Section: .. / 1002-advisories /
| /// File Name: |
02.01.10-1.txt |
Description:
|
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s RealPlayer 11 could allow an attacker to execute arbitrary code with the privileges of the affected service. The vulnerability specifically exists in the handling of the 'chunked' Transfer-Encoding method. This method breaks the file the server is sending into 'chunks'. For each chunk, the server first sends the length of the chunk in hexadecimal, followed by the chunk data. This is repeated until there are no more chunks. The server then sends a chunk length of zero (0) indicating the end of the transfer. When processing these chunks, an integer overflow occurs, which results in a heap overflow. This leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in RealPlayer version 11 on Windows. A nightly build of RealPlayer 10.1.0.3830 for Linux was also confirmed to be vulnerable. Previous versions do not appear be affected.
| | Author: | iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3943 | | Related CVE(s): | CVE-2009-4243 | | Last Modified: | Feb 1 21:24:04 2010 |
| MD5 Checksum: | 816144c2fb429f97ccd37657d81fc172 |
|
| /// File Name: |
02.01.10-2.txt |
Description:
|
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in RealNetworks Inc.'s Real Player could allow an attacker to execute arbitrary code with the privileges of the current user. This problem specifically exists in the CMediumBlockAllocator::Alloc method. When calculating the size of a memory allocation, an integer overflow occurs. This leads to heap corruption, which can result in the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Real Player versions 10.5 (build 6.0.12.883) and 11 (build 6.0.14.738) on Windows. Other versions may also be affected.
| | Author: | iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3435 | | Related CVE(s): | CVE-2009-4248 | | Last Modified: | Feb 1 21:24:47 2010 |
| MD5 Checksum: | ba69609a497409b2acae1ebbcfca3377 |
|
| /// File Name: |
02.01.10-3.txt |
Description:
|
iDefense Security Advisory 02.01.10 - Remote exploitation of an integer overflow vulnerability in Real Networks Inc.'s RealPlayer version 11 could allow an attacker to execute arbitrary code. iDefense Labs has confirmed the existence of an integer overflow issue within RealPlayer when handling compressed GIF files. The vulnerability occurs in the CGIFCodec::InitDecompress() function, which does not properly validate a field in the GIF file before using it in an arithmetic operation that calculates the size of a heap buffer. This issue leads to heap corruption, which can result in the execution of arbitrary code. iDefense confirmed RealPlayer version 11 is vulnerable to this issue.
| | Author: | iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 4306 | | Related CVE(s): | CVE-2009-4245 | | Last Modified: | Feb 1 21:25:51 2010 |
| MD5 Checksum: | dfa1cdc3010ddd329b4be557aaf8031d |
|
| /// File Name: |
02.09.10-1.txt |
Description:
|
iDefense Security Advisory 02.09.10 - Remote exploitation of a heap-based buffer overflow vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs during the parsing of two related PowerPoint record types. The first record type, the "LinkedSlideAtom" record, is used to specify collaboration information for different slides. One of the fields in this record is used to specify the number of certain records that are present in the file. The code responsible for filling the array used to store the records does not perform any bounds checking when storing elements into the array. This results in a heap-based buffer overflow vulnerability.
| | Author: | Sean Larsson ,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3757 | | Related CVE(s): | CVE-2010-0030 | | Last Modified: | Feb 12 02:43:36 2010 |
| MD5 Checksum: | 4558e56a3e61dac18ee72997c0d5b4db |
|
| /// File Name: |
02.09.10-2.txt |
Description:
|
iDefense Security Advisory 02.09.10 - Remote exploitation of a use-after-free vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing multiple "OEPlaceholderAtom" records present in a "msofbtClientData" container. This record type is used to create a placeholder for an object #picture, text, etc.# on a slide. When a certain series of these records are present, it is possible to trigger a use-after-free vulnerability, which can lead to the execution of arbitrary code.
| | Author: | Sean Larsson ,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3585 | | Related CVE(s): | CVE-2010-0032 | | Last Modified: | Feb 12 02:50:40 2010 |
| MD5 Checksum: | 4fba1df073761cadc353a2d5075041d2 |
|
| /// File Name: |
02.09.10-3.txt |
Description:
|
iDefense Security Advisory 02.09.10 - Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability occurs when parsing an "OEPlaceholderAtom" record. This record type is used to create a placeholder for an object (picture, text, etc.) on a slide. By providing a value greater than the size of an array, it is possible to corrupt stack memory beyond the bounds of the array with a fixed value. By overwriting critical structures like the saved return address, it is possible to execute arbitrary code.
| | Author: | Sean Larsson ,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3656 | | Related CVE(s): | CVE-2010-0031 | | Last Modified: | Feb 12 02:51:55 2010 |
| MD5 Checksum: | 2398d5b21f9db5b8e27a087a5bcdaaf6 |
|
| /// File Name: |
02.23.10-1.txt |
Description:
|
iDefense Security Advisory 02.23.10 - Remote exploitation of an input validation vulnerability in NOS Microsystems Ltd.'s getPlus Download Manager, as used by Adobe and potentially other vendors, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists due to improper validation of the domain used to download and execute applications from. The vulnerable code always assumes that the domain being validated is a subdomain, which can lead to a logic error when comparing the valid domain and the requested domain. iDefense has confirmed the existence of this vulnerability in getPlus version 1.5.2.35 as distributed by Adobe. The Adobe Download Manager on Windows (prior to February 23, 2010) has been confirmed vulnerable by Adobe.
| | Author: | Yorick Koster ,iDefense Labs | | Homepage: | http://www.idefense.com/ | | File Size: | 3781 | | Last Modified: | Feb 25 01:34:28 2010 |
| MD5 Checksum: | 3858dd8f56afc2be89616b19a3311e24 |
|
| /// File Name: |
acmorg-disclose.txt |
Description:
|
It appears that acm.org suffers from a serious data leak and may be ignoring it.
| | Author: | the hacker | | File Size: | 1152 | | Last Modified: | Feb 19 16:02:32 2010 |
| MD5 Checksum: | f819074712f37022be8f1303a2b40678 |
|
| /// File Name: |
AID-020810.txt |
Description:
|
Aruba Networks Security Advisory - This advisory addresses the renegotiation related vulnerability disclosed recently in Transport Layer Security protocol. This vulnerability may allow a Man-in-the-Middle (MITM) attacker to inject arbitrary data into the beginning of the application protocol stream protected by TLS.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 9301 | | Related CVE(s): | CVE-2009-3555 | | Last Modified: | Feb 9 13:53:40 2010 |
| MD5 Checksum: | 2f67860d1650ede724866d5efef4c335 |
|
| /// File Name: |
aol95-overflow.txt |
Description:
|
Hellcode Research has discovered a heap overflow vulnerability in AOL 9.5. Opening a malformed vCard file (.vcf) with AOL 9.5 causes a crash on "waol.exe". Successful exploitation may allow execution of arbitrary code.
| | Author: | karak0rsan | | Homepage: | http://tcc.hellcode.net/ | | File Size: | 496 | | Last Modified: | Feb 4 01:47:36 2010 |
| MD5 Checksum: | 4a4f33ee6e688f98ab47780495138ecf |
|
| /// File Name: |
AST-2010-001.txt |
Description:
|
Asterisk Project Security Advisory - An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well.
| | Author: | David Vossel | | Homepage: | http://www.asterisk.org/security | | File Size: | 7883 | | Related CVE(s): | CVE-2010-0441 | | Last Modified: | Feb 2 23:28:26 2010 |
| MD5 Checksum: | 09e8a4cd95e01a115d93a6c35c3cb09e |
|
| /// File Name: |
AST-2010-002.txt |
Description:
|
Asterisk Project Security Advisory - A common usage of the ${EXTEN} channel variable in a dialplan with wildcard pattern matches can lead to a possible string injection vulnerability. By having a wildcard match in a dialplan, it is possible to allow unintended calls to be executed.
| | Author: | Leif Madsen | | Homepage: | http://www.asterisk.org/security | | File Size: | 12308 | | Last Modified: | Feb 20 13:14:50 2010 |
| MD5 Checksum: | 8401124cbc4ef9d5182493660825c345 |
|
| /// File Name: |
AST-2010-003.txt |
Description:
|
Asterisk Project Security Advisory - Host access rules using permit= and deny= configurations behave unpredictably if the CIDR notation /0 is used. Depending on the system's behavior, this may act as desired, but in other cases it might not, thereby allowing access from hosts that should be denied.
| | Author: | Mark Michelson | | Homepage: | http://www.asterisk.org/security | | File Size: | 9755 | | Last Modified: | Feb 26 14:26:09 2010 |
| MD5 Checksum: | 96b5d56898cb42ff746d93184ad1b2cd |
|
| /// File Name: |
bugzilla-disclose.txt |
Description:
|
Bugzilla versions before 3.0.11, 3.2.6, 3.4.5, and 3.5.3 allow for content browsing of various directories that may have sensitive information in them if customized. Bugzilla versions 3.3.1 to 3.4.4, 3.5.1, and 3.5.2 suffer from a bug moving vulnerability.
| | Homepage: | http://www.bugzilla.org/ | | File Size: | 3375 | | Related CVE(s): | CVE-2009-3989, CVE-2009-3387 | | Last Modified: | Feb 1 21:06:07 2010 |
| MD5 Checksum: | 6ea74aa0b474ab5a9575a30e409c43a3 |
|
| /// File Name: |
CA20100222-01.txt |
Description:
|
CA's support is alerting customers to a security risk with CA Service Desk r12.1. The release of Tomcat as included with CA Service Desk r12.1 is potentially susceptible to a cross-site scripting vulnerability.
| | Author: | Kevin Kotas | | Homepage: | http://www3.ca.com/ | | File Size: | 1586 | | Related CVE(s): | CVE-2008-1947 | | Last Modified: | Feb 23 02:53:22 2010 |
| MD5 Checksum: | 1e036fb07d36c1056abf8b550e0b1e10 |
|
| /// File Name: |
CA20100223-01.txt |
Description:
|
CA's support is alerting customers to a security risk with CA eHealth Performance Manager. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
| | Author: | Kevin Kotas | | Homepage: | http://www3.ca.com/ | | File Size: | 2419 | | Related CVE(s): | CVE-2010-0640 | | Last Modified: | Feb 23 20:04:14 2010 |
| MD5 Checksum: | 746e136a27c21e328a9a50d4d0958f2a |
|
| /// File Name: |
chrome-crossorigin.txt |
Description:
|
Virtual Security Research, LLC. Security Advisory - In mid-January, VSR identified a vulnerability in Google Chrome which could be used in phishing attacks in specific types of web sites. This issue may make it much easier to convince a victim to submit web application credentials to the attacker's site.
| | Author: | Timothy D. Morgan | | Homepage: | http://www.vsecurity.com/ | | File Size: | 5555 | | Related CVE(s): | CVE-2010-0556 | | Last Modified: | Feb 16 17:42:22 2010 |
| MD5 Checksum: | cc80c14cdde56d4b987f9bd1d621ad47 |
|
| /// File Name: |
cisco-sa-20100210-ironport.txt |
Description:
|
Cisco Security Advisory - Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 11036 | | Related CVE(s): | CVE-2010-0143, CVE-2010-0144, CVE-2010-0145 | | Last Modified: | Feb 10 18:14:54 2010 |
| MD5 Checksum: | 8ed9bb3229e6ef80f08965278ae193ef |
|
| /// File Name: |
cisco-sa-20100217-csa.txt |
Description:
|
Cisco Security Advisory - The Management Center for Cisco Security Agents is affected by a directory traversal vulnerability and a SQL injection vulnerability. Successful exploitation of the directory traversal vulnerability may allow an authenticated attacker to view and download arbitrary files from the server hosting the Management Center. Successful exploitation of the SQL injection vulnerability may allow an authenticated attacker to execute SQL statements that can cause instability of the product or changes in the configuration. Additionally, the Cisco Security Agent is affected by a denial of service (DoS) vulnerability. Successful exploitation of the Cisco Security Agent agent DoS vulnerability may cause the affected system to crash. Repeated exploitation could result in a sustained DoS condition. These vulnerabilities are independent of each other.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 16952 | | Related CVE(s): | CVE-2010-0146, CVE-2010-0147, CVE-2010-0148 | | Last Modified: | Feb 17 18:54:31 2010 |
| MD5 Checksum: | b4e8c445dc7e8829dccbc0c6897ea4f0 |
|
| /// File Name: |
cisco-sa-20100217-fwsm.txt |
Description:
|
Cisco Security Advisory - A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers that may cause the Cisco FWSM to reload after processing a malformed Skinny Client Control Protocol (SCCP) message. The vulnerability exists when SCCP inspection is enabled. Cisco has released free software updates that address this vulnerability.
| | Author: | Cisco Systems | | Homepage: | http://www.cisco.com/ | | File Size: | 16457 | | Related CVE(s): | CVE-2010-0151 | | Last Modified: | Feb 17 19:36:57 2010 |
| MD5 Checksum: | 3306fb0b569cef6f3205322b85cfacb8 |
|
| /// File Name: |
CORE-2009-0827.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability exists in MSO.DLL affecting Excel 9 (Office 2000) and Excel 10 (Office XP) in the code responsible for parsing OfficeArtSpgr (recType 0xF003) containers that allows an attacker to cause a class pointer to be interpreted incorrectly, leading to code execution in the context of the currently logged on user.
| | Author: | Core Security Technologies,Damian Frizza | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 12999 | | Related CVE(s): | CVE-2010-0243 | | Last Modified: | Feb 9 17:43:49 2010 |
| MD5 Checksum: | b2f3bb40ec8fae94f4ec8e97263f9f0c |
|
| /// File Name: |
CORE-2009-1126.txt |
Description:
|
Core Security Technologies Advisory - Corel Paint Shop Pro Photo X2 is prone to a heap-based buffer overflow when processing malformed FPX files, because it trusts user-controlled data located inside a FPX file and uses it as a loop counter when copying data from a FPX file into a fixed-size buffer located in the heap. This vulnerability can be exploited to overwrite adjacent heap chunks metadata, and possibly to gain arbitrary code execution.
| | Author: | Core Security Technologies,Francisco Falcon | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 11633 | | Last Modified: | Feb 1 21:28:20 2010 |
| MD5 Checksum: | c2a7e082be81a97c93087c88540a9f94 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
