Last day to save $500 for SANS San Diego 2013

@RISK: The Consensus Security Vulnerability Alert

Volume: IX, Issue: 16
April 15, 2010

SANS Newsletters Home

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

@RISK is the SANS community's consensus bulletin summarizing the most important vulnerabilities and exploits identified during the past week and providing guidance on appropriate actions to protect your systems (PART I). It also includes a comprehensive list of all new vulnerabilities discovered in the past week (PART II).

Summary of the vulnerabilities reported this week:

    • Category
    • # of Updates & Vulnerabilities
    • Summary of Updates and Vulnerabilities in this Consensus
    • Platform Number of Updates and Vulnerabilities
    • - ------------------------ -------------------------------------
    • Windows
    • 15 (#1, #2, #3, #9, #10, #11, #12)
    • Other Microsoft Products
    • 2 (#4, #5)
    • Third Party Windows Apps
    • 2
    • Mac Os
    • 12
    • Linux
    • 2
    • Cross Platform
    • 40 (#6, #7, #8)
    • Web Application - Cross Site Scripting 3
    • Web Application - SQL Injection 3
    • Web Application
    • 22
    • Network Device
    • 2

**************** Sponsored By Trusted Computer Solutions ****************

OS hardening is risky business when relying on manual scripts to secure your enterprise. Security Blanket automates this error prone process for consistent hardening to guidelines such as DISA STIGs and SANS CAG Top 20 Critical Controls. Saving time and complying with policy is what Security Blanket is all about. Try it for FREE today!

http://www.sans.org/info/57893

*************************************************************************

TRAINING UPDATE

- -- SANS Security West 2010, San Diego, May 7-15, 2010 23 courses. Bonus evening presentations include Killer Bee: Exploiting ZigBee and the Kinetic World

http://www.sans.org/security-west-2010/

- -- SANSFIRE 2010, Baltimore, June 6-14, 2010 38 courses. Bonus evening presentations include Software Security Street Fighting Style and The Verizon Data Breach Investigations Report

http://www.sans.org/sansfire-2010/

- -- SANS Secure Europe Amsterdam 2010, June 21-July 3, 2010 8 courses.

http://www.sans.org/secure-amsterdam-2010/

- -- SANS Rocky Mountain 2010, Denver, July 12-17, 2010 8 courses. Bonus evening presentations include Hiding in Plain Sight: Forensic techniques to Counter the Advanced Persistent Threat

http://www.sans.org/rocky-mountain-2010/

- -- SANS Boston 2010, August 2-8, 2010 11 courses

http://www.sans.org/boston-2010/

Looking for training in your own community? http://sans.org/community/ Save on On-Demand training (30 full courses) - See samples at http://www.sans.org/ondemand/spring09.php

Plus Geneva, Toronto, Singapore and Canberra all in the next 90 days.

For a list of all upcoming events, on-line and live: http://www.sans.org/index.php

*************************************************************************

Table Of Contents
Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com)
Windows
Other Microsoft Products
Third Party Windows Apps
Mac Os
Linux
Cross Platform
Web Application - Cross Site Scripting
Web Application - SQL Injection
Web Application
Network Device

************************ Sponsored Link: *************************

1) SIEM 2.0 - VIEW Demo of SC Magazine's Best Buy and Innovator of the Year. http://www.sans.org/info/57898

******************************************************************

PART I Critical Vulnerabilities

PART I Critical Vulnerabilities Part I for this issue has been compiled by Rohan Kotian at TippingPoint, a division of 3Com, as a by-product of that company's continuous effort to ensure that its intrusion prevention products effectively block exploits using known vulnerabilities. TippingPoint's analysis is complemented by input from a council of security managers from twelve large organizations who confidentially share with SANS the specific actions they have taken to protect their systems. A detailed description of the process may be found at http://www.sans.org/newsletters/cva/#process

Widely Deployed Software
  • (1) CRITICAL: Microsoft Windows SMB Client Multiple Vulnerabilities (MS10-020)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit Systems
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems*
    • Windows Server 2008 R2 for Itanium-based Systems

  • Description: Multiple vulnerabilities have been identified in Microsoft's Server Message Block (SMB) implementation, a standard protocol for resource, file, and printer sharing in Microsoft Windows installations. The first issue is a denial of service vulnerability caused by an error in the way Microsoft SMB client handles incomplete SMB responses. The second issue is a code execution vulnerability caused by an error in the way Microsoft SMB client allocates memory while parsing specially crafted SMB responses. Authentication is not required to exploit this vulnerability. The third issue is a code execution vulnerability caused as a result of Microsoft SMB client improperly validating fields in the SMB transact response. The fourth issue is a code execution vulnerability caused as a result of Microsoft SMB client incorrectly parsing specially crafted SMB transaction responses. The fifth issue is code execution vulnerability caused as a result of Microsoft SMB client incorrectly parsing specially crafted SMB responses and authentication is not required to exploit this vulnerability. Some technical details are provided for these vulnerabilities.

  • Status: Vendor confirmed, updates available.

  • References:
  • (2) CRITICAL: Microsoft MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability (MS10-026)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**

  • Description: A buffer overflow vulnerability has been reported in Microsoft MPEG Layer-3 audio codec, a software that is used to compress or decompress a media file. A specially crafted AVI file that contains the malformed MPEG Layer-3 audio stream can be used to trigger this vulnerability. MPEG Layer-3 Audio Codec for Microsoft DirectShow "l3codecx.ax" and the Fraunhofer IIS MPEG Layer-3 ACM codec's "L3codeca.acm" and "L3codecp.acm" are the vulnerable audio codec's. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Technical details for this vulnerability are not publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (3) CRITICAL: Microsoft Windows Media Player ActiveX Control Code Execution Vulnerability (MS10-027)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2
    • Windows Media Player 9 Series
    • Windows XP Service Pack 3

  • Description: Microsoft Windows Media Player, a feature of Windows operating system, is used to play audio and video files. A code execution vulnerability has been identified in the Windows Media Player ActiveX control. The issue is caused by an error while retrieving a codec for an unknown fourCC compression code. Successful exploitation might allow an attacker to execute arbitrary code in the context of the user using the affected application. Some technical details for the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (4) CRITICAL: Microsoft Office Publisher Buffer Overflow Vulnerability (MS10-023)
  • Affected:
    • Microsoft Office XP Service Pack 3
    • Microsoft Office 2003 Service Pack 3
    • 2007 Microsoft Office System Service Pack 1
    • 2007 Microsoft Office System Service Pack 2

  • Description: Microsoft Office Publisher, a popular Desktop Publishing (DTP) application and Microsoft Office component, contains a buffer overflow vulnerability. A specially crafted Publisher file can be used to trigger this vulnerability. The issue is caused by a boundary error in the code, responsible for converting files from the Publisher 97 format, while processing a TextBox item. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Some technical details about the vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (5) CRITICAL: Microsoft Office Visio Multiple Vulnerabilities (MS10-028)
  • Affected:
    • Microsoft Office Visio 2002 Service Pack 2
    • Microsoft Office Visio 2003 Service Pack 3
    • Microsoft Office Visio 2007 Service Pack 1
    • Microsoft Office Visio 2007 Service Pack 2

  • Description: Microsoft Visio is a diagramming software from Microsoft and has been identified with two vulnerabilities. A specially crafted Visio file can be used to trigger this vulnerability. The first issue is caused by an error in Microsoft Office Visio in its validation of certain attributes while processing specially crafted Visio files. The second issue is caused by an error in Microsoft Office Visio in its calculation of indexes while processing specially crafted Visio files. Successful exploitation in both the cases might allow an attacker to execute arbitrary code in the context of the affected application. Technical details for these vulnerabilities are not available in public.

  • Status: Vendor confirmed, updates available.

  • References:
  • (8) CRITICAL: VMware Multiple Products Multiple Vulnerabilities
  • Affected:
    • VMware Workstation 7.0
    • VMware Workstation 6.5.3 and earlier
    • VMware Player 3.0
    • VMware Player 2.53 and earlier
    • VMware ACE 2.6
    • VMware ACE 2.5.3 and earlier
    • VMware Server 2.0.2 and earlier
    • VMware Fusion 3.0
    • VMware Fusion 2.0.6 and earlier
    • VMware VIX API for Windows 1.6.x
    • VMware ESXi 4.0 before patch ESXi400-201002402-BG
    • VMware ESXi 3.5 before patch ESXe350-200912401-T-BG
    • VMware ESX 4.0 without patches ESX400-201002401-BG, ESX400-200911223-UG
    • VMware ESX 3.5 without patch ESX350-200912401-BG
    • VMware ESX 3.0.3 without patch ESX303-201002203-UG
    • VMware ESX 2.5.5 without Upgrade Patch 15

  • Description: VMware, a virtualization software available for a variety of platforms, has multiple vulnerabilities. The first issue is a code execution vulnerability caused by an error in the way VMware libraries are referenced, and this issue affects only Windows Guest Operating Systems. The second issue is a code execution vulnerability caused by an error in the way VMware executables are loaded, and this issue affects only Windows Guest Operating Systems. The third issue is a privilege escalation issue because of an error in the USB service. The fourth issue is an uninitialized-memory-read error in the libpng libraries through 1.2.35. The fifth issue is heap overflow errors in the VMware movie decoder, which can be triggered by a malicious video file. The sixth issue is a format string error in the VMware Remote Console "VMrc", an application that is installed when the VMrc browser plug-in is installed. The seventh issue is a denial of service vulnerability on Windows based systems caused by an error in vmware-authd. The eight issue is an information disclosure vulnerability caused by an error in the virtual networking stack of VMware's different products. The last issue is a format string vulnerability in "vmrun". Some technical details for some of the vulnerabilities are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (9) HIGH: Microsoft Windows Media Services Buffer Overflow Vulnerability (MS10-025)
  • Affected:
    • Microsoft Windows 2000 Server Service Pack 4

  • Description: Microsoft Windows Media Services is a platform that is used for streaming live or on-demand audio and video. A buffer overflow vulnerability has been identified in Windows Media Services. The specific flaw is in the Windows Media Unicast Service "nsum.exe" caused as a result of incorrect handling of specially crafted transport information packets. Successful exploitation might allow an attacker to execute arbitrary code in the context of the affected application. Some technical details for this vulnerability are publicly available.

  • Status: Vendor confirmed, updates available.

  • References:
  • (10) HIGH: Microsoft Windows Authenticode Signature Verification Multiple Vulnerabilities (MS10-019)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit Systems
    • Windows 7 for x64-based Systems
    • Windows Server 2008 R2 for x64-based Systems*
    • Windows Server 2008 R2 for Itanium-based Systems

  • Description: A code execution vulnerability has been identified in Microsoft Windows Authenticode Signature Verification function, which is used to perform verification of trust on a specified object. The specific flaw is caused by an error while processing fields from the file digest, while signing and verifying a portable executable (PE) and a cabinet file. A specially crafted PE or cabinet file can be used to trigger this vulnerability. The second issue is code execution vulnerability in the Microsoft Windows Authenticode Signature Verification for cabinet (.cab) file formats. The specific flaw is caused by an error while processing fields from the file digest, while signing and verifying a cabinet file. A specially crafted cabinet file can be used to trigger this vulnerability. No further details are available for these vulnerabilities in the public.

  • Status: Vendor confirmed, updates available.

  • References:
  • (11) MODERATE: Microsoft Windows SMTP Server Multiple Vulnerabilities (MS10-024)
  • Affected:
    • Microsoft Windows 2000 Service Pack 4
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
    • Windows Server 2008 R2 for x64-based Systems**
    • Microsoft Exchange Server 2000 Service Pack 3
    • Microsoft Exchange Server 2003 Service Pack 2
    • Microsoft Exchange Server 2007 Service Pack 1 for x64-based Systems
    • Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems
    • Microsoft Exchange Server 2010 for x64-based Systems

  • Description: Two vulnerabilities have been identified in Microsoft Windows Simple Mail Transfer Protocol (SMTP) component, which is installed as part of Internet Information Services. The first issue is a denial of service vulnerability and is caused because the component does not parses a specially crafted DNS Mail Exchanger (MX) record correctly. The second issue is an information disclosure vulnerability caused as a result of incorrect allocation of memory by the SMTP component. A specially crafted SMTP command response can be used to trigger this vulnerability. No further details are available for these vulnerabilities in the public.

  • Status: Vendor confirmed, updates available.

  • References:
  • (12) MODERATE: Microsoft Windows ISATAP Component Address Spoofing Vulnerability (MS10-029)
  • Affected:
    • Windows XP Service Pack 2 and Windows XP Service Pack 3
    • Windows XP Professional x64 Edition Service Pack 2
    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Edition Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    • Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
    • Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
    • Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

  • Description: The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is used to provide IPv6 connectivity within IPv4 intranet. An IP address spoofing vulnerability has been identified in the ISATAP component of Microsoft Windows. The specific flaw is that there is an error in the ISATAP component in the way it checks the inner packet's IPv6 source address in a tunneled ISATAP packet. Some technical details for the vulnerability are provided publicly.

  • Status: Vendor confirmed, updates available.

  • References:
Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
Week 16, 2010

Part II -- Comprehensive List of Newly Discovered Vulnerabilities from Qualys (www.qualys.com) Week 16, 2010 This list is compiled by Qualys ( www.qualys.com ) as part of that company's ongoing effort to ensure its vulnerability management web service tests for all known vulnerabilities that can be scanned. As of this week Qualys scans for 9106 unique vulnerabilities. For this special SANS community listing, Qualys also includes vulnerabilities that cannot be scanned remotely. ______________________________________________________________________

  • 10.16.1 - CVE: CVE-2010-0234
  • Platform: Windows
  • Title: Microsoft Windows Kernel NULL Pointer Local Denial of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the Windows kernel. Specifically, a NULL pointer exception can occur when registry keys are passed as arguments to a system call.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.2 - CVE: CVE-2010-0024
  • Platform: Windows
  • Title: Microsoft Windows SMTP Server MX Record Denial of Service
  • Description: Microsoft Windows Simple Mail Transfer Protocol is an email transport service included in email services and Microsoft Internet Information Services. Microsoft Windows Simple Mail Transfer Protocol Server is exposed to a denial of service issue that occurs when handling a specially crafted Domain Name Server Mail Exchange resource record.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
  • 10.16.3 - CVE: CVE-2010-0235
  • Platform: Windows
  • Title: Microsoft Windows Kernel Symbolic Link Local Denial of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the Windows kernel. This issue occurs because the kernel may handle symbolic links in an unsafe manner. Attackers can exploit this issue to cause affected computers to become unresponsive and restart, causing a denial of service.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.4 - CVE: CVE-2010-0269
  • Platform: Windows
  • Title: Microsoft Windows SMB Client Memory Allocation Remote Code Execution
  • Description: Microsoft Windows is exposed to a remote code execution issue in the Server Message Block (SMB) protocol implementation. Specifically, the SMB client fails to properly allocate memory when handling a crafted response from an SMB server. This can lead to memory corruption.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-020.mspx
  • 10.16.5 - CVE: CVE-2010-0238
  • Platform: Windows
  • Title: Microsoft Windows Kernel Invalid Registry Key Local Denial of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the Windows kernel. Specifically, the kernel fails to properly validate registry keys.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.6 - CVE: CVE-2010-0481
  • Platform: Windows
  • Title: Microsoft Windows Kernel Virtual Path Local Denial of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the Windows kernel. Specifically, the kernel fails to properly resolve the real path of a registry key from its actual path.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.7 - CVE: CVE-2010-0482
  • Platform: Windows
  • Title: Microsoft Windows Kernel Image File Relocation Local Denial of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the Windows kernel. Specifically, the kernel fails to properly validate the relocation section of a crafted disk image file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.8 - CVE: CVE-2010-0810
  • Platform: Windows
  • Title: Microsoft Windows Kernel Exception Handling Local Denial of Service
  • Description: Microsoft Windows is exposed to a local denial of service issue that affects the Windows kernel. This issue is due to an unspecified error in exception handling.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.9 - CVE: CVE-2010-0236
  • Platform: Windows
  • Title: Microsoft Windows Kernel Registry Key Symbolic Link Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. Specifically, memory may not be properly allocated when a symbolic link is extracted from a registry key.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.10 - CVE: CVE-2010-0237
  • Platform: Windows
  • Title: Microsoft Windows Kernel Symbolic Link Creation Local Privilege Escalation
  • Description: Microsoft Windows is exposed to a local privilege escalation issue that occurs in the Windows kernel. Specifically, the kernel fails to properly restrict the creation of symbolic links between trusted and untrusted registry hives.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-021.mspx
  • 10.16.11 - CVE: CVE-2010-0486
  • Platform: Windows
  • Title: Microsoft Windows Authenticode Signature Verification Remote Code Execution
  • Description: Microsoft Windows Authenticode Signature Verification is an application that performs a trust verification action on a specified object. Microsoft Windows Authenticode Signature Verification is exposed to a remote code execution issue that occurs because the application omits certain fields from the file digest when signing or verifying Portable Executable or cabinet files.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
  • 10.16.12 - CVE: CVE-2010-0487
  • Platform: Windows
  • Title: Microsoft Windows Cabinet File Viewer Cabview Validation Remote Code Execution
  • Description: Microsoft Windows Cabinet File Viewer is a shell extension that handles cabinet files in the Windows operating system. The application allows users to view, open, browse, and extract cabinet files. Microsoft Windows Cabinet File Viewer is exposed to a remote code execution issue that occurs because the application omits fields from the file digest when viewing a signed cabinet (.cab) file.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-019.mspx
  • 10.16.13 - CVE: CVE-2010-0268
  • Platform: Windows
  • Title: Microsoft Windows Media Player ActiveX Control Remote Code Execution
  • Description: Microsoft Windows Media Player is a multimedia application available for the Windows operating system. The Microsoft Windows Media Player ActiveX control is exposed to a remote code execution issue when handling specially crafted media content. The issue affects Windows Media Player 9 on supported editions of Microsoft Windows 2000 and Windows XP.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-027.mspx
  • 10.16.14 - CVE: CVE-2010-0812
  • Platform: Windows
  • Title: Microsoft Windows ISATAP Component IPv6 Address Spoofing
  • Description: ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) is a tunneling protocol that provides IPv6 connectivity using an existing IPv4 infrastructure. Microsoft Windows is exposed to a spoofing issue that affects the ISATAP component in the Microsoft Windows IPv6 stack. The issue stems from the way Windows checks the inner packet's IPv6 source address in a tunneled ISATAP packet; it can allow attackers to impersonate a source address. The issue affects Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-029.mspx
  • 10.16.15 - CVE: CVE-2010-0025
  • Platform: Windows
  • Title: Microsoft Windows SMTP Server Memory Allocation Information Disclosure
  • Description: Microsoft Windows Simple Mail Transfer Protocol (SMTP) is an email transport service included in email services and Microsoft Internet Information Services. Microsoft Windows SMTP Server is exposed to an information disclosure issue that occurs because the application fails to properly allocate memory when interpreting SMTP command responses.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-024.mspx
  • 10.16.16 - CVE: Not Available
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Attribute Validation Memory Corruption Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote code execution issue. The software fails to properly validate attributes when parsing specially crafted Visio files, which may result in memory corruption.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
  • 10.16.17 - CVE: CVE-2010-0256
  • Platform: Other Microsoft Products
  • Title: Microsoft Visio Index Calculation Memory Corruption Remote Code Execution
  • Description: Microsoft Visio is an application for visualizing and communicating complex drawings and diagrams. Visio is exposed to a remote code execution issue. The software fails to properly calculate indexes when parsing specially crafted Visio files, which may result in memory corruption.
  • Ref: http://www.microsoft.com/technet/security/Bulletin/MS10-028.mspx
  • 10.16.18 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: JustSystems Ichitaro Font Information Processing Remote Code Execution
  • Description: Ichitaro is a word processor available for Microsoft Windows. The application is exposed to a remote code execution issue. Specifically the issue occurs when processing the font information from a specially crafted document. Ichitaro versions 2010 and earlier are affected.
  • Ref: http://www.symantec.com/connect/blogs/new-ichitaro-vulnerability-springs-japan
  • 10.16.19 - CVE: Not Available
  • Platform: Third Party Windows Apps
  • Title: WinSoftMagic Photo Editor PNG File Buffer Overflow
  • Description: WinSoftMagic Photo Editor is an image editing application for Windows. WinSoftMagic Photo Editor is exposed to a remote buffer overflow issue because it fails to adequately bounds check user-supplied data before copying it to an insufficiently sized memory buffer. Specifically, this issue occurs in the application's handling of PNG files.
  • Ref: http://www.securityfocus.com/bid/39354
  • 10.6.2 - CVE: CVE-2010-050010.5.8; Mac OS X versions through and Mac OS X Serverversions through are affected.
  • Platform: Mac Os
  • Title: Apple Mac OS X Firewall Blacklist Denial of Service
  • Description: Apple Mac OS X is exposed to a remote denial of service issue because it fails to properly sanitize user-supplied input. Specifically, resolved DNS names are not properly escaped when performing reverse DNS lookups on remote SSH clients that fail to authenticate. Mac OS X version 10.5.8; Mac OS X Server version
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.21 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X Mail Rule Association Data Integrity Security
  • Description: Mail is an email client application for Mac OS X. Apple Mac OS X is exposed to a security issue in the Mail component that will compromise data integrity. This issue occurs because user-defined filter rules remain active when a mail account is deleted. An attacker can exploit this issue to perform unauthorized actions.
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.22 - CVE: CVE-2010-0510
  • Platform: Mac Os
  • Title: Apple Mac OS X Password Server Outdated Password Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that occurs in the Password Server component. This issue occurs because the application fails to properly replicate passwords. Remote attackers can exploit this issue to gain unauthorized access to the affected computer by using outdated passwords.
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.23 - CVE: Not Available
  • Platform: Mac Os
  • Title: Apple Mac OS X SFLServer Local Privilege Escalation
  • Description: Apple Mac OS X is exposed to a local privilege escalation issue in the OS Services component. Specifically, the "SFLServer" application runs as a member of the "wheel" group, and accesses files in users' home directories in an unsafe manner. Mac OS X version 10.5.8, Mac OS X Server version 10.5.8, Mac OS X versions 10.6 through 10.6.2 and Mac OS X Server versions 10.6 through 10.6.2 are affected.
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.24 - CVE: CVE-2010-0506
  • Platform: Mac Os
  • Title: Apple Mac OS X Image RAW Component NEF File Remote Buffer Overflow
  • Description: Apple Mac OS X is exposed to a buffer overflow issue because it fails to sufficiently validate user-supplied data to the 'Image RAW' component when viewing NEF image files. Mac OS X version 10.5.8 and Mac OS X Server version 10.5.8 are affected .
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.25 - CVE: CVE-2010-0511
  • Platform: Mac Os
  • Title: Apple Mac OS X Podcast Producer Access Validation
  • Description: Podcast Producer is an application for encoding, publishing, and producing podcasts. Mac OS X is exposed to an access validation issue because it fails to properly preserve access controls when a Podcast Composer workflow is overwritten. Mac OS X Server versions 10.6 through 10.6.2 are affected.
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.26 - CVE: CVE-2010-0525
  • Platform: Mac Os
  • Title: Apple Mac OS X Mail Encryption Certificate Selection in Keychain Security Bypass
  • Description: Mail is an email client application for Mac OS X. Apple Mac OS X is exposed to a security bypass issue in Mail. Specifically, when multiple encryption certificates exist for a recipient in the keychain, Mail may not select a key intended for encipherment as determined by the key usage extension. Mac OS X version 10.5.8, Mac OS X Server version 10.5.8, Mac OS X versions 10.6 through 10.6.2 and Mac OS X Server versions 10.6 through 10.6.2 are affected.
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.27 - CVE: CVE-2010-052110.6.3 are affected.
  • Platform: Mac Os
  • Title: Apple Mac OS X Open Directory Anonymous Access Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that affects Open Directory access. Specifically, the vulnerable application fails to properly enforce the "Require authenticated binding between directory and clients" configuration option. Mac OS X Server version 10.5.8 and Mac OS X Server versions 10.6 prior to
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.28 - CVE: CVE-2010-0523
  • Platform: Mac Os
  • Title: Apple Mac OS X Wiki Server File Upload Security Bypass
  • Description: Wiki Server is a server application for Apple Mac OS X to host wiki pages. The application is exposed to a security vulnerability because it fails to adequately restrict file types that can be uploaded by users. Mac OS X Server versions 10.5.8 and earlier are affected.
  • Ref: http://support.apple.com/kb/HT4077
  • 10.16.29 - CVE: CVE-2010-0522
  • Platform: Mac Os
  • Title: Apple Mac OS X Server Admin Screen Sharing Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue that occurs in the Server Admin component. This issue occurs because the application fails to properly handle administrator's privileges.
  • Ref: http://www.securityfocus.com/bid/39290
  • 10.16.30 - CVE: CVE-2010-0534
  • Platform: Mac Os
  • Title: Apple Mac OS X Wiki Server Weblog SACL Security Bypass
  • Description: Apple Mac OS X is exposed to a security bypass issue in the Wiki Server component. This issue occurs because the application fails to properly enforce service access control lists when a user creates a weblog. Mac OS X and Mac OS X Server versions 10.6 through 10.6.2 are affected.
  • Ref: http://www.securityfocus.com/bid/39291
  • 10.16.31 - CVE: CVE-2010-0502
  • Platform: Mac Os
  • Title: Apple Mac OS X iChat Server Logging Security Bypass
  • Description: Apple iChat Server is an instant messaging server included in Apple Mac OS X. iChat Server is exposed to a security bypass issue affecting configurable group logging. Specifically, this issue may result in messages not being properly logged by the affected server. Mac OS X Server version 10.5.8 and Mac OS X Server versions 10.6 prior to 10.6.3 are affected.
  • Ref: http://www.securityfocus.com/bid/39235
  • 10.16.32 - CVE: CVE-2010-1146
  • Platform: Linux
  • Title: Linux Kernel ReiserFS Security Bypass
  • Description: The Linux kernel is exposed to a security bypass issue because the ReiserFS file system implementation fails to properly restrict access to the ".reiserfs_priv" directory that is used to store extended attributes.
  • Ref: http://marc.info/?l=linux-kernel&m=127076012022155&w=2
  • 10.16.33 - CVE: Not Available
  • Platform: Linux
  • Title: "am-utils" Package "amqsvc_is_client_allowed()" Security Bypass
  • Description: The "am-utils" package is a part of the BSD automounter "amd". The application is exposed to a security bypass issue because of an error in the implementation of TCP wrappers. Specifically, the "amqsvc_is_client_allowed" function in the "amq_svc.c" source code file does not properly handle certain "host." rules. "am-utils" version 6.1.5 is affected.
  • Ref: https://bugzilla.redhat.com/show_bug.cgi?id=566711
  • 10.16.34 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Virata EmWeb URI Remote Denial Of Service
  • Description: Virata EmWeb is an embedded interface application for network devices. Virata EmWeb software can be found in multiple printers and DSL modems. The application is exposed to a remote denial of service issue because it fails to handle specially crafted URI data. Specifically, attackers can trigger this issue by sending a URI of 512 bytes to a device running a vulnerable version of the application. Virata EmWeb version R6.0.1 is affected.
  • Ref: http://www.exploit-db.com/exploits/12095
  • 10.16.35 - CVE: CVE-2010-1149
  • Platform: Cross Platform
  • Title: udisks "probers/udisks-dm-export.c" Local Information Disclosure
  • Description: udisks provides a daemon, D-Bus API and command line tools for managing disks and storage devices. udisks is exposed to an information disclosure issue because the application discloses encryption keys when exporting the device mapper table data to udev. Specifically the issue occurs in the "probers/udisks-dm-export.c" file. udisks version 1.0.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39265
  • 10.16.36 - CVE: Not Available
  • Platform: Cross Platform
  • Title: abcm2ps Versions Prior to 5.9.12 Multiple Vulnerabilities
  • Description: abcm2ps is a command line ABC to PostScript music sheet converter implemented in C. The application is exposed to multiple security issues: Three buffer overflow issues, two local information disclosure issues and a postscript injection issue. abcm2ps versions prior to 5.9.12 are affected.
  • Ref: http://osdir.com/ml/wikibugs-l/2010-03/msg01789.html
  • 10.16.37 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AnyZip ZIP File Remote Buffer Overflow
  • Description: AnyZip is a file compression/extraction application. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted ZIP files. AnyZip version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39287
  • 10.16.38 - CVE: CVE-2010-0055
  • Platform: Cross Platform
  • Title: xar Package Signature Validation Remote Security Bypass
  • Description: xar (eXtensible ARchiver) is an archiving application. xar is exposed to a security bypass issue because it fails to properly verify signatures. Specifically, the "xar_open()" function and the "xar_signature_copy_signed_data()" function may use different offsets to locate an archive's checksum when validating the signature. xar versions prior to1.5.3 are affected.
  • Ref: http://code.google.com/p/xar/issues/detail?id=73#c0
  • 10.16.39 - CVE: CVE-2010-1122
  • Platform: Cross Platform
  • Title: Mozilla Firefox Remote Memory Corruption
  • Description: Mozilla Firefox is a browser available for various platforms. The application is exposed to a remote memory corruption issue that stems from an unspecified error. This issue may be related to the handling of compressed data; however, this has not been confirmed. Mozilla Firefox versions 3.5 through 3.5.8 are affected.
  • Ref: https://bugzilla.mozilla.org/show_bug.cgi?id=555139
  • 10.16.40 - CVE: CVE-2010-1182
  • Platform: Cross Platform
  • Title: IBM WebSphere Application Server for z/OS Admin Console Unspecified Security Vulnerabilities
  • Description: IBM WebSphere Application Server is a web server. The application is exposed to multiple issues that affect the Administrative Console. IBM WebSphere Application Server for z/OS versions prior to 7.0.0.9 are affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM09161
  • 10.16.41 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM WebSphere Portal Login Unspecified Security
  • Description: IBM WebSphere Application Server is a web server. IBM WebSphere Portal is exposed to an unspecified issue that affects the login process. IBM WebSphere Portal version 6.1.0.2 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=swg1PM08667
  • 10.16.42 - CVE: Not Available
  • Platform: Cross Platform
  • Title: IBM Systems Director Agent Insecure File Permissions Vulnerabilities
  • Description: IBM Director Agent is an application used to view, monitor and control systems from its Web interface. IBM Director Agent is exposed to a security issue because it sets insecure file permissions. Specifically the "diruninstall" and "wcitinst" scripts are set to world executable permission. IBM Systems Director Agent version 6.1.2 is affected.
  • Ref: http://www-01.ibm.com/support/docview.wss?uid=isg1PM08236
  • 10.16.43 - CVE: CVE-2010-1238
  • Platform: Cross Platform
  • Title: MoinMoin "TextCha" Protection Security Bypass
  • Description: MoinMoin is a freely available, open source wiki written in Python. It is available for UNIX and Linux platforms. TextCha is a variety of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) based on text based questions. MoinMoin is exposed to a security bypass issue that affects the "TextCha" feature. MoinMoin version 1.7.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39327
  • 10.16.44 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Jzip ZIP File Remote Buffer Overflow
  • Description: Jzip is a file compression/extraction application. The application is exposed to a remote buffer overflow issue because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted ZIP files. Jzip version 1.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39326
  • 10.16.45 - CVE: Not Available
  • Platform: Cross Platform
  • Title: AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
  • Description: AjaXplorer is a remote file management application. The application is exposed to multiple issues: A command injection issue because it fails to adequately sanitize user-supplied input data and a local file disclosure issue because it fails to adequately sanitize user-supplied input data. AjaXplorer versions prior to 2.6 are affected.
  • Ref: http://www.ajaxplorer.info/wordpress/2010/04/ajaxplorer-2-6-security-ajaxplorer-
    2-7-1-early-beta-for-3-0/
  • 10.16.46 - CVE: CVE-2009-1564, CVE-2009-1565, CVE-2010-1141,CVE-2010-1140, CVE-2009-3732, CVE-2009-3707, CVE-2010-1138,CVE-2010-1139, CVE-2010-1142
  • Platform: Cross Platform
  • Title: VMware Hosted Products VMSA-2010-0007 Multiple Remote Vulnerabilities
  • Description: VMware hosted products are exposed to multiple remote issues. A remote arbitrary code execution issue exists in VMware Tools in the way VMware libraries are referenced. A privilege escalation issue exists in VMware Tools that may allow local attacker to execute arbitrary code with the privileges of another user. A privilege escalation issue exists in the USB service. Multiple heap-based buffer overflow issues in VMware VMnc Codec may result in an arbitrary code execution. A format string issue in the VMware Remote Console (VMrc) may result in an arbitrary code execution. A remote denial of service issue exists in "vmware-authd". An information disclosure issue exists in the virtual networking stack of VMware hosted products. A format string issue in "vmrun" may result in an arbitrary code execution.
  • Ref: http://www.securityfocus.com/bid/39345
  • 10.16.47 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Fujitsu Accela BizSearch Unspecified Search Result Information Disclosure
  • Description: Fujitsu Accela BizSearch is exposed to an unspecified information disclosure issue due to an unspecified error that may allow attackers gain access to files through the search results. eAccela BizSearch version 1.0, eAccela BizSearch version 2.0, eAccela BizSearch version 2.1, Accela BizSearch version 3.0, Accela BizSearch version 3.1, IntelligentSearch for WindowsNT 2.0L10 and IntelligentSearch for WindowsNT 2.0L20 are affected.
  • Ref: http://www.securityfocus.com/bid/39350
  • 10.16.48 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Aladdin eToken PKI Client ETV File Remote Code Execution
  • Description: Aladdin eToken PKI Client facilitates eToken USB operations which allow PKI keys and digital certificates to be generated, stored and used on board a smart card-based eToken device. The application is exposed to a remote code execution issue that occurs when handling specially crafted ETV files and likely occurs because the application fails to perform boundary checks prior to copying user-supplied data to process buffers. Aladdin eToken PKI Client version 4.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39370
  • 10.16.49 - CVE: Not Available
  • Platform: Cross Platform
  • Title: F-Secure Multiple Products Scan Evasion Vulnerabilities
  • Description: F-Secure products provide antivirus protection for various platforms. Multiple F-Secure products are exposed to issues that may allow certain compressed archives to bypass the scan engine. Specifically, the 7Z, GZIP, CAB or RAR archive files may remain undetected.
  • Ref: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html
  • 10.16.50 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Irssi Denial of Service and SSL Hostname Verification Security Bypass Vulnerabilities
  • Description: Irssi is an IRC client available for multiple operating systems. Irssi is exposed to multiple remote issues. An unspecified denial of service issue amd a security bypass issue that affects the hostname of the server when using SSL connections. Irssi versions prior to 0.8.15 are affected.
  • Ref: http://www.irssi.org/news
  • 10.16.51 - CVE: CVE-2009-4511, CVE-2009-4510, CVE-2009-4509
  • Platform: Cross Platform
  • Title: TANDBERG Video Communication Server Multiple Remote Vulnerabilities
  • Description: TANDBERG Video Communication Server is a Linux-based appliance which supports video communication. The device is exposed to multiple remote issues. A file disclosure issue affects the "page" parameter of the "helppage.php" script. A security issue occurs because the device is deployed with the default DSA key pair and fails to generate a new key when the device is installed. An authentication bypass issue affects the "secure.php" script. Firmware versions prior to TANDBERG Video Communication Server 5.1.1 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510654
  • 10.16.52 - CVE: CVE-2010-1141
  • Platform: Cross Platform
  • Title: VMware Hosted Products VMware Tools Library Reference Remote Code Execution
  • Description: Multiple VMware products are exposed to a remote code execution issue that exists in VMware Tools. This issue occurs because VMware Tools fails to properly reference certain libraries.
  • Ref: http://www.securityfocus.com/bid/39392
  • 10.16.53 - CVE: CVE-2010-1142
  • Platform: Cross Platform
  • Title: VMware Hosted Products VMware Tools Local Privilege Escalation
  • Description: Multiple VMware products are exposed to a local privilege escalation issue that affects VMware Tools. This issue occurs when handling a malicious executable.
  • Ref: http://www.securityfocus.com/bid/39394
  • 10.16.54 - CVE: CVE-2010-1138
  • Platform: Cross Platform
  • Title: VMware Hosted Products "vmware-vmx" Virtual Network Stack Information Disclosure
  • Description: Multiple VMware-hosted products are exposed to an information disclosure issue in the virtual networking stack.
  • Ref: http://www.vmware.com/security/advisories/VMSA-2010-0007.html
  • 10.16.55 - CVE: CVE-2009-3732
  • Platform: Cross Platform
  • Title: VMware Remote Console "connect" Method Remote Format String
  • Description: VMware Remote Console is a browser plugin available for Microsoft Internet Explorer and Mozilla Firefox. It provides remote access to virtual machines. The plugin is exposed to a remote format string issue because it fails to sufficiently sanitize user-supplied input to the "host" parameter of the "connect" method provided by the plugin.
  • Ref: http://dsecrg.com/pages/vul/show.php?id=153
  • 10.16.56 - CVE: Not Available
  • Platform: Cross Platform
  • Title: Trend Micro Internet Security Toolbar Denial of Service
  • Description: Trend Micro Internet Security is a security application. It ships with the Trend Micro Toolbar for Mozilla Firefox and Microsoft Internet Explorer. Trend Micro Internet Security is exposed to a denial of service issue that affects the Trend Micro Toolbar plugin when processing overly long URIs. Trend Micro Toolbar version 1.6.0 running in Microsoft Internet Explorer 8 and Mozilla Firefox 3.6.3 are affected.
  • Ref: http://krebsonsecurity.com/2010/04/trendmicro-toolbar-long-url-fail/
  • 10.16.57 - CVE: CVE-2010-1139
  • Platform: Cross Platform
  • Title: VMware "vmrun" Local Privilege Escalation
  • Description: Multiple VMware products are exposed to a local privilege escalation issue that arises due to a format string issue in the "vmrun" application. An attacker may exploit this issue by crafting a malicious process on a vulnerable computer and waiting for a user to run "vmrun" and list processes. VMware VIX API, Workstation, Player, Server, and Fusion are affected.
  • Ref: http://www.securityfocus.com/bid/39407
  • 10.16.58 - CVE: CVE-2010-0195
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader Embedded Font Handling Remote Code Execution
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Acrobat and Reader are exposed to a remote code execution issue that occurs when processing embedded font data contained in a crafted PDF document. Affected versions: Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and prior for Windows and Macintosh; Adobe Reader 8.2.1 and prior for Windows and Macintosh; Acrobat 8.2.1 and prior for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.16.59 - CVE: CVE-2010-0852
  • Platform: Cross Platform
  • Title: Oracle DatabaseRemote XML DB
  • Description: Oracle Database is exposed to a remote issue in XML DB. The issue can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create Session" privileges. This vulnerability affects the following supported versions: 9.2.0.8, 9.2.0.8DV, 10.1.0.5 and 10.2.0.3.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.60 - CVE: CVE-2010-0870
  • Platform: Cross Platform
  • Title: Oracle Database Remote Change Data Capture
  • Description: Oracle Database is exposed to a remote issue in Change Data Capture. The issue can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Execute on SYS.DBMS_CDC_PUBLISH" privileges. The issue affects the following supported versions: 9.2.0.8 and 9.2.0.8DV.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.61 - CVE: CVE-2010-0868
  • Platform: Cross Platform
  • Title: Oracle E-Business Suite Oracle iStore Remote
  • Description: The Oracle E-Business Suite is exposed to a remote issue in Oracle iStore. The issue can be exploited over the "HTTP" protocol. An attacker does not require privileges to exploit this issue. This issue affects the following supported versions: 11.5.10.2, 12.0.6 and 12.1.2.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.62 - CVE: CVE-2010-0880
  • Platform: Cross Platform
  • Title: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne PeopleTools
  • Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are exposed to a remote issue in PeopleTools. The issue can be exploited over the "HTTP" protocol. This issue affects the following supported versions: 8.49.26 and 8.50.07.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 11.2.0.1.0 - CVE: CVE-2010-086711.1.0.7 and
  • Platform: Cross Platform
  • Title: Oracle Database Remote JavaVM
  • Description: Oracle Database is exposed to a remote issue in JavaVM. The issue can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "Create Session" privileges. This vulnerability affects the following supported versions: 10.2.0.4,
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.65 - CVE: CVE-2010-0854
  • Platform: Cross Platform
  • Title: Oracle Database Remote Audit
  • Description: Oracle Database is exposed to a remote issue in Audit. The issue can be exploited over the "Oracle Net" protocol. For an exploit to succeed, the attacker must have "SELECT, INSERT or DELETE on tables subject to auditing" privileges. This issue affects the following supported versions: 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4 and 11.1.0.7.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.66 - CVE: CVE-2010-0877
  • Platform: Cross Platform
  • Title: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne PeopleTools
  • Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are exposed to a remote issue in PeopleTools. The issue can be exploited over the "HTTP" protocol. This vulnerability affects the following supported versions: 8.49.26 and 8.50.07.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.67 - CVE: CVE-2010-0865
  • Platform: Cross Platform
  • Title: Oracle E-Business Suite Oracle Agile Engineering Data Management Remote
  • Description: Oracle E-Business Suite is exposed to a remote issue in Oracle Agile Engineering Data Management. The issue can be exploited over the "HTTP" protocol. This vulnerability affects the following supported versions: 6.1.1.0.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.69 - CVE: CVE-2010-0878
  • Platform: Cross Platform
  • Title: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne PeopleTools
  • Description: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are exposed to a remote issue in PeopleTools. For an exploit to succeed, the attacker must have "Valid Session" privileges. This vulnerability affects the following supported versions: 8.49.26 and 8.50.07.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.71 - CVE: CVE-2010-0871
  • Platform: Cross Platform
  • Title: Oracle E-Business Suite Oracle Application Object Library Remote
  • Description: Oracle E-Business Suite is prone to a remote vulnerability in Oracle Application Object Library. The issue can be exploited over the "HTTP" protocol. Oracle E-Business Suite versions 11.5.10.2, 12.0.6, and 12.1.2 are affected.
  • Ref: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
    10.html
  • 10.16.72 - CVE: CVE-2010-0194
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader X3D Component Remote Code Execution
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Acrobat and Reader are exposed to a remote code execution issue that occurs due to a memory corruption in the "3difr.x3d" X3D component when displaying 3D content. Affected versions: Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and prior for Windows and Macintosh; Adobe Reader 8.2.1 and prior for Windows and Macintosh; Acrobat 8.2.1 and prior for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.16.73 - CVE: CVE-2010-1241
  • Platform: Cross Platform
  • Title: Adobe Acrobat and Reader "CoolType.dll" Remote Code Execution
  • Description: Adobe Reader and Acrobat are applications for handling PDF files. Adobe Acrobat and Reader are exposed to a remote code execution issue. Specifically, the issue occurs due to a heap-based buffer overflow in the "CoolType.dll" component. Affected versions: Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 and prior for Windows and Macintosh; Adobe Reader 8.2.1 and prior for Windows and Macintosh; Acrobat 8.2.1 and prior for Windows and Macintosh.
  • Ref: http://www.adobe.com/support/security/bulletins/apsb10-09.html
  • 10.16.74 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Drupal Internationalization Module Cross-Site Scripting Vulnerabilities
  • Description: The Internationalization module for Drupal gives sites the ability to localize content. The module is exposed to multiple unspecified cross-site scripting issues because it fails to properly sanitize user-supplied input related to user-defined strings being translated with the module.
  • Ref: http://drupal.org/node/764998
  • 10.16.75 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Istgah For Centerhost "view_ad.php" Cross-Site Scripting
  • Description: Istgah for Centerhost is an application for managing website advertisements. The application is exposed to a cross-site scripting issue because it fails to properly sanitize user-supplied input. Specifically, the "id" parameter of the "view_ad.php" script is vulnerable.
  • Ref: http://www.securityfocus.com/bid/39330
  • 10.16.76 - CVE: Not Available
  • Platform: Web Application - Cross Site Scripting
  • Title: Almas Compiere Unspecified Cross-Site Scripting
  • Description: Almas Compiere is an enterprise resource planning application implemented in JSP. The application is exposed to an unspecified cross-site scripting issue because it fails to sanitize user-supplied input. Compiere version J300_A02 is affected.
  • Ref: http://jvn.jp/en/jp/JVN57963254/index.html
  • 10.16.77 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: MODx Evolution Cross-Site Scripting and SQL Injection Vulnerabilities
  • Description: MODx Evolution is a PHP-based content management application. The application is exposed to multiple issues because it fails to sanitize user-supplied input. A cross-site scripting issue exists in the SearchHighlight plugin. An SQL injection issue exists in WebLogin. MODx Evolution versions prior to 1.0.3 are affected.
  • Ref: http://jvn.jp/en/jp/JVN19774883/index.html
  • 10.16.78 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: Simple Gallery "cid" Parameter SQL Injection
  • Description: Simple Gallery is a PHP-based image gallery application. Simple Gallery is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "cid" parameter before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39358
  • 10.16.79 - CVE: Not Available
  • Platform: Web Application - SQL Injection
  • Title: xbtit "functions.php" SQL Injection
  • Description: xbtit is a tracking system for BitTorrent. It is implemented in PHP. The application is exposed to an SQL injection issue because it fails to sufficiently sanitize user-supplied data to the "uid" parameter of the "functions.php" script before using it in an SQL query.
  • Ref: http://www.securityfocus.com/bid/39372
  • 10.16.80 - CVE: Not Available
  • Platform: Web Application
  • Title: MediaWiki Cross-Site Request Forgery
  • Description: MediaWiki is a PHP-based wiki application. MediaWiki is exposed to a cross-site request forgery issue that occurs because the applications allow attackers to perform certain actions using an HTTP request, without validating the request. MediaWiki versions prior to 1.15.3 are affected.
  • Ref: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
  • 10.16.81 - CVE: Not Available
  • Platform: Web Application
  • Title: PotatoNews "nid" Parameter Multiple Local File Include Vulnerabilities
  • Description: PotatoNews is a PHP-based application for authoring news. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input to the "nid" parameter of the following scripts: "newcopy/timeago.php" and "update/timeago.php". PotatoNews version 1.0.2 is affected.
  • Ref: http://www.securityfocus.com/bid/39276
  • 10.16.82 - CVE: Not Available
  • Platform: Web Application
  • Title: FreePHPWebsiteSoftware "default_theme.php" Remote File Include
  • Description: FreePHPWebsiteSoftware is a PHP-based web application. The application is exposed to a remote file include issue because it fails to properly sanitize user-supplied input to the "phpincdir" parameter of the "default_theme.php" script. FreePHPWebsiteSoftware version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39280
  • 10.16.83 - CVE: Not Available
  • Platform: Web Application
  • Title: vel File Uploader Remote File Upload
  • Description: vel File Uploader is a PHP-based file upload application. The application is exposed to a remote file upload issue because it fails to sufficiently sanitize user-supplied input to the upload feature of the application. vel File Uploader version 1.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39294
  • 10.16.84 - CVE: Not Available
  • Platform: Web Application
  • Title: n-cms-equipe Multiple Local File Include Vulnerabilities
  • Description: n-cms-equipe is a PHP-based application for content management. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input to the following scripts and parameters: "body.php": "page" and "includs.php": "tData[name]". n-cms-equipe version 1.1C-Debug is affected.
  • Ref: http://www.securityfocus.com/bid/39298
  • 10.16.85 - CVE: Not Available
  • Platform: Web Application
  • Title: Plume CMS Multiple Local File Include Vulnerabilities
  • Description: Plume CMS is a PHP-based application for content management. The application is exposed to local file include issues because it fails to properly sanitize user-supplied input. Plume CMS version 1.2.4 is affected.
  • Ref: http://www.securityfocus.com/bid/39299
  • 10.16.86 - CVE: Not Available
  • Platform: Web Application
  • Title: Drupal Views Module Cross-Site Scripting and PHP Code Injection Vulnerabilities
  • Description: Views is a module for Drupal content manager. The module provides a flexible method for Drupal site designers to control how lists and tables of content are presented. The application is exposed to multiple issues. Multiple cross-site scripting issues affect certain unspecified parameters that are used in an Ajax callback request. A cross-site scripting issue that occurs due to improper validation of file descriptions. A PHP-code injection issue that exists in the application that can be exploited by users with "Administer views" permissions via the views import feature. Views versions prior to 5.x-1.7 and 6.x-2.9 are affected.
  • Ref: http://drupal.org/node/765022
  • 10.16.87 - CVE: Not Available
  • Platform: Web Application
  • Title: TCPDF "params" Attribute Remote Code Execution Weakness
  • Description: TCPDF is a PHP class for generating PDF documents. TCPDF is exposed to a security weakness that may allow attackers to execute arbitrary code. This issue occurs when parsing a callback element. Specifically, the application fails to sanitize user-supplied input to the "param" attributes in an "eval()" statement located in the "tcpdf.php" script. TCPDF versions prior to 4.9.006 are affected.
  • Ref: http://www.securityfocus.com/archive/1/510592
  • 10.16.88 - CVE: Not Available
  • Platform: Web Application
  • Title: Smileys Module For Drupal Delete URI Cross-Site Request Forgery
  • Description: Smileys is an emoticon module for the Drupal content manager. Smileys is exposed to a cross-site request forgery issue that affects the delete smileys URI. Smileys versions prior to 5.x-1.2 and Smileys versions 6.x-1.0-alpha5 and earlier are affected.
  • Ref: http://drupal.org/node/765000
  • 10.16.89 - CVE: Not Available
  • Platform: Web Application
  • Title: AWD Solution AWDwall Component for Joomla! "controller" Parameter Local File Include
  • Description: AWD Solution AWDwall is a component for the Joomla! content manager. The application is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_awdwall" component. AWDwall version 1.5.4 is affected.
  • Ref: http://www.securityfocus.com/bid/39331
  • 10.16.90 - CVE: Not Available
  • Platform: Web Application
  • Title: givesight PowerMail Pro Component for Joomla! Local File Include
  • Description: The PowerMail Pro (com_powermail) application is a mail component for the Joomla! content manager. The component is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter of the "com_powermail" component. PowerMail Pro version 1.5.3 is affected.
  • Ref: http://www.securityfocus.com/bid/39348
  • 10.16.91 - CVE: Not Available
  • Platform: Web Application
  • Title: Nodesforum Multiple Remote File Include Vulnerabilities
  • Description: Nodesforum is a web-based application developed in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input to the following scripts and parameters: "erase_user_data.php":"_nodesforum_path_from_here_to_nodesforum_folder" and "pre_output.php":"_nodesforum_code_path". Nodesforum version 1.033 is affected.
  • Ref: http://www.securityfocus.com/bid/39359
  • 10.16.92 - CVE: Not Available
  • Platform: Web Application
  • Title: JProject Manager Joomla! Component "controller" Parameter Local File Include
  • Description: JProject Manager is a project management component for the Joomla! content manager. JProject Manager is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "controller" parameter. JProject Manager version 1.0 is affected.
  • Ref: http://www.securityfocus.com/bid/39383
  • 10.16.93 - CVE: Not Available
  • Platform: Web Application
  • Title: AlphaUserPoints Joomla! Component "view" Parameter Local File Include
  • Description: AlphaUserPoints is a PHP-based component for the Joomla! content manager. AlphaUserPoints is exposed to a local file include issue because it fails to properly sanitize user-supplied input to the "view" parameter of the "com_alphauserpoints" component before using it in an SQL query. AlphaUserPoints version 1.5.5 is affected.
  • Ref: http://www.securityfocus.com/bid/39393
  • 10.16.94 - CVE: Not Available
  • Platform: Web Application
  • Title: MyBB "set_common_header()" Email BCC Header Injection
  • Description: MyBB (MyBulletinBoard) is a PHP-based bulletin board application. MyBB is exposed to an issue that may allow attackers to inject arbitrary BCC headers into emails sent to MyBB users. This issue results from a lack of input validation and arises in the "set_common_header()" method. MyBB versions prior to 1.4.12 are affected.
  • Ref: http://www.sektioneins.com/en/advisories/advisory-012010-mybb-password-reset-ema
    il-bcc-injection-vulnerability/
  • 10.16.96 - CVE: CVE-2010-0993
  • Platform: Web Application
  • Title: Pulse CMS Arbitrary File Upload
  • Description: Pulse CMS is a PHP-based web application. The application is exposed to an issue that lets attackers upload arbitrary files because it fails to adequately sanitize user-supplied files before uploading them onto the web server. Pulse CMS versions prior to 1.2.4 are affected.
  • Ref: http://secunia.com/secunia_research/2010-47/
  • 10.16.97 - CVE: Not Available
  • Platform: Web Application
  • Title: Blog System Multiple Input Validation Vulnerabilities
  • Description: Blog System is a PHP-based blogging application. The application is exposed to multiple issues. A local file-include issue that affects the "action" parameter of the "admin/index.php" script. Multiple SQL injection issues that affects the "username" and "password" fields of the "index.php" script. A cross-site scripting issue that affects the "action" parameter of the "admin/index.php" script. Blog System versions 1.5 and earlier are affected.
  • Ref: http://www.securityfocus.com/bid/39406
  • 10.16.98 - CVE: Not Available
  • Platform: Web Application
  • Title: FusionForge Multiple Remote File Include Vulnerabilities
  • Description: FusionForge is a web-based application developed in PHP. The application is exposed to multiple remote file include issues because it fails to sufficiently sanitize user-supplied input.
  • Ref: http://www.securityfocus.com/bid/39411
  • 10.16.99 - CVE: Not Available
  • Platform: Web Application
  • Title: openUrgence Vaccin Multiple Local and Remote File Include Vulnerabilities
  • Description: openUrgence Vaccin is a web-based emergency response application. The application is exposed to multiple input validation issues. An attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. openUrgence Vaccin version 1.03 is affected.
  • Ref: http://www.securityfocus.com/bid/39412
  • 10.16.100 - CVE: Not Available
  • Platform: Web Application
  • Title: openMairie openMaincourante Local and Remote File Include Vulnerabilities
  • Description: openMairie openMaincourante is a web-based emergency response application implemented in PHP. The application is exposed to multiple input validation issues. An attacker can exploit these issues to obtain sensitive information or execute malicious PHP code in the context of the web server process. openMairie openMaincourante 1.01beta is vulnerable; other versions may also be affected.
  • Ref: http://www.securityfocus.com/bid/39413
  • 10.16.101 - CVE: Not Available
  • Platform: Web Application
  • Title: Vana CMS "filename" Parameter Remote File Download
  • Description: Vana CMS is a content management application implemented in PHP. The application is exposed to an issue that lets attackers download arbitrary files. The issue occurs because the application fails to sufficiently sanitize user-supplied input to the "filename" parameter of the "download.php" script.
  • Ref: http://www.securityfocus.com/bid/39415
  • 10.16.102 - CVE: Not Available
  • Platform: Network Device
  • Title: Edimax AR-7084gA Wireless ADSL Router Cross-Site Request Forgery
  • Description: The Edimax AR-7084gA wireless ADSL router is exposed to a cross-site request forgery issue. The appliance allows users to perform HTTP requests without performing sufficient validity checks. Specifically, the "/Forms/adv_nat_virsvr_1" script is affected. Edimax AR-7084gA running firmware version 2.9.8.1 is affected.
  • Ref: http://www.securityfocus.com/bid/39349
  • 10.16.103 - CVE: CVE-2010-1140
  • Platform: Network Device
  • Title: VMware Hosted Products USB Service Local Privilege Escalation
  • Description: Multiple VMware products are exposed to a local privilege escalation issue that affects the USB service. This issue occurs when handling a malicious executable.
  • Ref: http://www.securityfocus.com/bid/39397

(c) 2010. All rights reserved. The information contained in this newsletter, including any external links, is provided "AS IS," with no express or implied warranty, for informational purposes only. In some cases, copyright for material in this newsletter may be held by a party other than Qualys (as indicated herein) and permission to use such material must be requested from the copyright owner.

Subscriptions: @RISK is distributed free of charge by the SANS Institute to people responsible for managing and securing information systems and networks. You may forward this newsletter to others with such responsibility inside or outside your organization.

It's very dynamic and I will be able to apply what I learned directly into my area of work.
-Wagner Nascimento, eBay, Inc.

Forensics 585

Latest Whitepapers

Building and Maintaining a "Certifiable" Workforce
By Robert J. Mavretich

How Can You Build and Leverage SNORT IDS Metrics to Reduce Risk?
By Tim Proffitt

Daisy Chain Authentication
By Courtney Imbert

Latest Tweets

NEW #SANS Survey: Security Analytics & Intelligence 2nd [...]
October 1, 2013 - 6:30 PM

Tips on how to convince your boss to let you train online wi [...]
October 1, 2013 - 6:23 PM

#2 Tip on how 2 convince your boss 2 let u train online: Fle [...]
October 1, 2013 - 3:00 PM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"It was a great learning experience that helped open my eyes wider. The instructor's knowledge was fantastic."
- Manuja Wikesekera, Melbourne Cricket Club

"The amount of knowledge conveyed and technical diving by practical hands-on was well balanced."
- Aaron Moore, Maricopa County

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd