ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 28



> 
> An enormous number of critical vulnerabilities were disclosed 
> this week
> (three times the average week). Microsoft and Cisco products 
> are heavily
> impacted - meaning nearly every large sight is affected.  Try not to
> ignore the eBay and McAfee and Adobe and Macromedia (Flash)
> vulnerabilities.
> 
> 
> *****************************
> Widely-Deployed Software
> *****************************
> 
> (1) CRITICAL: Microsoft Server Service Remote Code Execution 
> (MS06-035)
> 
> Affected:
> Microsoft Windows 2000 SP4
> Microsoft Windows Server 2003 SP0/SP1
> Microsoft Windows XP SP1/SP2
> 
> Description: Microsoft Windows is vulnerable to a remotely-exploitable
> vulnerability in the processing of mailslot messages. Mailslots are a
> form of intermachine and interprocess communication used on
> Windows-based operating systems. Mailslots are used by several
> applications, including the Alerter and Messenger services (enabled by
> default on Windows 2000). Windows fails to properly validate certain
> mailslot messages leading to a kernel (core of the operating system)
> heap overflow. By sending a specially-crafted mailslot request, an
> attacker could take complete control of the vulnerable system.
> Additionally, by sending specially-crafted SMB traffic, attackers may
> be able to view parts of kernel memory, and possibly discover 
> sensitive
> information. Users are advised to block TCP and UDP ports 137, 139 and
> 445 at the network perimeter and disable services using mailslot
> functionality if possible.
> 
> Status: Microsoft confirmed, updates available.
> 
> Council Site Actions:  All council sites are either in the process of
> deploying the update or will deploy the update during their next
> regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-035.mspx
> TippingPoint Security Research Advisory (Code Execution)
> http://www.tippingpoint.com/security/advisories/TSRT-06-02.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18863 (Code Execution)
> http://www.securityfocus.com/bid/18891 (Information Disclosure)
> 
> ****************************************************************
> 
> (2) HIGH: Microsoft PowerPoint Code Execution (0-day)
> Affected:
> Microsoft PowerPoint 2003 SP0/SP1/SP2
> 
> Description: Microsoft PowerPoint contains a remote code execution
> vulnerability. This vulnerability is currently being exploited with a
> limited impact by "Trojan.PPDropper.B". Emails from this worm 
> appear to
> come from a gmail.com address and have Chinese characters in 
> the subject
> line and the malicious PowerPoint file. Upon opening the attached
> PowerPoint file, a keystroke logger (known as "Backdoor.Bifrose.E") is
> installed on the user's system. Users are advised not to open 
> PowerPoint
> documents from untrusted sources. Note that it is necessary 
> for the user
> to open a malicious PowerPoint document; In most common 
> configurations,
> these files are not opened automatically.
> 
> Status: Microsoft Confirmed, no updates available.
> 
> Council Site Actions: All of the responding council sites are awaiting
> additional information from the vendor.  Should a patch become
> available, they will deploy the update during their next regularly
> scheduled maintenance window.
> 
> References:
> eWeek Article
> http://www.eweek.com/article2/0,1895,1988877,00.asp
> Symantec Article (Trojan.PPDropper.B)
> http://www.symantec.com/enterprise/security_response/writeup.j
> sp?docid=2006-071212-4413-99&tabid=1
> Symantec Article (Backdoor.Bifrose.E)
> http://www.symantec.com/security_response/writeup.jsp?docid=20
06-022716-2959-99 
> PoC PowerPoint Files
> http://marc.theaimsgroup.com/?l=full-disclosure&m=115291534016075&w=2
> http://marc.theaimsgroup.com/?l=full-disclosure&m=115291546004770&w=2
> http://marc.theaimsgroup.com/?l=full-disclosure&m=115291559714403&w=2
> SecurityFocus BID
> http://www.securityfocus.com/bid/18957 
> 
> ****************************************************************
> 
> (3) HIGH: Microsoft Windows DHCP Client Service Remote Buffer 
> Overflow (MS06-036)
> Affected:
> Microsoft Windows 2000 SP4
> Microsoft Windows XP SP1/SP2
> Microsoft Windows Server 2003
> Microsoft Windows 98/98SE/ME are listed as vulnerable, but 
> are not rated as "critically vulnerable" by Microsoft.
> 
> Description: Microsoft's DHCP client service for Windows, used to
> configure hosts automatically via the Dynamic Host Configuration
> Protocol (DHCP), suffers from a remotely-exploitable buffer overflow.
> By sending a specially-crafted DHCP packet to a vulnerable system, an
> attacker could take complete control of the system.  Under 
> most network
> configurations, an attacker must send this packet from the same subnet
> as the vulnerable system. Users are advised to filter DHCP traffic at
> the network perimeter and not to forward DHCP broadcast 
> traffic between
> subnets.
> 
> Status: Microsoft confirmed, updates available. 
> 
> Council Site Actions: All council sites are either in the process of
> deploying the update or will deploy the update during their next
> regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-036.mspx 
> Wikipedia Entry on DHCP
> http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18923 
> 
> ****************************************************************
> 
> (4) HIGH: Microsoft Office Excel Multiple Code Execution 
> Vulnerabilities (MS06-037)
> Affected:
> Microsoft Office 2003 SP1/SP2
> Microsoft Office XP SP3
> Microsoft Office 2000 SP3
> Microsoft Office 2004/X for Mac
> 
> Description: Microsoft Office Excel suffers from multiple 
> code execution
> vulnerabilities. By causing a user to open a specially-crafted Excel
> file via a malicious link or email message, an attacker could execute
> arbitrary code with the privileges of the current user. Note that, in
> most configurations other than Office 2000, Excel spreadsheets are not
> opened automatically after being downloaded; a user must 
> explicitly open
> them. Users are advised not to open Excel files from 
> untrusted sources.
> At least eight processing vulnerabilities leading to code 
> execution are
> known.
> 
> Status: Microsoft confirmed, updates available. Note that this patch
> addresses a previous 0-day issue in Excel; Hence, the patch should be
> applied on an expedited basis.
> 
> Council Site Actions: All council sites are either in the process of
> deploying the update or will deploy the update during their next
> regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-037.mspx 
> Zero Day Initiative Bulletin
> http://www.zerodayinitiative.com/advisories/ZDI-06-022.html 
> SecurityFocus BIDs 
> http://www.securityfocus.com/bid/18938 
> http://www.securityfocus.com/bid/18888 
> http://www.securityfocus.com/bid/18883 
> http://www.securityfocus.com/bid/18885 
> http://www.securityfocus.com/bid/18886 
> http://www.securityfocus.com/bid/18890 
> http://www.securityfocus.com/bid/18910 
> 
> ****************************************************************
> 
> (5) HIGH: Microsoft Office Multiple Code Execution 
> Vulnerabilities (MS06-038)
> Affected:
> Microsoft Office 2003 SP1/SP2
> Microsoft Office XP SP3
> Microsoft Office 2000 SP3
> Microsoft Office 2004/X for Mac
> Microsoft Project 2000/2002
> Microsoft Visio 2002 SP2
> 
> Description: Various Microsoft Office products are vulnerable to code
> execution vulnerabilities. When a user opens a 
> specially-crafted Office
> file via a malicious link or email message, an attacker could execute
> arbitrary code with the privileges of the current user. Note 
> that, under
> most common configurations other than Office 2000, most 
> Office document
> types will not open automatically after being downloaded. These
> vulnerabilities exist within core Office components, and therefore can
> affect a variety of Office file types such as Word documents, Excel
> spreadsheets etc. Users are advised to not open Office documents from
> untrusted sources. Technical details and a proof-of-concept 
> for at least
> one of these vulnerabilities have been publicly posted.
> 
> Status: Microsoft Confirmed, updates available.
> 
> Council Site Actions: All council sites are either in the process of
> deploying the update or will deploy the update during their next
> regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-038.mspx 
> Proof-of-Concept by posidron
> http://www.milw0rm.com/exploits/1615 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/18889 
> http://www.securityfocus.com/bid/18911 
> http://www.securityfocus.com/bid/18912 
> 
> ****************************************************************
> 
> (6) HIGH: Microsoft Office Multiple Filter Code Execution 
> Vulnerabilities (MS06-039)
> Affected:
> Microsoft Office 2003 SP1/SP2
> Microsoft Office XP SP3
> Microsoft Office 2000 SP3
> Microsoft Works Suite 2004/2005/2006
> 
> Description: Various Microsoft Office products are vulnerable to code
> execution vulnerabilities. When a user opens a 
> specially-crafted Office
> file via a malicious link or email message, an attacker could execute
> arbitrary code with the privileges of the current user. These
> vulnerabilities exist in the code "filters" used to load and 
> convert PNG
> and GIF image files. Hence, any Office product displaying these image
> types is potentially vulnerable. Note that, under most common
> configurations other than Office 2000, Office document types will not
> open automatically after being downloaded. Users are advised 
> to not open
> Office documents from untrusted sources.
> 
> Status: Microsoft Confirmed, updates available.
> 
> Council Site Actions: All council sites are either in the process of
> deploying the update or will deploy the update during their next
> regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-039.mspx 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/18913 (PNG)
> http://www.securityfocus.com/bid/18915 (GIF)
> 
> ****************************************************************
> 
> (7) HIGH: Adobe Acrobat Remote Buffer Overflow
> Affected:
> Adobe Acrobat 5.0, 5.0.5, 06.0.x on Windows and Macintosh
> 
> Description: Adobe Acrobat, the most popular PDF viewer on 
> the Internet,
> is vulnerable to a buffer overflow when processing certain PDF files.
> When a user views a specially-crafted PDF file via a malicious link or
> email message, an attacker could execute arbitrary code with the
> privileges of the current user. In many common 
> configurations, PDF files
> are opened automatically after downloading. Therefore, no user
> interaction beyond viewing an email or clicking on a malicious link
> would be necessary to exploit this vulnerability.
> 
> Status: Adobe confirmed, updates available.
> 
> Council Site Actions:  Most of the responding council sites plan to
> update their systems during their next regular maintenance window.  A
> few sites are still analyzing possible responses.
> 
> References:
> Adobe Security Bulletin
> http://www.adobe.com/support/security/bulletins/apsb06-09.html 
> Adobe Home Page
> http://www.adobe.com/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18943 
> 
> ****************************************************************
> 
> (8) HIGH: Macromedia Flash Multiple Vulnerabilities
> Affected:
> Macromedia Flash version 8.0.24 and possibly earlier
> 
> Description: Macromedia Flash, a popular platform for rich 
> Web content,
> is vulnerable to multiple undisclosed vulnerabilities. When a 
> user views
> a specially-crafted SWF (Flash) file via a malicious link, an attacker
> could execute arbitrary code with the privileges of the current user.
> Flash is installed on all Windows XP and Mac OS X systems by default,
> and is common on many other platforms. Flash content is configured to
> display by default, and therefore no user interaction beyond clicking
> on a link is required to exploit this vulnerability.
> 
> Status: Macromedia confirmed, updates available.
> 
> Council Site Actions: Two of the responding council sites plan to take
> action on this item.  One site is investigating possible actions; the
> other site plans to distribute the patch during their next regularly
> scheduled maintenance widow.
> 
> References:
> ForiGuard Advisories
> http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-20.h
> tml (Code Execution)
> http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-21.h
> tml (Denial-of-Service)
> Macromedia Home Page
> http://www.macromedia.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/18894
> 
> ****************************************************************
> 
> (9) MODERATE: Microsoft IIS ASP Code Execution Vulnerability 
> (MS06-034)
> Affected:
> Microsoft Internet Information Services (IIS) 5.0/5.1/6.0
> 
> Description: Microsoft Internet Information Services (IIS) 
> servers using
> Active Server Pages (ASP) contain a code execution vulnerability. By
> placing a specially-crafted ASP page in a location where it will be
> processed by an IIS server, an attacker could execute arbitrary code
> with the privileges of the IIS process (often "IWAM" or
> "NetworkService"). Attackers must have valid login credentials and the
> ability to place files on the IIS server. Web site hosting providers
> typically allow authenticated users to upload web pages. Hence, the
> providers using IIS should apply this patch on a priority basis.
> 
> Status: Microsoft confirmed, updates available.
> 
> Council Site Actions: Two of the responding council sites are 
> using the
> affected software. Both sites plan to deploy the updates during their
> next regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-034.mspx
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/18858
> 
> ****************************************************************
> 
> (10) LOW: Microsoft ASP.NET Remote Information Disclosure (MS06-033)
> Affected:
> Microsoft .NET Framework 2.0
> 
> Description: Microsoft ASP.NET, Microsoft's web hosting and 
> web services
> system from the .NET framework, suffers from a remote
> information-disclosure vulnerability. By sending a specially-crafted
> request to the ASP.NET web server, an attacker could cause the server
> to disclose information in the Application folders. By default, an
> attacker would need to know in advance the name of the object to be
> displayed. Users are advised to monitor web access logs and move files
> and other objects out of the Application folders, if possible.
> 
> Status: Microsoft Confirmed, updates available.
> 
> Council Site Actions:  Three of the responding council sites are using
> the affective software. They all plan to deploy the update 
> during their
> next regularly scheduled maintenance window.
> 
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/MS06-033.mspx 
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/18920
> 
> ****************************************************************
> 
> (11) LOW: Microsoft Internet Explorer "RDS.DataControl" 
> ActiveX Heap Corruption
> Affected:
> Microsoft Internet Explorer 6
> 
> Description: Microsoft Internet Explorer suffers from a heap 
> corruption
> vulnerability. By instantiating the "RDS.DataControl" ActiveX control,
> an attacker can cause heap corruption by special manipulation of the
> "URL" attribute of the object. A denial-of-service condition has been
> confirmed; it has been suggested that remote code execution may be
> possible, but this has not been confirmed. Technical details for this
> exploit and a proof-of-concept have been publicly posted. This ActiveX
> control is considered obsolete by Microsoft.  Users are advised to set
> the killbit for UUID "bd96c556-65a3-983a-00c04fc29e33". Note that by
> disabling this control, programs using Microsoft Remote Data Services
> may stop functioning properly.
> 
> This flaw was reported by a researcher who plans to release a new flaw
> every day for the month of July in various browsers. The 
> researcher has
> also reported other vulnerabilities in Microsoft Internet 
> Explorer. Most
> of these vulnerabilities are DoS flaws.
> 
> Status: Microsoft has not confirmed, no updates available.
> 
> Council Site Actions: All of the responding council sites are awaiting
> additional information from the vendor.  Should a patch become
> available, they will deploy during their next regularly scheduled
> maintenance window.
> 
> References
> Proof-of-Concept
> http://metasploit.com/users/hdm/tools/browserfun/mobb_008.html 
> Posting by H. D. Moore
> http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html 
> Browserfun Blog by H. D. Moore
> http://browserfun.blogspot.com/ 
> Microsoft Support Document on Disabling ActiveX Controls ("killbits")
> http://support.microsoft.com/kb/240797 
> 
> 
> ****************
> Other Software
> ****************
> 
> (12) CRITICAL: McAfee ePolicy Orchestrator Framework Service 
> Directory Traversal
> Affected:
> McAfee ePolicy Orchestrator version 3.5.5 and prior
> 
> Details: McAfee ePolicy Orchestrator, McAfee's remote security
> management software, is vulnerable to a directory traversal 
> attack. The
> framework service, which runs on both ePolicy servers and clients on
> port 8081, accepts commands via the HTTP protocol. By sending a
> specially-crafted request, consisting of an XML document defining a
> pathname and file contents, an attacker can overwrite the contents of
> any file on the vulnerable system. This would allow an attacker to
> obtain complete control of the affected system. No authentication is
> required to exploit this vulnerability, and technical details for this
> vulnerability have been publicly posted. Users are advised to 
> block TCP
> port 8081 at the network perimeter and upgrade as quickly as possible.
> Note that an enterprise-wide compromise is possible by exploiting this
> flaw.
> 
> Status: McAfee confirmed, updates available.
> 
> References:
> eEye Security Advisory
> http://www.eeye.com/html/research/advisories/AD20060713.html
> McAfee Home Page
> http://www.mcafee.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/18979
> 
> **************************************************************
> ************
> 
> (13) HIGH: Cisco Unified CallManager Remote Buffer Overflow
> 
> Affected:
> Cisco Unified CallManager versions 5.0(1), 5.0(2), 5.0(3), 5.0(3a)
> 
> Details: Cisco Unified Call Manager, Cisco's VoIP (Voice over Internet
> Protocol) call processor, is vulnerable to a 
> remotely-exploitable buffer
> overflow. By sending a SIP request with an overly-long "hostname"
> attribute, an attacker could execute arbitrary code on the CallManager
> device. Note that technical details for this vulnerability have been
> publicly posted.
> 
> Status: Cisco confirmed, updates available.
> 
> Council Site Actions: Only one of the responding council 
> sites is using
> the affected software and they are still considering which action they
> will take.
> 
> References:
> Cisco Security Advisory
> http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml 
> Cisco Unified CallManager Home Page
> http://www.cisco.com/en/US/products/sw/voicesw/ps556/index.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18952
> 
> ****************************************************************
> 
> (14) MODERATE: eBay Enhanced Picture Service ActiveX 
> Component Buffer Overflow
> 
> Affected:
> eBay Enhanced Picture Service ActiveX Component version 1.0.3 
> and possibly prior
> 
> Details: eBay Enhanced Picture Service provides eBay auctioneers with
> the ability to easily host auction item pictures. The service can
> install an ActiveX control on Windows systems. This control is
> vulnerable to a buffer overflow. By causing a user to view a web page
> that instantiates this control via a malicious link, an attacker could
> execute arbitrary code with the privileges of the current user. Note
> that no user interaction beyond clicking on the link would be required
> to exploit this vulnerability. This control will be automatically
> upgraded to a non-vulnerable version if a user views an eBay page that
> utilizes the control. Users are advised to upgrade, or to disable the
> control with the UUID 4C39376E-FA9D-4349-BACC-D305C1750EF3 via the
> Microsoft "killbit" mechanism.
> 
> Status: eBay confirmed, updates available.
> 
> Council Site Actions: Only one of the responding council 
> sites is using
> the affected software.  They are still in the process of considering
> what action they will take.
> 
> References:
> eBay Enhanced Picture Service Home Page
> http://pages.ebay.com/picture_manager/ 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18921 
> Microsoft Support Document on Disabling ActiveX Controls ("killbits")
> http://support.microsoft.com/kb/240797
> 
> ****************************************************************
> 
> (15) MODERATE: Cisco Intrusion Prevention System Malformed 
> Packet Denial-of-Service
> 
> Affected:
> Cisco IPS 4200 Series
> Cisco IPS 5.1(x)
> 
> Details: Cisco's Intrusion Prevention System (IPS) is vulnerable to a
> remote denial-of-service vulnerability. By sending a specially-crafted
> packet to a Cisco IPS, an attacker can cause the device to crash and
> stop processing traffic. If the device is deployed in-line, this could
> disrupt network traffic for all the systems behind the IPS. Once
> crashed, the device is not accessible via any management interface and
> must be power-cycled to resume its normal operation.
> 
> Status: Cisco confirmed, updates available.
> 
> Council Site Actions: The affected software and/or 
> configuration are not
> in production or widespread use, or are not officially 
> supported at any
> of the council sites. They reported that no action was necessary.
> 
> References:
> Cisco Security Advisory
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a00806e0bc7.shtml 
> Cisco IPS Home Page
> http://www.cisco.com/en/US/products/sw/secursw/ps2113/index.html 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18955 
> 
> ****************************************************************
> 
> (16) MODERATE: Cisco Router Web Setup Insecure Default Configuration
> 
> Affected:
> Cisco SOHO and 800 series routers running CRWS version 3.3.0 
> (31) or prior.
> 
> Details: Cisco SOHO and 800 series routers ship with Cisco Router Web
> Setup, an easy-to-use web interface for router configuration. The web
> setup interface allows complete control of the router remotely, and
> should be protected by an administrator-defined authentication
> mechanism. The default configuration of the CRWS subsystem 
> does not have
> an authentication method defined. CRWS normally runs on TCP 
> port 80, and
> by default is accessible to all IP addresses. If an attacker were able
> to reach a vulnerable router on port 80 in its default configuration,
> the attacker could take complete control of the vulnerable 
> device. Users
> are advised to enable authentication via the "enable secret" command.
> 
> Status: Cisco confirmed, updates available.
> 
> References:
> Cisco Security Advisory
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a00806e0bc3.shtml 
> SecurityFocus BID
> http://www.securityfocus.com/bid/18953
> 
> ****************************************************************
> ______________________________________________________________________
> 
> 06.28.1 CVE: CVE-2006-1300
> Platform: Windows
> Title: Microsoft ASP.NET Application Folder Information Disclosure
> Description: ASP.NET is a set of tools based on the .NET framework for
> building web applications. ASP.NET is prone to an information
> disclosure vulnerability. The problem occurs because the application
> fails to properly validate URI input. See the advisory for further
> details.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-033.mspx
> ______________________________________________________________________
> 
> 06.28.2 CVE: CVE-2006-1314
> Platform: Windows
> Title: Windows Server Driver Mailslot Remote Heap Buffer Overflow
> Description: Microsoft Windows Server driver provides support for
> various server related tasks. It is vulnerable to a remote heap buffer
> overflow issue relating to its mailslot functionality. See the
> advisory for further details.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx
> ______________________________________________________________________
> 
> 06.28.3 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Server Driver Remote Information Disclosure
> Description: Microsoft Windows Server driver is susceptible to a
> remote information disclosure vulnerability. This issue is due to the
> failure of the driver to properly initialize memory prior to using it.
> See the Microsoft advisory for further details.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx
> ______________________________________________________________________
> 
> 06.28.4 CVE: CVE-2006-3493
> Platform: Microsoft Office
> Title: Office MSO.DLL LsCreateLine() Potential Code Execution
> Description: Microsoft Office is exposed to a potential code execution
> issue. This issue results from a boundary condition error. The issue
> arises when the application handles a specially crafted document
> containing an excessive amount of string values. The document is
> passed to the "LsCreateLine()" function of "mso.dll". Microsoft Office
> XP SP3 and earlier are affected.
> Ref: http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx
> ______________________________________________________________________
> 
> 06.28.5 CVE: CVE-2006-1302
> Platform: Microsoft Office
> Title: Microsoft Excel Selection Record Remote Code Execution
> Description: Microsoft Excel is exposed to a remote code execution
> issue. This is due to a failure to handle exceptional conditions.
> Successfully exploiting this issue allows attackers to execute
> arbitrary code in the context of targeted users. This issue occurs
> when Excel handles specially crafted XLS files containing malformed
> "SELECTION" records.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-037.mspx
> ______________________________________________________________________
> 
> 06.28.6 CVE: CVE-2006-1540
> Platform: Microsoft Office
> Title: Microsoft Office Malformed String Parsing Code Execution
> Description: Microsoft Office is susceptible to a remote code
> execution vulnerability. This issue is exploitable by Excel 2003 files
> containing a Unicode "Sheet Name" string with an invalid size. An
> attacker could also exploit the issue by placing the malicious
> document on the web and enticing victim users into opening it.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-038.mspx
> ______________________________________________________________________
> 
> 06.28.7 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Office String Parsing Remote Code Execution
> Description: Microsoft Office is susceptible to a remote code
> execution issue. This is due to improper handling of malformed strings
> in Office documents. This issue is related to how Office attempts to
> parse the length of records prior to copying them to allocated memory
> buffers. All versions are affected.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-038.mspx
> ______________________________________________________________________
> 
> 06.28.8 CVE:
> CVE-2006-1301,CVE-2006-1302,CVE-2006-1304,CVE-2006-1306,CVE-20
> 06-1308,CVE-2006-1309,CVE-2006-2388,CVE-2006-3059
> Platform: Microsoft Office
> Title: Excel File Rebuilding Remote Code Execution
> Description: Microsoft Excel is vulnerable to a remote code execution
> issue when processing malformed files. See the referenced advisory for
> further details.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-037.mspx
> ______________________________________________________________________
> 
> 06.28.9 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Powerpoint Remote Code Execution Vulnerability
> Description: Microsoft Powerpoint is prone to a remote code execution
> vulnerability. The vulnerability occurs when Powerpoint handles a
> specially malformed PPT file most likely exploiting an issue in the
> "MSO.DLL" library file. Successfully exploiting this issue allows
> attackers to execute arbitrary code in the context of targeted users.
> A malicious trojan named "Trojan.PPDropper.B" is actively exploiting
> this vulnerability.
> Ref: http://secunia.com/advisories/21040/
> ______________________________________________________________________
> 
> 06.28.10 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer HtmlDlgSafeHelper Remote Denial of Service
> Description: Microsoft Internet Explorer is vulnerable to a denial of
> service issue when the browser processes a malicious
> "HtmlDlgSafeHelper" object. Internet Explorer versions 6.0 and 6.0 SP1
> are vulnerable.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-11-htmldlgsafehelp
er-fonts.html
> ______________________________________________________________________
> 
> 06.28.11 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft IIS ASP Remote Code Execution
> Description: Microsoft Internet Information Server (IIS) is
> susceptible to a remote code execution vulnerability. This issue is
> due to a failure of the application to properly bounds check user
> supplied input prior to copying it to an insufficiently sized memory
> buffer. This will allow attackers to execute code with the
> non-administrative "IWAM_%machinename%" or "NetworkService" accounts
> on affected computers.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-034.mspx
> ______________________________________________________________________
> 
> 06.28.12 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer 6 RDS.DataControl Denial of Service
> Description: Microsoft Internet Explorer version 6 is reportedly prone
> to a denial of service vulnerability. This issue is triggered when an
> attacker manipulates the "RDS.DataControl" object to copy a malicious
> URL parameter from javascript. The "SysAllocStringLen" routine in the
> OLE32.dll library will perform an invalid length calculation on the
> data, which will lead to a memory read operation going beyond the
> current memory page. An access violation error and application crash
> will ensue.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html
> ______________________________________________________________________
> 
> 06.28.13 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer Object.Microsoft.DXTFilter Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service issue when the browser processes the
> "Object.Microsoft.DXTFilter" object. Please see the attached advisory
> for details.
> Ref: 
> http://browserfun.blogspot.com/2006/07/mobb-10-objectmicrosoft
dxtfilter.html
> ______________________________________________________________________
> 
> 06.28.14 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Office Property Code Execution
> Description: Microsoft Office is susceptible to a remote code
> execution issue. When malformed files are processed, corruption of
> process memory occurs leading to attacker supplied code execution.
> Please refer to the attached advisory for details.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS06-038.mspx
> ______________________________________________________________________
> 
> 06.28.15 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer TriEditDocument Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. This issue is triggered when an attacker
> convinces a victim user to visit a malicious web site. Specifically,
> the vulnerability presents itself when the browser processes the
> "TriEditDocument" object. See the advisory for further details.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-12-trieditdocument
> -url.html
> ______________________________________________________________________
> 
> 06.28.16 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer RevealTrans Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. This issue is triggered when an attacker
> convinces a victim user to visit a malicious web site. Specifically,
> the vulnerability presents itself when the browser processes the
> "DXImageTransform.Microsoft.RevealTrans" object. See the advisory for
> further details.
> Ref:
> http://browserfun.blogspot.com/2006/07/mobb-13-revealtrans-tra
nsition.html
> ______________________________________________________________________
> 
> 06.28.17 CVE: CVE-2006-1176
> Platform: Third Party Windows Apps
> Title: eBay Enhanced Picture Service ActiveX Remote Buffer Overflow
> Description: eBay Enhanced Picture Service ActiveX control is a
> Microsoft Windows application that allows a seller to upload pictures
> to an auction. It is prone to a buffer overflow vulnerability in the
> "EUPWALcontrol.dll" library of the COM object "EPUIMageControl Class".
> Versions 1.0.3.36 and prior are vulnerable.
> Ref: http://www.securityfocus.com/bid/18921
> ______________________________________________________________________
> 
> 06.28.24 CVE: CVE-2006-3403
> Platform: Cross Platform
> Title: Samba Internal Data Structures Denial of Service
> Description: Samba is freely available file and printer sharing
> software. It is exposed to a denial of service issue due to design of
> internal data structures. The problem occurs when a large number of
> share connection requests are sent by an attacker. This can result in
> excessive memory consumption and an eventual crash of the application.
> Samba versions 3.0.1 through 3.0.22 are affected.
> Ref: https://issues.rpath.com/browse/RPL-496
> ______________________________________________________________________
> 
> 06.28.25 CVE: Not Available
> Platform: Cross Platform
> Title: SIPfoundry SIPXtapi CSeq Processing Remote Buffer Overflow
> Description: SIPfoundry sipXtapi is a client library and software
> development kit (SDK) for SIP based user agents. SIPXtapi is reported
> to be prone to a remote buffer overflow vulnerability. Specifically,
> the issue presents itself when the application handles a specially
> crafted "CSeq" value that is larger than 24 bytes.
> Ref: http://www.securityfocus.com/archive/1/439617
> ______________________________________________________________________
> 
> 
> 06.28.27 CVE: Not Available
> Platform: Cross Platform
> Title: Macromedia Flash Malformed SWF File Multiple Vulnerabilities
> Description: The Macromedia Flash plug-in is susceptible to multiple
> remote vulnerabilities that present themselves when the application
> attempts to handle maliciously malformed SWF files. Version 8.0.24.0
> is reported to be vulnerable.
> Ref: http://www.securityfocus.com/bid/18894
> ______________________________________________________________________
> 
> 06.28.28 CVE: Not Available
> Platform: Cross Platform
> Title: Adobe Acrobat Remote Buffer Overflow
> Description: Adobe Acrobat is a client application for reading,
> navigating, and printing PDF (Portable Document Format) files. Adobe
> Acrobat is affected by a remote buffer overflow vulnerability. This
> issue affects Acrobat 6.0.4 and prior versions.
> Ref: http://www.adobe.com/support/security/bulletins/apsb06-09.html
> ______________________________________________________________________
> 
> 06.28.75 CVE: Not Available
> Platform: Network Device
> Title: Juniper Networks JUNOS IPv6 Packet Processing Remote Denial of
> Service
> Description: Juniper Networks JUNOS is prone to a remote denial of
> service vulnerability that arises when the application is flooded with
> specially crafted IPv6 packets. All versions of JUNOS built prior to
> May 10, 2006 running on M-series, T-series, and J-series routers are
> vulnerable.
> Ref:
> http://www.juniper.net/support/security/alerts/EXT-PSN-2006-06-017.txt
> ______________________________________________________________________
> 
> 
> 06.28.78 CVE: Not Available
> Platform: Network Device
> Title: Cisco Unified CallManager Multiple Remote Vulnerabilities
> Description: Cisco CallManager is the software based call processing
> component of the Cisco IP Telephony solution. It is affected by
> arbitrary command execution and arbitrary file overwrite issues.
> Please refer to the referenced advisory for details.
> Ref: http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml
> ______________________________________________________________________
> 
> 06.28.79 CVE: Not Available
> Platform: Network Device
> Title: Cisco Router Web Setup (CRWS) Authentication Bypass
> Description: Cisco Router Web Setup (CRWS) is a web-based
> administrative interface for configuring Cisco routers. It is prone to
> an authentication bypass vulnerability because it fails to properly
> sanitize user input. Remote attackers are able to gain administrative
> access to affected routers. CRWS versions 3.0.0b21 and earlier are
> reported to be vulnerable.
> Ref:
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a00806e0bc3.shtml#details
> ______________________________________________________________________
> 
> 06.28.80 CVE: Not Available
> Platform: Network Device
> Title: Cisco Intrusion Prevention System Malformed Packet Denial Of
> Service
> Description: Cisco Intrusion Prevention System (IPS/IDS) is a family
> of devices that provide threat prevention services. It is prone to a
> denial of service vulnerability. This issue is due to a failure in the
> application to properly handle malformed IP packets. See the advisory
> for further details.
> Ref:
> http://www.cisco.com/en/US/products/products_security_advisory
> 09186a00806e0bc7.shtml
> ______________________________________________________________________
> 




 




Copyright © Lexa Software, 1996-2009.