ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 11



> 
> *************************
> Widely Deployed Software
> *************************
> 
> (1) CRITICAL: Microsoft Office and Excel Multiple Vulnerabilities
> Affected:
> Office 2000 SP3
> Office XP SP3
> Office 2003 SP1/SP2
> Microsoft Works Suites 2000-2006
> Office X/2004 for Mac OS
> 
> Description: Microsoft Office suite contains five memory corruption
> vulnerabilities in Excel program and another buffer overflow in
> processing "routing slips". A malicious Excel file or an 
> Office file can
> exploit these vulnerabilities to execute arbitrary code on a client
> system using vulnerable Office versions. The specially crafted
> Excel/Office documents can be posted on a web server, file server, P2P
> share or attached to an email. Note that although browsers like IE and
> Firefox typically present a user prompt prior to opening an Office
> document, since these documents are generally considered "safe" as
> opposed to executable files, users are likely to open these documents
> even from untrusted sites. The technical details required to craft
> exploits for many of the buffer overflows have been publicly posted.
> Exploitation for some of the overflows is trivial as they as 
> stack-based
> overflows.
> 
> Status: Microsoft confirmed. Patches referenced in the 
> Microsoft Security 
> Bulletin MS05-012. 
> 
> Council Site Actions:  All reporting council sites are planning to
> address these vulnerabilities in their next regularly scheduled system
> maintenance cycle.  A few reported they will increase the urgency if
> exploits are seen in the wild.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx  
> XFocus Advisory
> http://archives.neohapsis.com/archives/vulnwatch/2006-q1/0080.html   
> TippingPoint ZDI Advisory
> http://www.zerodayinitiative.com/advisories/ZDI-06-004.html   
> Posting by hexview
> http://marc.theaimsgroup.com/?l=full-disclosure&m=114238502808
159&w=2  
> Fortinet Advisories
> http://www.securityfocus.com/archive/1/427649/30/30/threaded   
> http://www.securityfocus.com/archive/1/427648/30/30/threaded   
> Posting by NGSSoftware
> http://www.securityfocus.com/archive/1/427635/30/30/threaded   
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/17091 
> http://www.securityfocus.com/bid/17100 
> http://www.securityfocus.com/bid/17101 
> http://www.securityfocus.com/bid/17108 
> 
> ****************************************************************
> ****************************************************************
> 
> (3) HIGH: Adobe Macromedia Players SWF Remote Code Execution
> Affected:
> Flash Player versions 8.0.22.0 and prior
> Breeze Meeting Add-In version 5.1 and prior
> Shockwave Player version 10.1.0.11 and prior
> Flash Debug Player version 7.0.14.0 and prior
> 
> Description: Adobe has released a security advisory indicating that
> multiple Macromedia players contain a critical vulnerability 
> in handling
> SWF files.  According to Adobe the flaw can be exploited to execute
> arbitrary code. A malicious webpage or an HTML email can leverage the
> flaw to compromise a users system with minimal user interaction. No
> technical details have been released at this time. Note that several
> versions of Windows ship with a vulnerable version of Flash player by
> default; these systems should be updated on a priority basis.
> 
> Status: Adobe confirmed. Upgrade to the latest version of the players
> as described in the Adobe advisory.
> 
> Council Site Actions:  All reporting council sites are planning to
> address in their next regularly scheduled system maintenance cycle.
> 
> References:
> Adobe Advisory
> http://www.macromedia.com/devnet/security/security_zone/apsb06
> -03.html   
> Microsoft Advisory
> http://www.microsoft.com/technet/security/advisory/916208.mspx   
> CERT Advisory
> http://www.us-cert.gov/cas/techalerts/TA06-075A.html  
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/170106 
> 
> ****************************************************************
> 
> (4) MODERATE: Internet Explorer Script Handler Memory Corruption
> Affected:
> Internet Explorer possibly all versions
> 
> Description: Internet Explorer contains a memory corruption
> vulnerability that can be triggered by an HTML page 
> containing a hundred
> or more of script action handlers such as "onclick", 
> "onmouseover" etc.
> According to the discoverer, the flaw can be possibly exploited to
> execute arbitrary code (not confirmed). The technical details and a
> proof-of-concept exploit have been publicly posted.
> 
> Status: Microsoft has not confirmed the vulnerability yet, no updates
> available.
> 
> Council Site Actions: All reporting council sites are waiting on
> additional information from Microsoft.
> 
> References:
> Postings by Michale Zalewski
> http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html 
> http://archives.neohapsis.com/archives/bugtraq/2006-02/0856.html
> http://archives.neohapsis.com/archives/bugtraq/2006-02/0887.html 
> PoC Code
> http://lcamtuf.coredump.cx/iedie.html  
> Internet Explorer Script Action Handlers
> http://msdn.microsoft.com/library/default.asp?url=/workshop/au
thor/dhtml/referen
> ce/events.asp 
> SecurityFocus BID
> http://www.securityfocus.com/bid/17131 
> 
> **********************************************************************
> 
> *********
> Exploits
> *********
> 
> (8) Skype Heap-based Buffer Overflow
> 
> References:
> Exploit Details in BlackHat Europe Presentation
> http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-bi
ondi/bh-eu-06-biondi-up.pdf 
> Previous @RISK Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=43#other1 
> 
> ********************************************************************
> 
> (9) Microsoft Telephony Service Buffer Overflow (MS05-040)
> 
> Council Site Actions: All reporting council sites patched 
> their systems
> late last year.
> 
> References:
> Exploit Code
> http://www.milw0rm.com/exploits/1584 
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=4&i=32#widely4 
> 
> ****************************************************************
> 
> 06.11.1 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Excel Malformed Formula Size Remote Code Execution
> Description: Microsoft Excel is prone to a remote code execution
> vulnerability. This issue may be triggered when a malformed Excel
> document is opened. This is due to an error in Excel that is related
> to how the program parses data fields within the document.
> Specifically, this vulnerability is a buffer overflow that occurs when
> handling malformed formula size data in an Excel file.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
> ______________________________________________________________________
> 
> 06.11.2 CVE: CVE-2006-0028
> Platform: Microsoft Office
> Title: Microsoft Excel Malformed Parsing Format File Remote Code
> Execution
> Description: Microsoft Excel is prone to a remote code execution
> vulnerability. This issue may be triggered when a malformed Excel
> document is opened. This is due to an error in Excel that is related
> to how the program parses data fields within the document. Successful
> exploitation may result in execution of arbitrary code in the context
> of the currently logged in user.
> Ref: http://www.microsoft.com/technet/security/bulletin/MS06-012.mspx
> ______________________________________________________________________
> 
> 06.11.3 CVE: CVE-2006-0029
> Platform: Microsoft Office
> Title: Microsoft Excel Malformed Description Remote Code Execution
> Description: Microsoft Excel is prone to a remote code execution
> vulnerability that may be triggered when a malformed Excel document is
> opened. This is due to an error in Excel that is related to how the
> program parses data fields within the document.
> Ref: http://www.microsoft.com/technet/security/bulletin/MS06-012.mspx
> ______________________________________________________________________
> 
> 06.11.4 CVE: CVE-2006-0009
> Platform: Microsoft Office
> Title: Microsoft Office Routing Slip Processing Remote Buffer Overflow
> Description: Microsoft Office supports routing slips, which are
> embedded in Word, Excel, or PowerPoint documents to aid in
> collaborative working. Microsoft Office is prone to a remote buffer
> overflow vulnerability. Specifically, the issue arises when the
> application handles a specially crafted document containing a
> malicious routing slip. A successful attack can result in a remote
> compromise in the context of an affected user.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
> ______________________________________________________________________
> 
> 06.11.5 CVE: CVE-2006-0031
> Platform: Microsoft Office
> Title: Excel Malformed Record Remote Code Execution Vulnerability
> Description: Microsoft Excel is prone to a remote code execution issue
> which may be triggered when a malformed Excel document is opened. The
> issue is due to an error in Excel that is related to how the program
> parses data fields within the document.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
> ______________________________________________________________________
> 
> 06.11.6 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Script Action Handler Buffer
> Overflow
> Description: Microsoft Internet Explorer is prone to a remote buffer
> overflow vulnerability in "MSHTML.DLL" due to improper boundary
> checking of user supplied input data prior to copying it into an
> insufficiently sized memory buffer. This issue is triggered by having
> several thousand script action handlers, such as "onLoad",
> "onMouseOver", in a single HTML tag. Internet Explorer 6 is reported
> to be vulnerable to this issue; other versions may also be affected.
> Ref: http://www.securityfocus.com/bid/17131/exploit
> ______________________________________________________________________
> 
> 06.11.18 CVE: Not Available
> Platform: Linux
> Title: Debian GNU/Linux Local Information Disclosure
> Description: Debian GNU/Linux is vulnerable to a local information
> disclosure issue due to the installation system improperly storing
> sensitive information in world readable files. Debian GNU/Linux
> version 3.1 is vulnerable.
> Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=254068
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356845
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=356939
> ______________________________________________________________________
> 
> 06.11.19 CVE: CVE-2006-1242
> Platform: Linux
> Title: Linux Kernel IP ID Information Disclosure
> Description: The Linux kernel is vulnerable to a remote information
> disclosure weakness. The kernel increments the IP ID field after
> receiving unsolicited TCP SYN-ACK packets, which allows attackers to
> conduct idle scans or stealth scans. The Linux kernel 2.6 series as
> well as some kernels in the 2.4 series are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/427622
> ______________________________________________________________________
> 
> 06.11.20 CVE: Not Available
> Platform: Linux
> Title: sa-exim Unauthorized File Access
> Description: sa-exim is a SpamAssassin module for Exim. It is
> vulnerable to an unauthorized file access vulnerability. This issue is
> due to insufficient sanitization of the "greylistclean.cron" file.
> sa-exim versions 4.2 and earlier are vulnerable.
> Ref: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345071
> ______________________________________________________________________
> 
> 06.11.21 CVE: CVE-2005-3359
> Platform: Linux
> Title: Linux Kernel ATM Module Inconsistent Reference Counts Denial of
> Service
> Description: The Linux kernel is prone to a local denial of service
> issue which presents itself because the ATM module can allow attackers
> to create inconsistent reference counts for loadable protocol modules
> of netfilter. Linux kernel versions 2.6.14 and earlier are affected.
> Ref: http://www.securityfocus.com/bid/17078
> ______________________________________________________________________
> 
> 06.11.22 CVE: CVE-2006-0457
> Platform: Linux
> Title: Linux Kernel Security Key Functions Local Copy_To_User Race
> Condition
> Description: The Linux kernel contains a keyring module that is
> designed to allow for the storage and maintenance of local key data
> for operations such as storing Kerberos credentials. The Linux kernel
> is susceptible to a local race condition vulnerability in its security
> key functionality. This allows local attackers to crash the kernel.
> Ref: http://www.ubuntu.com/usn/usn-263-1
> ______________________________________________________________________
> 
> 06.11.27 CVE: CVE-2006-0024
> Platform: Cross Platform
> Title: Macromedia Flash Multiple Unspecified Security Vulnerabilities
> Description: Macromedia Flash is a dynamic content platform commonly
> used in web based applications. Its plug-in is susceptible to multiple
> unspecified vulnerabilities. Macromedia Flash versions prior to
> 7.0.63.0 and 8.0.24.0 are vulnerable.
> Ref: 
> http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.