow a remote unauthenticated attacker to cause an affected device to reload or hang. The vulnerability may be triggered by a TCP segment containing crafted TCP options that is received during the TCP session establishment phase. In addition to specific, crafted TCP options, the device must have a special configuration to be affected by this vulnerability. Cisco has released free software updates that address this vulnerability.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 104277 | | Related CVE(s): | CVE-2010-0577 | | Last Modified: | Mar 24 14:38:06 2010 |
| MD5 Checksum: | 28b7ac431b3295acf20e6bb7ec9d77dc |
|
| /// File Name: |
CORE-2009-0803.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability found in the memory management of the Virtual Machine Monitor makes memory pages mapped above the 2GB available with read or read/write access to user-space programs running in a Guest operating system.
| | Author: | Core Security Technologies,Diego Juarez,Nicolas A. Economou | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 36508 | | Last Modified: | Mar 16 19:53:29 2010 |
| MD5 Checksum: | 936c26e59571a54c68f677c92c973253 |
|
| /// File Name: |
CORE-2009-0813.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability was found in Windows Movie Maker and Microsoft Producer, which can be triggered by a remote attacker by sending a specially crafted file and enticing the user to open it. This vulnerability results in a write access violation and can lead to remote code execution.
| | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12942 | | Related CVE(s): | CVE-2010-0265 | | Last Modified: | Mar 9 18:11:06 2010 |
| MD5 Checksum: | c616fcba3c0a93ba3996a3ca8d8818b9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
