@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Microsoft Multiple Vulnerabilities
• (2) HIGH: Adobe Multiple Vulnerabilities
• (3) MEDIUM: Google Chrome Multiple Security Vulnerabilities
• (4) MEDIUM: Apple QuickTime Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Windows

• 11.33.1 - Microsoft Windows Data Access Component DLL Loading Arbitrary Code Execution
• 11.33.2 - Microsoft Remote Desktop Web Access Cross-Site Scripting
• 11.33.3 - Microsoft Windows TCP/IP Two Denial Of Service Vulnerabilities
• 11.33.4 - Microsoft Remote Desktop Protocol Denial of Service
• 11.33.5 - Microsoft Windows NDISTAPI Local Privilege Escalation
• 11.33.6 - Microsoft Windows CSRSS Local Privilege Escalation
• 11.33.7 - Microsoft Windows Kernel Remote Denial of Service
• 11.33.8 - Microsoft Windows DNS Server Two Remote Vulnerabilities

Other Microsoft Products

• 11.33.9 - Microsoft Chart Control Information Disclosure
• 11.33.10 - Microsoft Internet Explorer Multiple Vulnerabilities
• 11.33.11 - Microsoft Visual Studio Report Viewer Control Cross-Site Scripting
• 11.33.12 - Microsoft .NET Framework Information Disclosure
• 11.33.13 - Microsoft Visio Remote Code Execution Vulnerabilities

Third Party Windows Apps

• 11.33.14 - UUSee UUPlayer ActiveX Control Multiple Remote Code Execution
• 11.33.15 - McAfee SaaS Endpoint Protection "MyAsUtil5.2.0.603.dll" ActiveX Remote Code Execution
• 11.33.16 - HP Easy Printer Care Software "HPTicketMgr.dll" ActiveX Control Remote Code Execution

Cross Platform

• 11.33.17 - Ruby Random Number Generation Local Denial Of Service
• 11.33.18 - Intel Active System Console and Multi-Server Manager Remote Denial of Service
• 11.33.19 - Adobe Flash Media Server Memory Corruption Remote Denial of Service
• 11.33.20 - Adobe Photoshop ".GIF" File Remote Memory Corruption
• CVE-2011- - Adobe Flash Player Multiple Vulnerabilities
• 11.33.22 - Adobe Shockwave Player Multiple Memory Corruption Vulnerabilities

Web Application - Cross Site Scripting

• 11.33.23 - ZABBIX "backurl" Parameter Cross-Site Scripting
• 11.33.24 - Adobe RoboHelp Server and RoboHelp Cross-Site Scripting

Web Application - SQL Injection

• 11.33.25 - Lasernet CMS "id" Parameter SQL Injection

Hardware

• 11.33.26 - Avaya Media Application Server Client Remote Code Execution

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

*************************************************************

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 29, 2011

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 12026 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 11.33.1 - CVE: CVE-2011-1975
• Platform: Windows
• Title: Microsoft Windows Data Access Component DLL Loading Arbitrary Code Execution
• Description: Windows Data Access Components is a set of technologies that provides access to information across various technologies. The application is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for a Dynamic Link Library file in the current working directory. The issue can be exploited by placing both a specially crafted library file and a file that is associated with the vulnerable application in an attacker-controlled location. All supported editions of Windows 7 and Windows Server 2008 R2 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-059.mspx

• 11.33.2 - CVE: CVE-2011-1263
• Platform: Windows
• Title: Microsoft Remote Desktop Web Access Cross-Site Scripting
• Description: Microsoft Remote Desktop Web Access enables users to access RemoteApp and Desktop Connection remotely through a browser. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to an unspecified parameter. All supported editions of Windows Server 2008 R2 are affected.
• Ref: http://www.microsoft.com/technet/security/bulletin/ms11-061.mspx

• 11.33.3 - CVE: CVE-2011-1871
• Platform: Windows
• Title: Microsoft Windows TCP/IP Two Denial Of Service Vulnerabilities
• Description: Microsoft Windows is exposed to multiple remote denial of service issues. A denial of service issue occurs when the Windows TCP/IP stack improperly processes a sequence of specially crafted ICMP messages. A denial of service issue occurs when the TCP/IP stack improperly handles specially crafted URLs in memory. Windows Server 2008 and Windows Server 2008 R2 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-064.mspx

• 11.33.4 - CVE: CVE-2011-1968
• Platform: Windows
• Title: Microsoft Remote Desktop Protocol Denial of Service
• Description: Microsoft Remote Desktop Protocol is a protocol that allows users to connect to remote desktops. The application is exposed to a remote denial of service issue when handling an object that has not been properly initialized or that has been deleted. An attacker can exploit this issue by sending a series of specially crafted RDP packets to an affected computer. Windows Server 2003 and Windows XP are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-065.mspx

• 11.33.5 - CVE: CVE-2011-1974
• Platform: Windows
• Title: Microsoft Windows NDISTAPI Local Privilege Escalation
• Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel "NDISTAPI.sys" kernel mode component. The problem occurs when the NDISTAPI driver improperly validates user-supplied input when passing data from user mode to the Windows kernel. All supported editions of Windows XP and Windows Server 2003 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-062.mspx

• 11.33.6 - CVE: CVE-2011-1967
• Platform: Windows
• Title: Microsoft Windows CSRSS Local Privilege Escalation
• Description: Microsoft Windows is exposed to a local privilege escalation issue in the Client/Server Run-time Subsystem. Specifically, this issue occurs due to the improper validation of permissions when a lower integrity process communicates a device event message to a higher integrity process. All supported versions of Microsoft Windows are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-063.mspx

• 11.33.7 - CVE: CVE-2011-1971
• Platform: Windows
• Title: Microsoft Windows Kernel Remote Denial of Service
• Description: Microsoft Windows is exposed to a remote denial of service issue. The issue occurs when the kernel processes meta data information in a file. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malformed file on a remote network share. All supported editions of Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 are affected.
• Ref: http://www.microsoft.com/technet/security/bulletin/ms11-068.mspx

• 11.33.8 - CVE: CVE-2011-1966,CVE-2011-1970
• Platform: Windows
• Title: Microsoft Windows DNS Server Two Remote Vulnerabilities
• Description: The Naming Authority Pointer DNS resource record allows the DNS service to be used to look up other services for a wide variety of resource names. The Microsoft Windows DNS Server is exposed to a remote code execution issue and a remote denial of service issue. Windows Server 2003, Windows Server 2008, Windows Server 2008 R2 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-058.mspx

• 11.33.9 - CVE: CVE-2011-1977
• Platform: Other Microsoft Products
• Title: Microsoft Chart Control Information Disclosure
• Description: The Microsoft .NET Framework is a software framework for applications designed to run under Microsoft Windows. It supports a security model that limits the privileges granted to .NET applications. The Microsoft .NET Framework is exposed to an information disclosure issue in the Microsoft Chart controls. Specifically, the controls fail to properly handle certain URIs. Microsoft .NET Framework 4 and Chart Control for Microsoft .NET Framework 3.5 Service Pack 1 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-066.mspx

• 11.33.10 - CVE:CVE-2011-1961,CVE-2011-1962,CVE-2011-1963,CVE-2011-1964,CVE-2011-1257,CVE-2011-1960
• Platform: Other Microsoft Products
• Title: Microsoft Internet Explorer Multiple Vulnerabilities
• Description: Microsoft Internet Explorer is a Web browser available for Microsoft Windows platforms. Microsoft Internet Explorer is exposed to multiple issues. See reference for further details. Internet Explorer 6 on Windows clients, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9 and Internet Explorer 6 on Windows servers are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-057.mspx

• 11.33.11 - CVE: CVE-2011-1976
• Platform: Other Microsoft Products
• Title: Microsoft Visual Studio Report Viewer Control Cross-Site Scripting
• Description: Microsoft Visual Studio is an application development environment for Microsoft Windows. Report Viewer controls are Visual Studio add-ons for creating reports. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input passed to the "TimeMethod" parameter of the "Reserved.ReportViewerWebControl.axd" script. Microsoft Visual Studio 2005 and Microsoft Report Viewer 2005 Redistributable Package are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-067.mspx

• 11.33.12 - CVE: CVE-2011-1978
• Platform: Other Microsoft Products
• Title: Microsoft .NET Framework Information Disclosure
• Description: The Microsoft .NET Framework is a software framework for applications designed to run under Microsoft Windows. It supports a security model that limits the privileges granted to .NET applications. An information disclosure issue occurs because .NET Framework improperly validates the trust level within the System.Net.Sockets namespace. Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-069.mspx

• 11.33.13 - CVE: CVE-2011-1979,CVE-2011-1972
• Platform: Other Microsoft Products
• Title: Microsoft Visio Remote Code Execution Vulnerabilities
• Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to multiple remote code execution issues. An issue occurs because the application fails to properly validate objects in memory when parsing specially crafted Visio files. An issue occurs when Visio processes malformed Visio files. Microsoft Visio 2003, Microsoft Visio 2007, and Microsoft Visio 2010 are affected.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-060.mspx

• 11.33.14 - CVE: CVE-2011-2590,CVE-2011-2589
• Platform: Third Party Windows Apps
• Title: UUSee UUPlayer ActiveX Control Multiple Remote Code Execution
• Description: UUPlayer is a multimedia player application. The application is exposed to multiple remote issues. A heap-based buffer overflow issue exists in the "SendLogAction()" method when handling an excessively large argument. A remote code execution issue is caused by an input validation error when passing the UNC path to the "MplayerPath" parameter. UUPlayer 6.0.0.1 and UUPlayer 2010 6.11.0609.2 are vulnerable and other versions may also be affected.
• Ref: http://secunia.com/secunia_research/2011-59/ http://secunia.com/secunia_research/2011-60/

• 11.33.15 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: McAfee SaaS Endpoint Protection "MyAsUtil5.2.0.603.dll" ActiveX Remote Code Execution
• Description: McAfee SaaS Endpoint Protection is a suite of security applications. The suite is exposed to a remote code execution issue. This issue affects the MyAsUtil ActiveX control due to an error in the "MyAsUtil5.2.0.603.dll" file. An attacker can exploit this issue through a cross-site scripting attack to bypass a domain policy and create a "MyASUtil.InstallInfo" file through the "MyASUtil.SecureObjectFactory.CreateSecureObject()" method. McAfee SaaS Endpoint Protection 5.2.1 and prior are vulnerable.
• Ref: https://kc.mcafee.com/corporate/index?page=content&id=SB10016

• 11.33.16 - CVE: CVE-2011-2404
• Platform: Third Party Windows Apps
• Title: HP Easy Printer Care Software "HPTicketMgr.dll" ActiveX Control Remote Code Execution
• Description: HP Easy Printer Care Software is a printer management tool. The application is exposed to a remote code execution issue because the "HPTicketMgr.dll" ActiveX control allows an attacker to upload and execute arbitrary files on the victim's computer in the context of the application running the affected control (typically Internet Explorer). The affected ActiveX control is identified by CLSID: 466576F3-19B6-4FF1-BD48-3E0E1BFB96E9. HP Easy Printer Care Software version 2.5 and prior are vulnerable.
• Ref: http://www.securityfocus.com/archive/1/519191

• 11.33.17 - CVE: CVE-2011-2686
• Platform: Cross Platform
• Title: Ruby Random Number Generation Local Denial Of Service
• Description: Ruby is an object oriented scripting language. Ruby is exposed to a denial of service issue that occurs in the random number generation process. Versions prior to Ruby 1.8.7-p352 are vulnerable.
• Ref: http://www.securityfocus.com/bid/49015/discuss

• 11.33.18 - CVE: Not Available
• Platform: Cross Platform
• Title: Intel Active System Console and Multi-Server Manager Remote Denial of Service
• Description: Intel Active System Console is a lightweight console that gives basic server hardware health monitoring capabilities on single server. Intel Multi-Server Manager allows IT administrators to manage server hardware health for group of servers from a single console. The applications are exposed to a remote denial of device issue. Intel. Active System Console version 4.4 and Multi-Server Manager version 1.0 are affected.
• Ref: http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00029&langua
  geid=en-fr

• 11.33.19 - CVE: CVE-2010-2132
• Platform: Cross Platform
• Title: Adobe Flash Media Server Memory Corruption Remote Denial of Service
• Description: Adobe Flash Media Server provides streaming media and a development environment for creating and delivering media applications. The application is exposed to a remote denial of service vulnerability because of a memory corruption issue. Flash Media Server 4.0.2 and earlier versions, 3.5.6 and earlier versions for Windows and Linux are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-20.html

• 11.33.20 - CVE: CVE-2011-2131
• Platform: Cross Platform
• Title: Adobe Photoshop ".GIF" File Remote Memory Corruption
• Description: Adobe Photoshop is an application that allows users to view and edit various graphic formats. The application is exposed to a remote memory corruption issue that can result in arbitrary code execution. An attacker can exploit this issue by a specially crafted ".GIF" file. Adobe Photoshop CS5 and CS5.1 are vulnerable.
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-22.html

• CVE-2011- - CVE: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135,CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2425
• Platform: Cross Platform
• Title: Adobe Flash Player Multiple Vulnerabilities
• Description: Adobe Flash Player is a multimedia application available for multiple platforms. The application is exposed to multiple issues. Multiple buffer overflow issues could lead to code execution. Multiple memory corruption issues could lead to code execution. Multiple integer overflow issues could lead to code execution. A cross-site information disclosure issue could lead to code execution. Adobe Flash Player 10.3.181.36 and earlier versions, Adobe Flash Player 10.3.185.25 and earlier versions for Android, Adobe AIR 2.7 and earlier versions are vulnerable.
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-21.html

• 11.33.22 - CVE:CVE-2011-2423,CVE-2011-2422,CVE-2011-2421,CVE-2011-2420,CVE-2010-4309,CVE-2010-430811.6.1.629 are vulnerable.
• Platform: Cross Platform
• Title: Adobe Shockwave Player Multiple Memory Corruption Vulnerabilities
• Description: Adobe Shockwave Player is a multimedia player application. The application is exposed to multiple memory corruption issues. Multiple unspecified memory corruption issues exist. A memory corruption issue exists in the "IML32.dll" library. A memory corruption issue occurs when Shockwave Player parses a ".dir" media file in the "Dirapi.dll" library. A memory corruption issue exists in the "Textra.x32" component. A memory corruption issue exists in the "msvcr90.dll" library. Versions prior to Adobe Shockwave Player
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-19.html

• 11.33.23 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: ZABBIX "backurl" Parameter Cross-Site Scripting
• Description: ZABBIX is web-based enterprise monitoring software. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input to the "backurl" parameter of the "acknow.php" script. Version prior to ZABBIX 1.8.6 are vulnerable.
• Ref: http://www.securityfocus.com/bid/49016/references

• 11.33.24 - CVE: CVE-2011-2133
• Platform: Web Application - Cross Site Scripting
• Title: Adobe RoboHelp Server and RoboHelp Cross-Site Scripting
• Description: Adobe RoboHelp Server is an application for serving RoboHelp files using the IIS web server. Adobe RoboHelp is an application for generating online help systems. The applications are exposed to a cross-site scripting issue because they fail to sufficiently sanitize user-supplied input. RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9 and RoboHelp Server 8 for Windows are affected.
• Ref: http://www.adobe.com/support/security/bulletins/apsb11-23.html

• 11.33.25 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Lasernet CMS "id" Parameter SQL Injection
• Description: Lasernet CMS is a Web-based application implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data submitted to the "id" parameter of the "index.php" script before using it in an SQL query. Lasernet CMS 1.5 is affected and other versions may also be vulnerable.
• Ref: http://www.securityfocus.com/bid/49094/discuss

• 11.33.26 - CVE: Not Available
• Platform: Hardware
• Title: Avaya Media Application Server Client Remote Code Execution
• Description: Avaya Media Application Server is an application for video conference calls. The application is exposed to a remote code execution issue. This issue occurs when an attacker attempts to connect to the listening process. Avaya Aura Application Server 5300 SIP Core 1.0 and 2.0 are vulnerable.
• Ref: http://www.securityfocus.com/bid/48956/discuss

(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit https://www.sans.org/account