Section: .. / 0701-advisories /
| /// File Name: |
01.05.07-1.txt |
Description:
|
iDefense Security Advisory 01.05.07 - Remote exploitation of a typecasting bug in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A flaw exists within Opera's Javascript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call. iDefense has confirmed the existence of this vulnerability in Opera version 9.02 on both Windows and Linux. Previous versions may also be affected.
| | Homepage: | http://www.idefense.com/ | | File Size: | 2979 | | Last Modified: | Jan 6 19:53:21 2007 |
| MD5 Checksum: | 8b6c9045a44515e5e1faa59cb9858d6e |
|
| /// File Name: |
01.05.07-2.txt |
Description:
|
iDefense Security Advisory 01.05.07 - Remote exploitation of a heap overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code in the security context of the current user. The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially user controlled data. iDefense has confirmed the existence of this vulnerability in Opera version 9.02 on both Windows and Linux. Previous versions may also be affected.
| | Author: | Christoph Diehl | | Homepage: | http://www.idefense.com/ | | File Size: | 2940 | | Last Modified: | Jan 6 19:54:05 2007 |
| MD5 Checksum: | baa00e3119c312f9f99f074d96592fd7 |
|
| /// File Name: |
01.05.07-3.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of a DoS vulnerability in Kaspersky Lab's Antivirus could allow an attacker to cause a denial of service (DoS) condition. Kaspersky Antivirus is vulnerable to a DoS condition when processing a specially crafted PE (portable executable) file. One of the headers in a PE file is the Optional Windows Header section. This section of the PE header contains information needed by the Windows linker and loader. An invalid value for the 'NumberOfRvaAndSizes' field will cause Kaspersky to repeatedly seek and read from the same section of the file in an endless loop. iDefense has confirmed the existence of this vulnerability in Kaspersky Labs Antivirus Engine version 6.0 for Windows and 5.5-10 for Linux. Previous versions may also be affected. Any products that use the scanning engine are also affected. This includes the Kaspersky mail gateway scanner.
| | Homepage: | http://www.idefense.com/ | | File Size: | 3341 | | Last Modified: | Jan 13 15:39:15 2007 |
| MD5 Checksum: | e94b06fe993ddfc575e800ea163fe0d9 |
|
| /// File Name: |
01.09.07-1.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an integer overflow vulnerability in the Vector Markup Language (VML) support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. This vulnerability exists due to insufficient input validation within vgx.dll. Two integer properties are multiplied together and no overflow check is performed. This could allow an attacker to force a memory allocation of a smaller amount of memory than is required. When copying user supplied data into the newly allocated memory, it is possible to overwrite a function pointer stored on the heap, which leads to the execution of arbitrary code. iDefense testing shows that Internet Explorer 6.0 bundled with Windows XP SP2 with all available security patches is vulnerable. Other versions of Internet Explorer, including those with all security updates applied, are also vulnerable. Older versions of Internet Explorer may also vulnerable.
| | Author: | Joseph Moti | | Homepage: | http://www.idefense.com/ | | File Size: | 6051 | | Related CVE(s): | CVE-2007-0024 | | Last Modified: | Jan 13 18:11:44 2007 |
| MD5 Checksum: | f543d3cdd73135d2005868db2ff261af |
|
| /// File Name: |
01.09.07-2.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an input validation error in Microsoft Corp.'s Excel spreadsheet application may allow the execution of arbitrary code. The vulnerability specifically exists in the handling of out of range values in the column field in several BIFF8 record types. By supplying an invalid Column field to one of these records, it is possible to cause the system to reference arbitrary memory. This can be exploited to gain control of the application. iDefense has confirmed the existence of this vulnerability in Microsoft Excel 2003 with all available service packs and security patches. Previous versions of Excel are also likely to be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3592 | | Related CVE(s): | CVE-2007-0030 | | Last Modified: | Jan 13 18:12:43 2007 |
| MD5 Checksum: | c945d2c67565f2f00021d2ba7a2fb23b |
|
| /// File Name: |
01.09.07-3.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an heap-based buffer overflow vulnerability in Microsoft Corp.'s Excel spreadsheet application format could allow an attacker to execute arbitrary code in the context of the user who started Excel. The vulnerability specifically exists in the handling of the PALETTE record in BIFF8 format spreadsheet files. By supplying a record with too many entries, an exploitable buffer overflow condition can occur. iDefense Labs have confirmed the existence of this vulnerability in Microsoft Excel 2003 with all service packs and security updates. Previous versions of Excel are also likely to be affected.
| | Author: | Greg MacManus | | Homepage: | http://www.idefense.com/ | | File Size: | 3556 | | Related CVE(s): | CVE-2007-0031 | | Last Modified: | Jan 13 18:13:22 2007 |
| MD5 Checksum: | b697242b10efb9f07727d46a7dc0e0ae |
|
| /// File Name: |
01.09.07-4.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcRenderAddGlyphs" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the Render extension. Insufficient input validation exists when allocating memory for glyph management data structures. By sending a specially crafted X protocol request to the Render extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3838 | | Related CVE(s): | CVE-2006-6101 | | Last Modified: | Jan 13 18:14:26 2007 |
| MD5 Checksum: | 58f1b377154c664ff20c4e5ac63ae3f5 |
|
| /// File Name: |
01.09.07-5.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeGetVisualInfo" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3805 | | Related CVE(s): | CVE-2006-6102 | | Last Modified: | Jan 13 18:15:13 2007 |
| MD5 Checksum: | 70e776227a788fae7556c58ef15b513c |
|
| /// File Name: |
01.09.07-6.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeSwapBuffers" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3801 | | Related CVE(s): | CVE-2006-6103 | | Last Modified: | Jan 13 18:16:02 2007 |
| MD5 Checksum: | f15f19e7ca3481033d4ad4f50c3ef6ce |
|
| /// File Name: |
01.09.07-7.txt |
Description:
|
iDefense Security Advisory - Remote exploitation of an input validation vulnerability in Adobe Systems Inc.'s Macromedia ColdFusion MX 7 may allow an attacker to view file contents on the server. The vulnerability specifically exists in that URL encoded filenames will be decoded by the IIS process and then again by the ColdFusion process. By supplying a URL containing a double encoded null byte and an extension handled by ColdFusion, such as '.cfm', it is possible to view the contents of any file which is not interpreted by ColdFusion. iDefense has confirmed this vulnerability exists in Adobe Macromedia ColdFusion MX 7.0.2, with all available fixes, running on Microsoft IIS vulnerable.
| | Author: | Inge Henriksen | | Homepage: | http://www.idefense.com/ | | File Size: | 3388 | | Related CVE(s): | CVE-2006-5858 | | Last Modified: | Jan 13 18:25:20 2007 |
| MD5 Checksum: | fc089d0555031a2014f12186d0d2c577 |
|
| /// File Name: |
01.26.07.txt |
Description:
|
CHM files contain various tables and objects stored in "pages." When parsing a page of objects, CHMlib passes an unsanitized value from the file to the alloca() function. This allows an attacker to shift the stack pointer to point to arbitrary locations in memory. Consequently it is possible to write arbitrary data from the file to arbitrary memory locations. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code with the permissions of the user viewing the file. An attacker would have to first convince the user to view the CHM file through some type of social engineering. iDefense has confirmed the existence of this vulnerability in CHMlib version 0.38.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 2790 | | Last Modified: | Jan 26 23:36:20 2007 |
| MD5 Checksum: | eae5775da2f691edeea7b2a245121c02 |
|
| /// File Name: |
20070109EN.txt |
Description:
|
Sina UC ActiveX is susceptible to multiple remote stack overflow vulnerabilities.
| | Author: | Sowhat | | Homepage: | http://secway.org/ | | File Size: | 5023 | | Last Modified: | Jan 13 17:57:41 2007 |
| MD5 Checksum: | 84fdbc109494f0bd89a7b8e21bc97670 |
|
| /// File Name: |
2007_firepass.pdf |
Description:
|
Multiple cross site scripting, filter bypass, and information disclosure vulnerabilities exist in the F5 FirePass SSL VPN.
| | Author: | Michael Ligh, Greg Sinclair | | Homepage: | http://mnin.org/ | | File Size: | 131466 | | Last Modified: | Jan 13 16:06:06 2007 |
| MD5 Checksum: | 0c46d3878a3f7d7d800b63f62a85644d |
|
| /// File Name: |
4tphi-sa-20070111-communityserver.t..> |
Description:
|
The Telligent Community Server versions 2.1 and below suffer from a remote denial of service condition.
| | Author: | Blake Matheny | | File Size: | 2773 | | Last Modified: | Jan 26 21:57:26 2007 |
| MD5 Checksum: | e009707e3d4cbcbed0dfda7184e1eb7a |
|
| /// File Name: |
4tphi-sa-20070111-pingback.txt |
Description:
|
The pingback specification suffers from a weakness.
| | Author: | Blake Matheny | | File Size: | 4575 | | Last Modified: | Jan 26 21:55:07 2007 |
| MD5 Checksum: | 37a2fb39bde3c981a1a74ef0d7f341ad |
|
| /// File Name: |
4tphi-sa-20070111-wordpress.txt |
Description:
|
WordPress suffers from a resource consumption issue.
| | Author: | Blake Matheny | | File Size: | 4515 | | Last Modified: | Jan 26 21:56:22 2007 |
| MD5 Checksum: | bc79ffa791e8305720d65671b89461dc |
|
| /// File Name: |
AD20070108.txt |
Description:
|
There is a DACL weakness that exists in the HP all-in-one products drivers, which can be exploited by malicious, local users to gain escalated privileges.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 2953 | | Last Modified: | Jan 13 16:54:41 2007 |
| MD5 Checksum: | 06f847963f002265d63e30368df39701 |
|
| /// File Name: |
advisory-20070109-1.txt |
Description:
|
KDE Security Advisory - On 2006-12-27, a proof of concept for arbitrary code execution in ksirc was published by Federico L. Bossi Bonin. The published exploit triggers an assertion in ksirc and results in a a NULL pointer dereference (crash) for non-debug builds.
| | Homepage: | http://www.kde.org/ | | File Size: | 1176 | | Related CVE(s): | CVE-2006-6811 | | Last Modified: | Jan 13 17:58:56 2007 |
| MD5 Checksum: | 73ea504d4316742e96a7fb34d2963443 |
|
| /// File Name: |
advisory-20070115-1.txt |
Description:
|
KDE Security Advisory - kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause denial of service (infinite loop) via a PDF file that contains a crafted catalog dictionary or a crafted Pages attribute that references an invalid page tree node.
| | Homepage: | http://www.kde.org/ | | File Size: | 1623 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 19 19:34:01 2007 |
| MD5 Checksum: | 95c0d517b8844c6347f9d9e5a09bbab7 |
|
| /// File Name: |
advisory_012007.140.txt |
Description:
|
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to a cross site scripting vulnerability.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 3554 | | Last Modified: | Jan 6 19:34:22 2007 |
| MD5 Checksum: | 70bfd73413a7698ef03e25ec68a65aee |
|
| /// File Name: |
advisory_022007.141.txt |
Description:
|
Hardened PHP Project Security Advisory - WordPress versions 2.0.5 and below are susceptible to SQL injection and arbitrary PHP code execution vulnerabilities.
| | Author: | Stefan Esser | | Homepage: | http://www.hardened-php.net/ | | File Size: | 4881 | | Last Modified: | Jan 6 19:35:14 2007 |
| MD5 Checksum: | 1979b7121a3b4caad532914c3f3c4ce2 |
|
| /// File Name: |
atmel-exec.txt |
Description:
|
ATMEL WLAN drivers version 3.4.1.1 suffer from arbitrary code execution flaws.
| | Author: | sapheal | | File Size: | 716 | | Last Modified: | Jan 1 22:02:45 2007 |
| MD5 Checksum: | 9c30a08ee80108c44ee9057c3a0e1767 |
|
| /// File Name: |
CAID-34818.txt |
Description:
|
Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3206 | | Related OSVDB(s): | 30497,30498 | | Related CVE(s): | CVE-2006-6952 | | Last Modified: | Jan 26 22:02:12 2007 |
| MD5 Checksum: | 2892812304ef3817dcf5e68c4e4806cc |
|
| /// File Name: |
CAID-34993.txt |
Description:
|
CA BrightStor ARCserve Backup for Laptops and Desktops contains multiple overflow conditions that can allow a remote attacker to cause a denial of service, or execute arbitrary code with local SYSTEM privileges on Windows.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 3682 | | Related CVE(s): | CVE-2007-0449 | | Last Modified: | Jan 26 21:28:52 2007 |
| MD5 Checksum: | 778a6c8c49578990337d5114dc1d826f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
