>
> *****************************
> Widely Deployed Software
> *****************************
>
> (0) HIGH: Microsoft PowerPoint Remote Code Execution
> Affected:
> Microsoft PowerPoint, possibly all versions
>
> Description: A remote code execution vulnerability, which could either
> be different from the one patched by MS06-048 or a variation
> of it, has
> been reported in Microsoft PowerPoint. The flaw is being exploited by
> some Trojans in the wild. The technical details about the
> vulnerability
> have not been publicly posted yet.
>
> Status: Microsoft has not confirmed, no updates available.
> Users should
> be advised to refrain from opening PowerPoint from unknown sources.
>
> References:
> SANS Handler's Diary Posting by Juha-Matti
> http://isc.sans.org/diary.php?storyid=1618
> Securiteam Blog Posting
> http://blogs.securiteam.com/?p=559
> TrendMicro Malware Information
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VNam
e=TROJ%5FMDROPPER%2EBH&VSect=T
> http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VNam
e=TROJ%5FSMALL%2ECMZ&VSect=T
>
> ****************************************************************
>
> (3) HIGH: Multiple Microsoft Internet Explorer COM Objects
> Instantiation Vulnerabilities
> Affected:
> Microsoft Internet Explorer version 6 and prior
>
> Description: Internet Explorer reportedly contains heap-memory
> corruption vulnerabilities while instantiating certain COM objects as
> ActiveX controls. A specially-crafted web page that instantiates these
> COM objects could trigger the memory corruption, and
> potentially execute
> arbitrary code on a client system. Note that re-usable exploit code to
> leverage these flaws is publicly available. Flaws similar to
> these have
> been widely exploited in the past.
>
> Status: Microsoft has not confirmed, no updates available.
> Users may be
> able to mitigate the impact of these vulnerabilities by disabling the
> components via Microsoft's "killbit" mechanism for the
> following CLSIDs:
> "{6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}",
> "{BE4191FB-59EF-4825-AEFC-109727951E42}",
> "{233A9694-667E-11d1-9DFB-006097D50408}", and
> "{E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}".
>
> Council Site Actions: All of the responding council sites are waiting
> for additional information and a patch from the vendor.
>
> References:
> XSec Security Advisories
> http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
> http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10
> http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9
> http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8
> Microsoft Knowledge Base Article (outlines the "killbit" mechanism)
> http://support.microsoft.com/kb/240797
> SecurityFocus BIDs
> Not yet available.
>
> ****************************************************************
>
> (4) HIGH: Symantec Backup Exec Remote RPC Buffer Overflows
> Affected:
> Veritas Backup Exec versions 9.x
> Veritas Backup Exec Remote Agent for Windows Servers versions 9.x
>
> Description: Veritas Backup Exec, a popular enterprise backup
> solution,
> contains multiple remotely-exploitable RPC buffer overflows.
> By sending
> specially-crafted RPC requests to the vulnerable system, an
> unauthenticated attacker could exploit these overflows and execute
> arbitrary code with the privileges of the Backup Exec
> process. Both the
> Windows backup server and agent are affected. No technical details for
> these vulnerabilities have been publicly posted.
>
> Status: Veritas confirmed, updates available.
>
> Council Site Actions: Only one of the responding council
> sites is using
> the affected software and they are in the process of distributing the
> patch.
>
> References:
> Secunia Security Advisory
> http://archives.neohapsis.com/archives/secunia/2006-q3/0562.html
> Veritas Hotfix Documentation
> http://support.veritas.com/docs/284643
> http://support.veritas.com/docs/284642
> SecurityFocus BID
> http://www.securityfocus.com/bid/19479
>
> ****************************************************************
>
> (5) MODERATE: HP OpenView Storage Data Protector Remote Code Execution
> Affected:
> HP OpenView Storage Data Protector 5.1/5.5
>
> Description: HP OpenView Storage Data Protector, a popular enterprise
> storage management and monitoring solution, contains a remote code
> execution vulnerability. Technical details for this vulnerability have
> not been published, but HP has confirmed that remote, unauthenticated
> users can exploit this vulnerability to execute arbitrary
> code with the
> privileges of the Open View process.
>
> Status: HP confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the council sites. They reported that no action was necessary.
>
> References:
> HP Security Bulletin
> http://archives.neohapsis.com/archives/bugtraq/2006-08/0273.html
> HP Open View Home Page
> http://h20229.www2.hp.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/19495
>
>
> ****************************************************************
>
> (6) LOW: Microsoft Windows SMB Denial-of-Service
> Affected:
> Microsoft Windows 2000 SP4
> Microsoft Windows XP SP1/SP2
> Microsoft Windows Server 2003 SP0/SP1
>
> Description: Microsoft Windows contains a remotely-exploitable
> vulnerability in the SMB service that results in a denial-of-service
> condition. By sending a specially-crafted SMB request to a vulnerable
> system, an attacker can crash a vulnerable system. It is currently
> believed that this vulnerability cannot be used to execute arbitrary
> code. Note that this vulnerability is distinct from the one patched in
> the Microsoft Security Bulletin MS06-035. Technical details
> and a simple
> proof-of-concept for this vulnerability have been publicly posted.
>
> Status: No official Microsoft confirmation, no updates
> available. Users
> are advised to block TCP and UDP ports 445 and 139 at the network
> perimeter.
>
> Council Site Actions: All of the responding council sites are waiting
> on additional information from the vendor and a patch.
>
> References:
> Posting by Gerardo Richarte
> http://archives.neohapsis.com/archives/bugtraq/2006-08/0306.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/19215
>
> **************************************************************
> ***********
> ****************************************************************
>
> ************
> Exploit
> ************
>
> (9) Microsoft Office Visual Basic Remote Code Execution (MS06-047)
>
> References:
> SANS Handler's Diary Posting
> http://www.incidents.org/diary.php?storyid=1609&isc=076a544c6c
22c6b3aec4c35fbc52088b
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=5&i=32#widely12
>
> **************************************************************
> *********
>
> (10) Apache mod_rewrite Remote Buffer Overflow
>
> References:
> Exploit Code
> http://downloads.securityfocus.com/vulnerabilities/exploits/19204.sh
> Previous @RISK Newsletter Posting
> http://www.sans.org/newsletters/risk/display.php?v=5&i=30#widely3
>
> **************************************************************
>
> 06.33.1 CVE: Not Available
> Platform: Windows
> Title: Windows PNG File IHDR Block Denial of Service
> Description: Microsoft Windows is vulnerable to a remote denial of
> service issue. The PNG rendering portion of the operating system fails
> to properly handle malicious PNG files. See the advisory for details.
> Ref: http://www.securityfocus.com/bid/19520
> ______________________________________________________________________
>
> 06.33.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer CHTSKDIC.DLL Denial Of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service vulnerability. This issue occurs because the application fails
> to load a DLL library when instantiated as an ActiveX control. An
> attacker may exploit this issue to crash Internet Explorer.
> Ref: http://www.securityfocus.com/archive/1/443295
> ______________________________________________________________________
>
> 06.33.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer MSOE.DLL Denial of Service
> Description: Microsoft Internet Explorer is affected by a denial of
> service issue when it tries to instantiate the "MSOE.DLL" COM object
> as an ActiveX control. All current versions are affected.
> Ref: http://www.securityfocus.com/bid/19530
> ______________________________________________________________________
>
> 06.33.4 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Internet Explorer IMSKDIC.DLL Denial of Service
> Description: Microsoft Internet Explorer is affected by a denial of
> service issue when it tries to instantiate the "IMSKDIC.DLL" COM
> object as an ActiveX control. All current versions are affected.
> Ref: http://www.securityfocus.com/bid/19521
> ______________________________________________________________________
>
> 06.33.10 CVE: CVE-2006-3634
> Platform: Linux
> Title: Linux Kernel Unspecified Socket Buffer Handling Remote Denial
> of Service
> Description: The Linux kernel is vulnerable to an unspecified remote
> denial of service due to a flaw in the kernel's network socket buffer
> handling code. Linux kernel versions 2.6.17-rc4 to 2.6.18-rc2 are
> vulnerable.
> Ref: http://rhn.redhat.com/errata/RHSA-2006-0575.html
> ______________________________________________________________________
>
> 06.33.18 CVE: Not Available
> Platform: Cross Platform
> Title: IBM WebSphere Application Server Prior to 6.0.2.13 Multiple
> Vulnerabilities
> Description: IBM WebSphere Application Server is a utility designed to
> facilitate the creation of various enterprise web applications. IBM
> WebSphere Application Server is exposed to multiple issues. Please
> refer to the advisory for further details.
> Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012915
> ______________________________________________________________________
>
> 06.33.19 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox XML Handler Race Condition Memory Corruption
> Description: Mozilla Firefox is prone to a remote memory corruption
> vulnerability. This issue is due to a race condition that is triggered
> when XML components are parsed by the application. All versions of
> Firefox and possibly other Mozilla products are reported to be
> vulnerable.
> Ref: http://www.securityfocus.com/bid/19534
> ______________________________________________________________________
>
> 06.33.20 CVE: Not Available
> Platform: Cross Platform
> Title: Anti-Spam SMTP Proxy Server Unauthorized File Access
> Description: Anti-Spam SMTP Proxy Server is an SMTP proxy server that
> implements various filtering techniques to block unsolicited emails.
> Anti-Spam SMTP Proxy Server is prone to an unauthorized file access
> vulnerability because the application fails to validate URL requests.
> In particular an attacker can craft a URL request using the "get?file"
> parameter to gain access to any file residing on the server or a
> mapped drive. Version 1.2.3 is vulnerable to this issue.
> Ref: http://www.securityfocus.com/bid/19545
> ______________________________________________________________________
>
> 06.33.21 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec NetBackup PureDisk Authentication Bypass
> Description: Symantec NetBackup PureDisk is a backup system. It is
> affected by an authentication bypass vulnerability. Version 6.0 is
> affected.
> Ref:
> http://securityresponse.symantec.com/avcenter/security/Content
> /2006.08.16.html
> ______________________________________________________________________
>
> 06.33.22 CVE: Not Available
> Platform: Cross Platform
> Title: IBM WebSphere Application Server 6.1.0 Multiple Vulnerabilities
> Description: IBM WebSphere Application Server is affected by multiple
> vulnerabilities in handling SOAP requests, when using
> ThreadIdentitySupport and in the processing of mbeans. Version 6.1.0
> is affected.
> Ref: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27007951
> ______________________________________________________________________
>
> 06.33.23 CVE: CVE-2006-4134
> Platform: Cross Platform
> Title: SAP Internet Graphics Server Remote Buffer Overflow
> Description: The Internet Graphics Server (IGS) is a subcomponent of
> the SAP R/3 enterprise environment, which is accessible over HTTP via
> a minimalist web server component. IGS is susceptible to a remote
> buffer overflow vulnerability. The problem occurs when a specically
> crafted HTTP request is sent to the vulnerable application. Versions
> 6.4 and 7.0 of the software are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/442840
> ______________________________________________________________________
>
> 06.33.24 CVE: Not Available
> Platform: Cross Platform
> Title: Panda ActiveScan Ascan_6.ASP ActiveX Control Cross-Site
> Scripting
> Description: Panda ActiveScan is an antivirus application, implemented
> as an ActiveX control. It is exposed to a cross-site scripting issue
> due to insufficient sanitization of user-supplied input to the
> "email" parameter of the "ascan_6.asp" script. Panda ActiveScan
> version 5.53.00 is affected.
> Ref: http://www.securityfocus.com/bid/19471
> ______________________________________________________________________
>
> 06.33.25 CVE: Not Available
> Platform: Cross Platform
> Title: Symantec Backup Exec Multiple Heap Overflow Vulnerabilities
> Description: Symantec Backup Exec is a network enabled backup
> solution. It is exposed to multiple heap overflow issues. Please refer
> to the link below for further details.
> Ref: http://www.symantec.com/avcenter/security/Content/2006.08.11.html
> ______________________________________________________________________
>
> 06.33.26 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox JavaScript Handler Race Condition Memory
> Corruption
> Description: Mozilla Firefox is vulnerable to a remote memory
> corruption issue when JavaScript timers or other browser events
> interrupt browser components while they are running. Freed memory
> structures are not left in an expected state. Mozilla Firefox versions
> 1.5 beta 2 and earlier are vulnerable.
> Ref: http://www.securityfocus.com/archive/1/443020
> ______________________________________________________________________
>
> 06.33.27 CVE: Not Available
> Platform: Cross Platform
> Title: Opera Web Browser IRC Chat Client Remote Denial of Service
> Description: Opera Web Browser IRC chat client is prone to a remote
> denial of service vulnerability. This issue arises when the client
> receives malicious data from a server. This issue affects Opera Web
> Browser 9.
> Ref: http://www.securityfocus.com/bid/19491
> ______________________________________________________________________
>
> 06.33.28 CVE: Not Available
> Platform: Cross Platform
> Title: HP OpenView Storage Data Protector Backup Agent Remote
> Arbitrary Command Execution
> Description: HP OpenView Storage Data Protector is a commercial
> data-management product for backup and recovery. The client side agent
> is prone to an arbitrary command-execution vulnerability, due to
> insufficient input-validation and weak authentication mechanisms in
> the proprietary OpenView Data Protector protocol. Versions 5.5 and 5.1
> are reported as vulnerable.
> Ref: http://www.niscc.gov.uk/niscc/docs/br-20060811-00550.html
> ______________________________________________________________________
>
> 06.33.71 CVE: CVE-2006-0797
> Platform: Hardware
> Title: Nokia Browser HTML Denial of Service
> Description: Nokia Browser is a web-browser application for phones,
> PDAs and other mobile devices manufactured by Nokia. It is prone to a
> denial of service vulnerability when handling malicious HTML files. In
> particular this issue occurs when attempting to process a malicious
> JavaScript function embedded in a HTML file. The function includes a
> variable being filled with excessive amounts of Unicode characters
> until it is large enough to trigger the vulnerability.
> Ref: http://www.securityfocus.com/archive/1/442990