@RISK: The Consensus Security Vulnerability Alert

Part I -- Critical Vulnerabilities from TippingPoint (www.tippingpoint.com)

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys

• (1) HIGH: Microsoft Internet Explorer MSADO CacheSize Remote Code Execution
• (2) HIGH: HP OpenView Network Node Manager Multiple Vulnerabilities

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)

Other Microsoft Products

• 11.3.1 - Microsoft Data Access Components ActiveX Data Objects Memory Corruption

Third Party Windows Apps

• 11.3.2 - Quick Notes Plus Multiple DLL Loading Arbitrary Code Execution
• 11.3.3 - Enzip ZIP File Buffer Overflow
• 11.3.4 - BS.Player ".m3u" File Buffer Overflow
• 11.3.5 - SolarFTP "PASV" Command Remote Buffer Overflow
• 11.3.6 - SafeGuard PrivateDisk "privatediskm.sys" Multiple Local Security Bypass Vulnerabilities

Mac Os

• 11.3.7 - Apple Mac OS PackageKit Distribution Script Remote Code Execution

Linux

• 11.3.8 - Linux Kernel "kvm_vcpu_events.interrupt.pad" Field Local Information Disclosure
• 11.3.9 - Ubuntu ifupdown AppArmor Security Bypass Weakness
• 11.3.10 - Ubuntu CUPS Package AppArmor Security Bypass Weakness
• 11.3.11 - NVIDIA CUDA Driver For Linux Local Information Disclosure
• 11.3.12 - SGI IRIX "syssgi()" Local Information Disclosure and Denial of Service

Cross Platform

• 11.3.13 - Evince Multiple Remote Code Execution Vulnerabilities
• 11.3.14 - SAP Management Console Information Disclosure and Denial of Service Vulnerabilities
• 11.3.15 - TIBCO Session Fixation and Multiple Input Validation
• 11.3.16 - dpkg Patches Directory Traversal
• 11.3.17 - Multiple Mobile Phones SMS Message Handling Denial of Service
• 11.3.18 - Mono ASP.NET "mod_mono" Source Code Information Disclosure
• 11.3.19 - McAfee VirusScan Command Line Updater Script Insecure Temporary File Creation
• 11.3.20 - Webkit Frame Object Denial of Service
• 11.3.21 - HP Data Protector Manager Remote Denial of Service
• 11.3.22 - NetSupport Manager Remote Buffer Overflow
• 11.3.23 - QEMU KVM VNC Password Security Bypass
• 11.3.24 - Libpng "png_set_rgb_to_gray()" Remote Code Execution
• 11.3.25 - Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service
• 11.3.26 - HP OpenView Network Node Manager Multiple Unspecified Remote Code Execution Vulnerabilities

Web Application - Cross Site Scripting

• 11.3.27 - Novell Identity Manager Unspecified Cross-Site Scripting
• 11.3.28 - PHP MicroCMS "page_text" Parameter Cross-Site Scripting
• 11.3.29 - SGX-SP Final "shop.cgi" Multiple Cross-Site Scripting Vulnerabilities

Web Application - SQL Injection

• 11.3.30 - WikLink "getURL.php" SQL Injection
• 11.3.31 - Phenotype CMS URI SQL Injection
• 11.3.32 - phpMySport SQL Injection and Cookie Authentication Bypass Vulnerabilities
• 11.3.33 - WikLink Multiple SQL Injection Vulnerabilities
• 11.3.34 - Mingle Forum Plugin For WordPress SQL Injection and Security Bypass Vulnerabilities
• 11.3.35 - Drupal Webform Module Unspecified SQL Injection
• 11.3.36 - TinyBB "Profile" SQL Injection
• 11.3.37 - Aimluck Products Unspecified SQL Injection

Web Application

• 11.3.38 - PhpGedView "pgvaction" Parameter Local File Include
• 11.3.39 - Sahana Agasti Multiple Input Validation Vulnerabilities
• 11.3.40 - Zwii "set[template][value]" Local File Include
• 11.3.41 - Newv SmartClient "NewvCommon.ocx" ActiveX Control Multiple Vulnerabilities

Network Device

• 11.3.42 - DriveCrypt "DCR.sys" Arbitrary File Read Write Local Privilege Escalation
• 11.3.43 - Research In Motion BlackBerry Device Software Remote Denial of Service
• 11.3.44 - Cisco ASA 5500 Series 8.2(3) Multiple Remote Vulnerabilities
• 11.3.45 - Cisco IOS Denial of Service and Security Bypass Vulnerabilities

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Josh Bronson at TippingPoint, a division of HP, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/risk/#process

Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 3, 2011

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 10794 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

• 11.3.1 - CVE: CVE-2011-0026, CVE-2011-0027
• Platform: Other Microsoft Products
• Title: Microsoft Data Access Components ActiveX Data Objects Memory Corruption
• Description: Microsoft Data Access Components are a collection of components that allow users to access and modify the content in databases. Microsoft Data Access Components are prone to a remote memory corruption vulnerability that affects the ActiveX Data Object Dynamic Linked Library.
• Ref: http://www.microsoft.com/technet/security/Bulletin/MS11-002.mspx

• 11.3.2 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Quick Notes Plus Multiple DLL Loading Arbitrary Code Execution
• Description: Quick Notes Plus is an application used to create notes. The application is exposed to an issue that lets attackers execute arbitrary code. The issue arises because the application searches for the "mfc71loc.dll" and "mfc71enu.dll" Dynamic Link Library files in the current working directory. Quick Notes Plus version 5.0.0.47 is affected.
• Ref: http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html

• 11.3.3 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: Enzip ZIP File Buffer Overflow
• Description: Enzip is a file compression/extraction application. The application is exposed to a buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The issue occurs when handling specially crafted ZIP files. Enzip version 3.00 is affected.
• Ref: http://www.securityfocus.com/bid/45697

• 11.3.4 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: BS.Player ".m3u" File Buffer Overflow
• Description: BS.Player is a multimedia player available for Microsoft Windows. BS.Player is exposed to a buffer overflow issue because it fails to perform adequate checks on user-supplied input. Specifically, this issue occurs when processing an ".m3u" file. BS.Player version 2.57 is affected.
• Ref: http://www.securityfocus.com/bid/45713

• 11.3.5 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: SolarFTP "PASV" Command Remote Buffer Overflow
• Description: SolarFTP is an FTP server available for Microsoft Windows. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. Specifically, the issue occurs when an overly large string is provided to the "PASV" command. SolarFTP version 2.1 is affected.
• Ref: http://www.securityfocus.com/bid/45748

• 11.3.6 - CVE: Not Available
• Platform: Third Party Windows Apps
• Title: SafeGuard PrivateDisk "privatediskm.sys" Multiple Local Security Bypass Vulnerabilities
• Description: SafeGuard PrivateDisk is a security product available for Microsoft Windows. The application is exposed to multiple local security bypass issues because it fails to properly protect the mounted devices. SafeGuard PrivateDisk versions 2.0 and 2.3 are affected.
• Ref: http://www.securityfocus.com/bid/45749

• 11.3.7 - CVE: CVE-2010-4013
• Platform: Mac Os
• Title: Apple Mac OS PackageKit Distribution Script Remote Code Execution
• Description: Apple Mac OS X is exposed to a remote code execution vulnerability due to a format string issue in the PackageKit component. This issue occurs due to improper validation of distribution scripts. Apple Mac OS X versions 10.6.x are affected.
• Ref: http://support.apple.com/kb/HT4498

• 11.3.8 - CVE: CVE-2010-4525
• Platform: Linux
• Title: Linux Kernel "kvm_vcpu_events.interrupt.pad" Field Local Information Disclosure
• Description: The Linux kernel is exposed to a local information disclosure issue because it fails to properly clear certain structure members before sending them to user space. Linux Kernel versions 2.6.33.x and 2.6.34.x are affected.
• Ref: http://comments.gmane.org/gmane.comp.security.oss.general/4032

• 11.3.9 - CVE: Not Available
• Platform: Linux
• Title: Ubuntu ifupdown AppArmor Security Bypass Weakness
• Description: Ubuntu ifupdown is a tool for managing network interfaces. AppArmor is a Linux application security framework that provides additional protections against the exploitation of vulnerabilities through mandatory access control for programs. Ubuntu ifupdown is exposed to a security bypass weakness that may cause AppArmor to run the DHCP client in unprotected mode.
• Ref: http://www.securityfocus.com/bid/45706

• 11.3.10 - CVE: Not Available
• Platform: Linux
• Title: Ubuntu CUPS Package AppArmor Security Bypass Weakness
• Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. The Ubuntu CUPS package is exposed to a security bypass weakness that may cause the application to run without AppArmor protection. Specifically, due to a race condition error, the application may start before the AppArmor profile is loaded.
• Ref: http://www.securityfocus.com/bid/45710

• 11.3.11 - CVE: Not Available
• Platform: Linux
• Title: NVIDIA CUDA Driver For Linux Local Information Disclosure
• Description: NVIDIA CUDA Driver for Linux is exposed to a local information disclosure issue. Specifically, the "cudaHostAlloc()" and "cuMemHostAlloc()" API function calls fail to initialize the pinned memory before copying it back to a user space.
• Ref: http://www.securityfocus.com/archive/1/515591

• 11.3.12 - CVE: Not Available
• Platform: Linux
• Title: SGI IRIX "syssgi()" Local Information Disclosure and Denial of Service
• Description: The SGI IRIX kernel is exposed to a local information disclosure and denial of service issue because kernel memory may be read in userspace via the "SGI_XLV_ATTR_GET" value, when the attribute value is "XLV_ATTR_STATS". Specifically, the issue occurs due to a signedness condition in the validation of a user-supplied array index value in the "syssgi()" system call. SGI IRIX 6.5.x versions are affected.
• Ref: http://www.digit-security.com/research.php

• 11.3.13 - CVE: CVE-2010-2643,CVE-2010-2642,CVE-2010-2641,CVE-2010-2640
• Platform: Cross Platform
• Title: Evince Multiple Remote Code Execution Vulnerabilities
• Description: Evince is an application for viewing multiple document formats. The application is exposed to multiple remote code execution issues. The problem occurs because the Evince font parser incorrectly allocates sufficient buffer sizes when rendering DVI files.
• Ref: http://permalink.gmane.org/gmane.linux.ubuntu.devel.changes.natty/4409

• 11.3.14 - CVE: Not Available
• Platform: Cross Platform
• Title: SAP Management Console Information Disclosure and Denial of Service Vulnerabilities
• Description: SAP Management Console provides a common framework for centralized system management. SAP Management Console is exposed to an information disclosure issue and a denial of service issue.
• Ref: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-002

• 11.3.15 - CVE: CVE-2010-4499,CVE-2010-4498,CVE-2010-4497,CVE-2010-4496
• Platform: Cross Platform
• Title: TIBCO Session Fixation and Multiple Input Validation
• Description: Collaborative Information Manager and ActiveCatalog are products of TIBCO. The applications are exposed to multiple issues because they fail to sufficiently sanitize user-supplied data. TIBCO Collaborative Information Manager versions prior to 8.1.0 and TIBCO ActiveCatalog versions prior to 1.0.1 are affected.
• Ref: http://www.tibco.com/services/support/advisories/default.jsp

• 11.3.16 - CVE: CVE-2010-1679
• Platform: Cross Platform
• Title: dpkg Patches Directory Traversal
• Description: dpkg is an application for handling the installation and removal of software packages. dpkg is exposed to a directory traversal issue because it fails to sufficiently sanitize user-supplied input. Specifically the package management system fails to sanitize directory traversal strings (../) in patches included in patches.
• Ref: http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html

• 11.3.17 - CVE: Not Available
• Platform: Cross Platform
• Title: Multiple Mobile Phones SMS Message Handling Denial of Service
• Description: Multiple Mobile Phones are exposed to a denial of service vulnerability when handling malformed SMS messages. Specifically, the issue occurs when a device receives a binary SMS with a specially crafted user data header of the SMS protocol.
• Ref: http://www.technologyreview.com/communications/27021/page2/?a=f

• 11.3.18 - CVE: CVE-2010-4225
• Platform: Cross Platform
• Title: Mono ASP.NET "mod_mono" Source Code Information Disclosure
• Description: Mono ASP.NET is a multi platform open source implementation of the Microsoft .NET architecture. The application is exposed to an unspecified source code disclosure issue that affects the "mod_mono" module. Mono ASP.NET versions prior to 2.8.2 are affected.
• Ref: http://www.mono-project.com/Vulnerabilities#XSP.2Fmod_mono_source_code_disclosur
  e

• 11.3.19 - CVE: Not Available
• Platform: Cross Platform
• Title: McAfee VirusScan Command Line Updater Script Insecure Temporary File Creation
• Description: McAfee VirusScan Command Line is a command line interface for scanning malware. McAfee VirusScan Command Line creates temporary files in the "/tmp" directory in an insecure manner. This issue occurs in the updater script which may cause victims to store downloaded data in the "/tmp" directory. McAfee VirusScan Command Line version 6.0 is affected.
• Ref: https://kc.mcafee.com/corporate/index?page=content&id=KB67513

• 11.3.20 - CVE: CVE-2010-4204, CVE-2010-4577, CVE-2010-4197
• Platform: Cross Platform
• Title: Webkit Frame Object Denial of Service
• Description: WebKit is a browser framework used in multiple applications, including the Apple Safari and Google Chrome browsers. Webkit is exposed to a denial of service issue when accessing a frame object after the object has been destroyed.
• Ref: http://googlechromereleases.blogspot.com/2010/11/stable-channel-update.html

• 11.3.21 - CVE: Not Available
• Platform: Cross Platform
• Title: HP Data Protector Manager Remote Denial of Service
• Description: HP Data Protector is a backup and recovery solution. HP Data Protector Manager is used to remotely manage the backup solution. HP Data Protector Manager is exposed to a remote denial of service issue that occurs in the "_rm32.dll" module when allocating memory with a huge size provided in specially crafted requests. HP Data Protector Manager version 6.11 is affected.
• Ref: http://www.securityfocus.com/bid/45725

• 11.3.22 - CVE: Not Available
• Platform: Cross Platform
• Title: NetSupport Manager Remote Buffer Overflow
• Description: NetSupport Manager is a remote control and management application available for multiple platforms. The application is exposed to a buffer overflow issue because it fails to properly validate user-supplied input.
• Ref: http://www.securityfocus.com/bid/45728

• 11.3.23 - CVE: Not Available
• Platform: Cross Platform
• Title: QEMU KVM VNC Password Security Bypass
• Description: QEMU is a processor emulator that is available for various platforms. QEMU is exposed to a security bypass issue that affects the VNC server when the password is unset or is an empty string.
• Ref: https://bugzilla.redhat.com/show_bug.cgi?id=668589

• 11.3.24 - CVE: CVE-2011-0408
• Platform: Cross Platform
• Title: Libpng "png_set_rgb_to_gray()" Remote Code Execution
• Description: The "libpng" library is a PNG reference library. The "libpng" library is exposed to a remote code execution issue that affects the "png_set_rgb_to_gray()" function of the "prngrtran.c" source file when handling palette mapped images. libpng version 1.5.0 is affected.
• Ref: http://www.kb.cert.org/vuls/id/643140

• 11.3.25 - CVE: CVE-2010-4671, CVE-2010-4670, CVE-2010-4669
• Platform: Cross Platform
• Title: Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service
• Description: Multiple vendors' products are exposed to an IPv6-related denial of service issue. Specifically, the issue occurs in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack when handling multiple Router Advertisement (RA) messages with different source addresses.
• Ref: http://www.ciscosystems.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf

• 11.3.26 - CVE:CVE-2011-0271,CVE-2011-0270,CVE-2011-0269,CVE-2011-0268,CVE-2011-0267,CVE-2011-0266,CVE-2011-0265,CVE-2011-0264,CVE-2011-0263,CVE-2011-0262,CVE-2011-0261
• Platform: Cross Platform
• Title: HP OpenView Network Node Manager Multiple Unspecified Remote Code Execution Vulnerabilities
• Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. OpenView NNM is exposed to multiple unspecified remote code execution issues. OpenView Network Node Manager versions 7.51 and 7.53 are affected.
• Ref: http://www.securityfocus.com/archive/1/515628

• 11.3.27 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: Novell Identity Manager Unspecified Cross-Site Scripting
• Description: Novell Identity Manager is an application used for automating identity management. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied input to unspecified parameter in the "Approval Form". Identity Manager Roles Based Provisioning Module 3.7.0 (User Application 3.7.0) prior to Field Patch 370D is affected.
• Ref: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5085293.
  html

• 11.3.28 - CVE: Not Available
• Platform: Web Application - Cross Site Scripting
• Title: PHP MicroCMS "page_text" Parameter Cross-Site Scripting
• Description: PHP MicroCMS is a PHP-based content manager. The application is exposed to a cross-site scripting issue because it fails to sufficiently sanitize user-supplied data to the "page_text" parameter of the "index.php" script. PHP MicroCMS version 1.0.1 is affected.
• Ref: http://www.securityfocus.com/archive/1/515582

• 11.3.29 - CVE: CVE-2010-3926
• Platform: Web Application - Cross Site Scripting
• Title: SGX-SP Final "shop.cgi" Multiple Cross-Site Scripting Vulnerabilities
• Description: SGX-SP Final is a web-based shopping cart application. The application is exposed to multiple cross-site scripting issues because it fails to properly sanitize user-supplied input to unspecified parameters in the "shop.cgi" script. SGX-SP Final version 10.0 is affected.
• Ref: http://www.securityfocus.com/bid/45752

• 11.3.30 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WikLink "getURL.php" SQL Injection
• Description: WikLink is a PHP-based web application. The application is exposed to an SQL injection issue because it fails to properly sanitize user-supplied input before using it in an SQL query. WikLink version 0.1.3 is affected.
• Ref: http://www.securityfocus.com/bid/45673

• 11.3.31 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Phenotype CMS URI SQL Injection
• Description: Phenotype CMS is a PHP-based content management system. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data from the URI. Phenotype CMS version 3.0 is affected.
• Ref: http://www.securityfocus.com/archive/1/515577

• 11.3.32 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: phpMySport SQL Injection and Cookie Authentication Bypass Vulnerabilities
• Description: phpMySport is a PHP-based application. The application is exposed to multiple input validation issues. The attacker can leverage the authentication bypass vulnerability to gain administrative access to the affected application. phpMySport version 1.4 is affected.
• Ref: http://www.htbridge.ch/advisory/authentication_bypass_in_phpmysport.html

• 11.3.33 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: WikLink Multiple SQL Injection Vulnerabilities
• Description: WikLink is a PHP-based web application. The application is exposed to multiple SQL injection issues because it fails to properly sanitize user-supplied input before using it in an SQL query. WikLink version 0.1.3 is affected.
• Ref: http://www.securityfocus.com/bid/45731

• 11.3.34 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Mingle Forum Plugin For WordPress SQL Injection and Security Bypass Vulnerabilities
• Description: Mingle Forum is a PHP-based web forum plugin for WordPress. The application is exposed to multiple security issues. Mingle Forum versions 1.0.24 and 1.0.26 are affected.
• Ref: http://www.charleshooper.net/blog/multiple-vulnerabilities-in-mingle-forum-wordp
  ress-plugin/

• 11.3.35 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: Drupal Webform Module Unspecified SQL Injection
• Description: Drupal is a web-based content manager. Webform is a Drupal module that is used to create questionnaires, contact forms, surveys, and other forms. The Webform module for Drupal is exposed to an unspecified SQL injection issue because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Versions prior to Webform 6.x-3.5 are affected.
• Ref: http://drupal.org/node/1021210

• 11.3.36 - CVE: Not Available
• Platform: Web Application - SQL Injection
• Title: TinyBB "Profile" SQL Injection
• Description: TinyBB is a bulletin-board application. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data passed to the "id" parameter of the "index.php" script when "page" is set to "profile". TinyBB version 1.2 is affected.
• Ref: http://www.securityfocus.com/bid/45737

• 11.3.37 - CVE: CVE-2010-3924
• Platform: Web Application - SQL Injection
• Title: Aimluck Products Unspecified SQL Injection
• Description: Aimluck products are web-based groupware applications. The applications are prone to an unspecified SQL injection issue because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Aipo versions prior to 5.1.0.1 and Aipo ASP 5.1.0 1 are affected.
• Ref: http://www.securityfocus.com/bid/45755

• 11.3.38 - CVE: Not Available
• Platform: Web Application
• Title: PhpGedView "pgvaction" Parameter Local File Include
• Description: PhpGedView is a PHP-based web application designed to view and edit genealogy. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "pgvaction" parameter of the "module.php" script. PhpGedView version 4.2.3 is affected.
• Ref: http://www.securityfocus.com/bid/45674

• 11.3.39 - CVE: Not Available
• Platform: Web Application
• Title: Sahana Agasti Multiple Input Validation Vulnerabilities
• Description: Sahana Agasti is a disaster management web application. The application is exposed to multiple input validation issues because it fails to sufficiently sanitize user-supplied data. Sahana Agasti versions 0.6.5 and earlier are affected.
• Ref: http://www.securityfocus.com/bid/45730/references

• 11.3.40 - CVE: Not Available
• Platform: Web Application
• Title: Zwii "set[template][value]" Local File Include
• Description: Zwii is a PHP-based content management application. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "set[template][value]" parameter of the "system/system.php" script. Zwii version 2.1.1 is affected.
• Ref: http://www.securityfocus.com/bid/45736

• 11.3.41 - CVE: Not Available
• Platform: Web Application
• Title: Newv SmartClient "NewvCommon.ocx" ActiveX Control Multiple Vulnerabilities
• Description: Newv SmartClient is a web-based application used for SmartLearning. NewvCommon is an ActiveX control for Newv SmartClient. The Newv SmartClient NewvCommon ActiveX control is exposed to multiple issues. 1) Multiple insecure method issues that affect the "DelFile()" and "RunCommand()" methods. 2) A stack-based buffer overflow issue that affects the "FilePath" parameter of the "WriteTextFile()" method. Newv SmartClient version 1.1.0.0 is affected.
• Ref: http://www.nansec.com/

• 11.3.42 - CVE: Not Available
• Platform: Network Device
• Title: DriveCrypt "DCR.sys" Arbitrary File Read Write Local Privilege Escalation
• Description: DriveCrypt is an application that allows users to encrypt data contained in a storage device. The application is exposed to a local privilege escalation issue. Specifically, the issue affects the "DCR.sys" file when handling the "DCR_IOCTL" IOCTL call. DriveCrypt versions 5.3 and earlier are affected.
• Ref: http://www.securstar.com/products_drivecrypt.php

• 11.3.43 - CVE: CVE-2010-2599, CVE-2010-2604
• Platform: Network Device
• Title: Research In Motion BlackBerry Device Software Remote Denial of Service
• Description: Research In Motion BlackBerry Device Software is the user interface application for BlackBerry mobile phones. The software includes common utilities and applications such as a web browser. The application is exposed to a denial of service issue that occurs when viewing a malicious webpage. Research In Motion BlackBerry Device Software versions prior to 6.0.0 are affected.
• Ref: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&extern
  alId=KB24841

• 11.3.44 - CVE:CVE-2010-4682,CVE-2010-4681,CVE-2010-4680,CVE-2010-4679,CVE-2010-4678,CVE-2010-4677,CVE-2010-4676,CVE-2010-4675,CVE-2010-4672
• Platform: Network Device
• Title: Cisco ASA 5500 Series 8.2(3) Multiple Remote Vulnerabilities
• Description: Cisco Adaptive Security Appliance (ASA) 5500 series security appliances are network security devices. The Cisco ASA 5500 series security appliances are exposed to multiple issues.
• Ref: http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.pdf

• 11.3.45 - CVE: CVE-2010-4687,CVE-2010-4686,CVE-2010-4685,CVE-2010-4684
• Platform: Network Device
• Title: Cisco IOS Denial of Service and Security Bypass Vulnerabilities
• Description: Cisco IOS is exposed to multiple issues. 1) A denial of service issue when TFTP debugging is enabled. 2) A security bypass issue occurs because of a failure to properly clear the public key cache. 3) A denial of service issue occurs in CallManager Express (CME) because of a failure to properly handle malformed SIP TRUNK traffic. 4) A denial of service issue occurs in the SCCP telephony control application because of a failure to properly handle multiple calls to a shared line. Cisco IOS versions prior to 15.0(1)XA1 are affected.
• Ref: http://www.securityfocus.com/bid/45769/references

(c) 2011. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization. For a free subscription or to update a current subscription, visit http://portal.sans.org/