> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Microsoft Excel Multiple Vulnerabilities (MS07-036)
> Affected:
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office System 2007
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Excel contains multiple flaws in its
> handling of
> Excel spreadsheet files. A spreadsheet file containing a specially
> crafted Excel version code, number of active worksheets, or workspace
> information could exploit one of these flaws. Successfully exploiting
> one of these flaws would allow an attacker to execute arbitrary code
> with the privileges of the current user. Note that, on recent versions
> of Excel, spreadsheet documents are not opened without
> confirmation. At
> least one proof-of-concept is publicly available for one of these
> vulnerabilities.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites plan to
> distribute the updates during their next regularly scheduled system
> maintenance cycle.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/ms07-036.mspx
> Proof of Concept
> http://securityvulns.com/files/example.xls
> ISC Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=3120
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/24803
> http://www.securityfocus.com/bid/24801
> http://www.securityfocus.com/bid/22555
>
> **************************************************************
> ***********
>
> (2) CRITICAL: Microsoft .NET Framework Multiple
> Vulnerabilities (MS07-040)
> Affected:
> Microsoft .NET Framework versions 1.0, 1.1, and 2.0
>
> Description: The Microsoft .NET framework contains multiple
> vulnerabilities in its handling of .NET executables. .NET executables
> are programs executed by the .NET framework. A specially crafted
> executable could exploit flaws in the framework's Just In
> Time compiler
> (JIT) or in its Portable Executable (PE) loader. Successfully
> exploiting
> these vulnerabilities would allow an attacker to execute
> arbitrary code
> with the privileges of the current user. Note that, depending on
> configuration, certain .NET executables may run without first
> prompting
> the user. An additional information disclosure vulnerability
> in ASP.NET
> is also addressed by this bulletin.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites plan to
> distribute the updates during their next regularly scheduled system
> maintenance cycle.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-040.mspx
> ISC Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=3120
> SecurityFocus BID
> http://www.securityfocus.com/bid/24811
> http://www.securityfocus.com/bid/24778
>
> **************************************************************
> ***********
>
> (3) HIGH: Microsoft Windows Active Directory LDAP Remote Code
> Execution
> Vulnerability (MS07-039)
>
> Affected:
> Microsoft Windows 2000 Server
> Microsoft Windows Server 2003
>
> Description: Microsoft Active Directory contains a flaw in
> its handling
> of Lightweight Directory Access Protocol (LDAP) requests. A specially
> crafted LDAP request containing an inaccurate number of convertible
> attributes could trigger this vulnerability. Successfully exploiting
> this vulnerability would allow an attacker to execute arbitrary code
> with the privileges of the vulnerable process (usually SYSTEM). Note
> that on Windows Server 2003, an attacker would first need valid
> authentication credentials before exploiting this
> vulnerability; Windows
> 2000 does not require authentication. An additional denial-of-service
> vulnerability is also addressed by this security bulletin.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites plan to
> distribute the updates during their next regularly scheduled system
> maintenance cycle.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/ms07-039.mspx
> ISC Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=3120
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/24800
> http://www.securityfocus.com/bid/24796
>
> **************************************************************
> ***********
>
> (4) HIGH: Adobe Flash Player Remote Code Execution
> Affected:
> Adobe Flash Player versions 9.045 and earlier
>
> Description: Adobe Flash Player, a player for the Flash file
> format used
> to deliver interactive content in web pages, presentations, and other
> contexts, contains an input validation error. A specially
> crafted Flash
> file could trigger this error, allowing an attacker to
> execute arbitrary
> code with the privileges of the current user. Note that Flash content
> is often played automatically when loading a web page. Adobe Flash
> Player is installed by default on Microsoft Windows, Apple
> Mac OS X, and
> some distributions of Linux. An information disclosure
> vulnerability was
> also addressed by this update.
>
> Status: Adobe confirmed, updates available.
>
> Council Site Actions: Adobe Flash is not supported at most council
> sites, but they plan to address as needed in their next regularly
> scheduled maintenance cycle.
>
> References:
> Adobe Security Advisory
> http://www.adobe.com/support/security/bulletins/apsb07-12.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/23437
> http://www.securityfocus.com/bid/24856
>
> **************************************************************
> ***********
>
> (5) HIGH: Multiple Vendor Progress Server Buffer Overflow
> Affected:
> Progress Server version 9.1E
> Other products using the Progress Server software, including:
> RSA Authentication Manager versions 6.0 and 6.1
> RSA ACE/Server version 5.2
> RSA SecurID Appliance version 2.0
>
> Description: Progress Server is an enterprise development
> platform used
> in a variety of software, including RSA security and authentication
> products. A flaw in its handling of input can lead to a
> buffer overflow
> condition. An attacker sending an overlong string to the "mprosrv.exe"
> process could trigger this buffer overflow and execute arbitrary code
> with the privileges of the vulnerable process. Full technical details
> for this vulnerability are publicly available.
>
> Status: Progress confirmed, updates available. RSA has also confirmed,
> and made updates available.
>
> Council Site Actions: Only one of the reporting council sites
> is acting
> on this vulnerability. They are investigating to determine if
> they have
> exposure from RSA products on UNIX platforms.
>
> References:
> TippingPoint DVLabs Security Advisory
> http://dvlabs.tippingpoint.com/advisory/TPTI-07-12
> Progress Software Home Page
> http://www.progress.com
> RSA Security Home Page
> http://www.rsasecurity.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/24675
>
> **************************************************************
> ***********
>
> (6) HIGH: Cisco Unified Communications Manager Multiple
> Buffer Overflows
> Affected:
> Cisco Unified CallManager version 4.1, 4.2, 4.3, and 4.0
> Cisco Unified Communications Manager versions 4.3 and 5.1
>
> Description: Cisco Unified CallManager and Cisco Unified
> Communications
> Manager, used to handle Voice-over-IP (VoIP) and other communications,
> contain multiple buffer overflow vulnerabilities. Specially crafted
> requests to the software could trigger a buffer overflow in the
> "CTLProvider.exe" or "RisDC.exe" components. Successfully exploiting
> these buffer overflows would allow an attacker to execute
> arbitrary code
> with the privileges of the vulnerable process and potentially obtain
> complete control of the affected system. Note that these
> vulnerabilities
> could lead to a loss or disruption of telephone service on VoIP
> networks.
>
> Status: Cisco confirmed, updates available.
>
> Council Site Actions: Only one of the reporting council sites is using
> the affected software and they plan to distribute the updates during
> their next regularly scheduled system maintenance cycle.
>
> References:
> Cisco Security Advisory
> http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
> IBM Internet Security Systems Advisories
> http://www.iss.net/threats/270.html
> http://www.iss.net/threats/271.html
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/24867
> http://www.securityfocus.com/bid/24868
>
> **************************************************************
> ***********
>
> (7) HIGH: Symantec AntiVirus Engine CAB and RAR Parsing
> Buffer Overflows
> Affected:
> Symantec AntiVirus Engine
>
> Description: Products using the Symantec AntiVirus engine are
> vulnerable
> to multiple buffer overflows when parsing CAB ("cabinet") and RAR
> archive files. These archive file formats are widely used to
> distribute
> applications, updates, documents, and other software. A specially
> crafted CAB or RAR archive could trigger a buffer overflow in the
> antivirus engine, allowing an attacker to execute arbitrary code with
> the privileges of the vulnerable process. Note that these
> files need not
> be explicitly downloaded or opened in some cases; when the antivirus
> engine is used to scan email, for example, simply sending an
> email that
> transits a vulnerable server is sufficient for exploitation.
>
> Status: Symantec confirmed, updates available.
>
> Council Site Actions: Only one of the reporting council sites is using
> the affected software and they plan to distribute the updates during
> their next regularly scheduled system maintenance cycle.
>
> References:
> Zero Day Initiative Advisories
> http://zerodayinitiative.com/advisories/ZDI-07-039.html
> http://zerodayinitiative.com/advisories/ZDI-07-040.html
> Wikipedia Articles on CAB and RAR Archives
> http://en.wikipedia.org/wiki/Cabinet_%28file_type%29
> http://en.wikipedia.org/wiki/RAR
> SecurityFocus BID
> http://www.securityfocus.com/bid/24282
>
> **************************************************************
> ***********
>
> (8) HIGH: McAfee Common Management Agent Multiple Vulnerabilities
> Affected:
> McAfee Common Management Agent versions prior to 3.6.546
> McAfee ePolicy Orchestrator version 3.6.1 and prior
> McAfee ProtectionPilot versions 1.5 and 1.1.1
>
> Description: The McAfee Common Management Agent, used in a variety of
> McAfee products to handle system management and maintenance, contains
> multiple memory corruption vulnerabilities. A specially
> crafted request
> to any product using the agent could trigger one of these
> vulnerabilities, allowing an attacker to execute arbitrary
> code with the
> privileges of the vulnerable process (usually SYSTEM).
>
> Status:
>
> Council Site Actions: Only one of the reporting council sites is using
> the affected software and they plan to distribute the updates during
> their next regularly scheduled system maintenance cycle.
>
> References:
> McAfee Security Advisories
> https://knowledge.mcafee.com/article/764/613367_f.SAL_Public.html
> https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html
> https://knowledge.mcafee.com/article/762/613365_f.SAL_Public.html
> https://knowledge.mcafee.com/article/761/613364_f.SAL_Public.html
> Product Home Pages
> http://www.mcafee.com/us/smb/products/management_solutions/pro
> tection_pilot.html
> http://www.mcafee.com/us/enterprise/products/system_security_m
> anagement/epolicy_orchestrator.html
> IBM Internet Security Systems Advisory
> http://www.iss.net/threats/269.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/24863
>
> **************************************************************
> ***********
>
> (9) HIGH: Apple QuickTime Multiple Vulnerabilities
> Affected:
> Apple QuickTime versions prior to 7.2
>
> Description: Apple QuickTime, Apple's framework for streaming media,
> contains multiple vulnerabilities ranging from remote code
> execution to
> information disclosure. A specially crafted movie file, Synchronized
> Multimedia Integration Language (SMIL file, or website could trigger a
> memory corruption, integer overflow, or design flaw and allow an
> attacker to execute arbitrary code with the privileges of the current
> user. Note that, in many cases, QuickTime movies play without further
> prompting. For some vulnerabilities, a user would need to visit a
> malicious web site to be compromised. An information disclosure
> vulnerability was also addressed by this security update. Note that
> QuickTime on both Apple Mac OS X and Microsoft Windows is affected.
>
> Description: Apple confirmed, updates available.
>
> Status:
>
> Council Site Actions: Only one of the reporting council sites is using
> the affected software and they plan to distribute the updates during
> their next regularly scheduled system maintenance cycle.
>
> References:
> Apple Security Update
> http://docs.info.apple.com/article.html?artnum=305947
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=556
> Security-Protocols Advisories
> http://security-protocols.com/sp-x46-advisory.php
> http://security-protocols.com/sp-x45-advisory.php
> Wikipedia Article on SMIL
> http://en.wikipedia.org/wiki/Synchronized_Multimedia_Integrati
> on_Language
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/24873
> http://www.securityfocus.com/bid/23652
> http://www.securityfocus.com/bid/23650
>
> **************************************************************
> ***********
>
> (10) HIGH: Sun Java Runtime and Development Kit XSLT Remote
> Code Execution
> Affected:
> Sun Java Development Kit versions 6 Update 1 and prior
> Sun Java Runtime Environment versions 6 Update 1 and prior
> Sun Java System Web Server version 7.0
> Sun Java System Application Server
>
> Description: The Sun Java Runtime Environment (JRE) and Java
> Development
> Kit (JDK) contain flaws in their handling of Extensible Stylesheet
> Language Transformations (XSLT) documents. A specially crafted XSLT
> stylesheet contained inside an XML signature could trigger this
> vulnerability and allow an attacker to execute arbitrary code with the
> privileges of the process that opened the XSLT stylesheet. Technical
> details are available for this vulnerability.
>
> Status: Sun confirmed, updates available.
>
> Council Site Actions: Some of the reporting council sites are
> investigating if they have exposure from this vulnerability.
> No action
> has been determined at this point in time.
>
> References:
> Sun Security Advisory
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1
> iSEC Security Partners Advisory
> http://www.isecpartners.com/advisories/2007-04-dsig.txt
> Whitepaper by Bradley W. Hill
> http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf
> Wikipedia Article on XSLT
> http://en.wikipedia.org/wiki/XSLT
> SecurityFocus BID
> http://www.securityfocus.com/bid/24850
>
> **************************************************************
> ***********
>
> (11) MODERATE: Microsoft Publisher Invalid Memory Reference (MS07-037)
> Affected:
> Microsoft Office System 2007
>
> Description: Microsoft Publisher contains a flaw in the way it handles
> Publisher files. A specially crafted Publisher file could trigger this
> flaw, causing an invalid memory reference in Publisher. Successfully
> exploiting this flaw would allow an attacker to execute arbitrary code
> with the privileges of the current user. Note that the
> affected version
> of Publisher does not open files without first prompting the
> user. Some
> technical information is available for this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: Only one of the reporting council
> sites is using
> the affected software and they plan to distribute the updates during
> their next regularly scheduled system maintenance cycle.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/ms07-037.mspx
> eEye Digital Security Advisory
> http://research.eeye.com/html/advisories/published/AD20070710.html
> ISC Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=3120
> SecurityFocus BID
> http://www.securityfocus.com/bid/22702
>
> **************************************************************
> ***********
>
> (12) MODERATE: Microsoft Internet Information Services Buffer
> Overflow (MS07-041)
> Affected:
> Microsoft Internet Information Services 5.1 on Microsoft Windows XP
>
> Description: Microsoft Internet Information Services (IIS) contains a
> buffer overflow vulnerability when used on Microsoft Windows XP. By
> sending a specially crafted URL to an IIS server, an attacker could
> trigger this buffer overflow and execute arbitrary code with the
> privileges of the vulnerable process. Note that only IIS installations
> on Microsoft Windows XP are vulnerable. Full technical details and a
> proof-of-concept are available for this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All of the reporting council sites plan to
> distribute the updates during their next regularly scheduled system
> maintenance cycle.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-041.mspx
> Posting by Inge Henrisksen
> http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote
> -dos-dll-url.html
> Proof of Concept
> http://downloads.securityfocus.com/vulnerabilities/exploits/II
> S_Mal_URI_Dos.cpp
> ISC Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=3120
> SecurityFocus BID
> http://www.securityfocus.com/bid/15921
>
> **************************************************************
> ***********
>
> (14) LOW: Microsoft Teredo Firewall Bypass Vulnerability (MS07-038)
> Affected:
> Microsoft Windows Vista
>
> Description: Microsoft Teredo is a technology designed to ease the
> migration of Windows systems to networks using IPv6. This technology
> allows IPv6 traffic to be sent to a host connected to an IPv4 network.
> By persuading a user to click on a link containing a Teredo
> address, an
> attacker could cause the Teredo subsystem on a victim's machine to
> become active. When in this active state, an attacker could determine
> the firewall rules in effect on a victim's machine, determine if the
> victim's machine is present on the network, or potentially bypass
> certain firewall rules.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: The affected software and/or
> configuration are not
> in production or widespread use, or are not officially
> supported at any
> of the responding council sites. They reported that no action was
> necessary.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/ms07-038.mspx
> Symantec Security Advisory
> http://www.securityfocus.com/archive/1/473294
> ISC Handler's Diary Entry
> http://isc.sans.org/diary.html?storyid=3120
> Wikipedia Article on Microsoft Teredo
> http://en.wikipedia.org/wiki/Teredo_tunneling
> SecurityFocus BID
> http://www.securityfocus.com/bid/24779
>
> ****************************************************************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
>
> Week 29, 2007
>
> 07.29.1 CVE: CVE-2007-3038
> Platform: Windows
> Title: Microsoft Windows Vista Teredo Interface Firewall Bypass
> Description: Windows Firewall for Windows Vista is the firewall
> solution shipped as part of the Microsoft Vista operating system. It
> is enabled by default. Teredo is an IPv4-to-IPv6 transition mechanism
> for IPv6-capable hosts that are located behind an IPv4 NAT. The
> software is exposed to an issue that may permit a bypass of existing
> firewall rules because the firewall fails to properly enforce rules
> when accepting traffic through the Teredo interface.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-038.mspx
> ______________________________________________________________________
>
> 07.29.2 CVE: CVE-2007-3028
> Platform: Windows
> Title: Microsoft Windows Active Directory LDAP Request Validation
> Remote Denial of Service
> Description: Lightweight Directory Access Protocol (LDAP) is a
> protocol that allows authorized users to view or update data in a meta
> directory. Microsoft Windows is exposed to a remote denial of service
> issue because Microsoft Active Directory fails to handle specially
> crafted LDAP requests.
> Ref: http://www.microsoft.com/technet/security/bulletin/ms07-039.mspx
> ______________________________________________________________________
>
> 07.29.3 CVE: CVE-2007-0040
> Platform: Windows
> Title: Microsoft Windows Active Directory LDAP Request Validation
> Remote Code Execution
> Description: Lightweight Directory Access Protocol (LDAP) is a
> protocol that allows authorized users to view or update data in a meta
> directory. Microsoft Windows is exposed to a remote code execution
> issue because Microsoft Active Directory fails to handle specially
> crafted LDAP requests.
> Ref: http://www.kb.cert.org/vuls/id/487905
> ______________________________________________________________________
>
> 07.29.4 CVE: CVE-2007-1756
> Platform: Microsoft Office
> Title: Microsoft Excel Version Information Validation Remote Code
> Execution
> Description: Microsoft Excel is a spreadsheet application that is part
> of the Microsoft Office suite. Excel is exposed to a remote code
> execution issue when parsing malformed Excel files. The issue stems
> from an unspecified calculation error related to how the application
> validates version information parsed from the beginning of the
> malformed file.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx
> ______________________________________________________________________
>
> 07.29.5 CVE: CVE-2007-3030
> Platform: Microsoft Office
> Title: Microsoft Excel Workspace Designation Remote Code Execution
> Description: Microsoft Excel is a spreadsheet application that is part
> of the Microsoft Office suite. Excel is exposed to a remote code
> execution issue when parsing a malformed Excel file. The issue is due
> to a validation error of certain file attributes data associated with
> workspace information.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx
> ______________________________________________________________________
>
> 07.29.6 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Excel Unspecified Security
> Description: Microsoft Excel is exposed to an unspecified security
> issue. Please refer to the link below for further information.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-036.mspx
> ______________________________________________________________________
>
> 07.29.7 CVE: CVE-2007-0043
> Platform: Other Microsoft Products
> Title: Microsoft .NET Framework JIT Compiler Remote Buffer Overflow
> Description: Microsoft .NET Framework is exposed to a remote buffer
> overflow issue because it fails to perform adequate boundary checks on
> user-supplied data.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
> ______________________________________________________________________
>
> 07.29.8 CVE: CVE-2007-0041
> Platform: Other Microsoft Products
> Title: Microsoft .NET Framework PE Loader Remote Buffer Overflow
> Description: Microsoft .NET Framework is exposed to a remote buffer
> overflow issue because it fails to perform adequate boundary checks on
> user-supplied data.
> Ref: http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
> ______________________________________________________________________
>
> 07.29.9 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer FirefoxURL Protocol Handler Command
> Injection
> Description: Microsoft Internet Explorer is prone to a protocol
> handler command injection issue that allows remote attackers to pass
> and execute arbitrary commands and arguments through the "firefox.exe"
> process.
> Ref: http://www.securityfocus.com/bid/24837
> ______________________________________________________________________
>
>
> 07.29.12 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Symantec AntiVirus Malformed CAB and RAR Compression Remote
> Vulnerabilities
> Description: Symantec AntiVirus is an antivirus scan engine
> implemented in numerous antivirus products from Symantec, including
> Norton AntiVirus, Mail Security, Web Security, and others. Symantec
> AntiVirus supports standard file scanning and realtime file scanning.
> The application is exposed to multiple remote issues affecting the
> Symantec Decomposer component.
> Ref:
> http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
> ______________________________________________________________________
>
> 07.29.15 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Symantec Client Security Internet E-mail Auto-Protect Stack
> Overflow
> Description: Symantec Client Security is a security application to
> protect computers from malware and provide vulnerability reporting.
> The application is exposed to a stack buffer overflow issue that
> occurs because the application fails to properly bounds check
> user-supplied data before copying it into an insufficiently sized
> memory buffer.
> Ref:
> http://www.symantec.com/avcenter/security/Content/2007.07.11b.html
> ______________________________________________________________________
>
> 07.29.16 CVE: CVE-2006-5271, CVE-2006-5272, CVE-2006-5273,
> CVE-2006-5274
> Platform: Third Party Windows Apps
> Title: McAfee Common Management Agent (CMA) Multiple Memory Corruption
> Vulnerabilities
> Description: McAfee Common Management Agent (CMA) is a
> management-related component included with various other McAfee
> products. The application is exposed to mutiple memory-corruption
> issues. It fails to properly bounds check user-supplied data in
> several instances before copying it into insufficiently sized memory
> buffers.
> Ref: https://knowledge.mcafee.com/article/763/613366_f.SAL_Public.html
> ______________________________________________________________________
>
> 07.29.25 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: WinPcap NPF.SYS BIOCGSTATS Parameters Local Privilege
> Escalation
> Description: WinPcap provides real time link level network access on
> Windows based operating systems. The application is exposed to a local
> privilege escalation issue because the software allows malicious users
> to pass malicious Interrupt Request Packet (IRP) parameters to IOCTL
> 9031 (otherwise known as BIOCGSTATS) in the "NPF.SYS" file. WinPcap
> version 4.0 is affected.
> Ref: http://www.securityfocus.com/archive/1/473223
> ______________________________________________________________________
>
> 07.29.32 CVE: Not Available
> Platform: Linux
> Title: policyd W_Read Function Remote Buffer Overflow
> Description: policyd is a policy daemon for Postfix. The application
> is exposed to a remote buffer overflow issue because the application
> fails to properly check boundaries on user-supplied data before using
> it in a finite-sized buffer. policyd versions prior to 1.81 are
> affected.
> Ref: http://www.securityfocus.com/bid/24899
> ______________________________________________________________________
>
> 07.29.34 CVE: CVE-2005-1924, CVE-2005-4169
> Platform: Linux
> Title: SquirrelMail G/PGP Encryption Plug-in Multiple Remote Command
> Execution Vulnerabilities
> Description: The G/PGP encryption plugin for SquirrelMail provides
> encryption, decryption, and digital-signature support within the
> SquirrelMail webmail system. Three separate shell command injection
> issues and one local file include issue are present in various
> versions of the affected plugin. One issue has been addressed in
> version 2.1, but the others are still unfixed.
> Ref: http://www.securityfocus.com/bid/24874
> ______________________________________________________________________
>
> 07.29.38 CVE: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645
> Platform: Unix
> Title: FreeBSD LibArchive Multiple Remote Vulnerabilities
> Description: The "libarchive" library is FreeBSD's interface library
> for reading and writing streaming archive files (e.g. "tar" and
> "cpio"). The application is exposed to multiple issues because the
> library fails to properly handle malformed TAR and PAX archives.
> FreeBSD versions 5.3 and later (up until releases made after 12 July
> 2007) are affected.
> Ref: http://www.securityfocus.com/bid/24885
>
> 07.29.41 CVE: CVE-2007-2392, CVE-2007-2393, CVE-2007-2394,
> CVE-2007-2396, CVE-2007-2397, CVE-2007-2402
> Platform: Cross Platform
> Title: Apple Quicktime Information Disclosure and Multiple Code
> Execution Vulnerabilities
> Description: Apple QuickTime is exposed to an information disclosure
> issue and multiple remote code execution issues. The
> information disclosure
> issue affects Quicktime for Java. This issue may allow an
> attacker to capture a user's screen content.
> Ref:
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=556
> ______________________________________________________________________
>
> 07.29.42 CVE: Not Available
> Platform: Cross Platform
> Title: Cisco Unified Communications Manager and Presence Server
> Unauthorized Access Vulnerabilities
> Description: Cisco Unified Communications Manager and
> Presence Server are
> exposed to multiple unauthorized access issues. An attacker with
> administrative access can activate and terminate CUCM / CUPS
> system services
> and access SNMP configuration information
> Ref: http://www.securityfocus.com/archive/1/473379
> ______________________________________________________________________
>
> 07.29.43 CVE: Not Available
> Platform: Cross Platform
> Title: Cisco Unified Communications Manager Multiple Heap Buffer
> Overflow Vulnerabilities
> Description: Cisco Unified Communications Manager (CUCM) is the call
> processing component of the Cisco IP telephony solution. CUCM is
> exposed to multiple heap-based buffer overflow issues because the
> application fails to bounds check user-supplied data before copying it
> into an insufficiently sized memory buffer.
> Ref: http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
> ______________________________________________________________________
>
> 07.29.44 CVE: Not Available
> Platform: Cross Platform
> Title: Multiple Vendors RAR Handling Remote Null Pointer Dereference
> Description: The "RAR" and "UnRAR" utilities are used to compress and
> decompress files in the RAR file format. ClamAV is an antivirus
> application for Microsoft Windows and UNIX-like operating systems.
> ClamAV uses UnRAR to decompress RAR archives before scanning. Multiple
> applications using RAR are exposed to a NULL-pointer dereference issue
> that occurs in the RAR AV filters when processing a malformed RAR
> file. ClamAV versions prior to 0.91 and "UnRAR" version 3.70 is
> affected.
> Ref: http://www.securityfocus.com/archive/1/473371
> ______________________________________________________________________
>
> 07.29.49 CVE: Not Available
> Platform: Cross Platform
> Title: CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
> Description: CenterICQ is an instant-messaging application that
> supports ICQ2000, Yahoo!, AIM, IRC, MSN, Gadu-Gadu and Jabber
> protocols. It is available for Microsoft Windows, Unix, Linux, and
> other Unix-like operating systems. The application is exposed to
> multiple buffer overflow issues that occur because the application
> fails to bounds check user-supplied data before copying it into an
> insufficiently sized buffer.
> Ref: http://www.securityfocus.com/bid/24854
> ______________________________________________________________________
>
> 07.29.51 CVE: Not Available
> Platform: Cross Platform
> Title: Sun Java System Server XSLT Processing Remote Java Method
> Execution
> Description: Sun Java System Web Server is an application for serving
> and managing web applications. The application is exposed to an
> arbitrary Java method execution issue due to a failure of the
> application to securely process XSLT stylesheets.
> Ref:
> http://sunsolve.sun.com/search/document.do?assetkey=1-26-10299
> 2-1&searchclause=
> ______________________________________________________________________
>
> 07.29.52 CVE: CVE-2007-3456
> Platform: Cross Platform
> Title: Adobe Flash Player SWF File Handling Remote Code Execution
> Description: Adobe Flash Player is a multimedia application for
> Microsoft Windows, Mozilla and Apple technologies. The application is
> exposed to a remote code execution issue because it fails to properly
> sanitize user-supplied input. Adobe Flash Player versions 9.0.45.0 and
> earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.
> Ref: http://www.adobe.com/support/security/bulletins/apsb07-12.html
>
> 07.29.54 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass
> Description: Mozilla Firefox is a browser available for multiple
> operating systems. The application is exposed to a cache zone bypass
> issue due to a failure of the application to properly block remote
> access to special internally generated URIs containing cached data.
> Ref: http://www.securityfocus.com/bid/24831
> ______________________________________________________________________
>
> 07.29.56 CVE: Not Available
> Platform: Cross Platform
> Title: SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified
> Remote Command Execution Vulnerabilities
> Description: The G/PGP encryption plugin for SquirrelMail provides
> encryption, decryption, and digital-signature support within the
> SquirrelMail webmail system. SquirrelMail G/PGP Encryption Plugin
> version 2.1 is affected.
> Ref: http://www.securityfocus.com/bid/24828
> ______________________________________________________________________
>
> 07.29.58 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Multiple Popup Tabs Denial of Service
> Description: Firefox is exposed to a remote denial of service issue.
> The issue occurs when processing a popup window with an excessively
> large amount of tabs in it. The application fails to handle this
> condition and crashes. Firefox version 2.0.0.4 is affected.
> Ref: http://www.securityfocus.com/archive/1/473187
> ______________________________________________________________________
>
> 07.29.88 CVE: Not Available
> Platform: Web Application
> Title: Sun Java Runtime Environment WebStart JNLP File Stack Buffer
> Overflow
> Description: Webstart is an application used by Sun Java Runtime
> Environment for managing and downloading Java applications. The
> application is exposed to a stack-based buffer overflow issue because
> it fails to adequately bounds check user-supplied data before copying
> it into an insufficiently sized buffer. Java Runtime Environment 6
> update 1 and Java Runtime Environment 5 update 11 are affected.
> Ref:
> http://research.eeye.com/html/advisories/published/AD20070705.html
> ______________________________________________________________________
>
> 07.29.91 CVE: Not Available
> Platform: Network Device
> Title: TippingPoint IPS Fragmented Packets Detection Bypass
> Description: TippingPoint Intrusion Prevention System (IPS) appliances
> provide network security by inspecting and filtering traffic. The
> application is exposed to a detection bypass issue because the
> appliance fails to properly handle fragmented packets.
> Ref: http://www.3com.com/securityalert/alerts/3COM-07-002.html
> ______________________________________________________________________
>
> 07.29.92 CVE: Not Available
> Platform: Network Device
> Title: IBM Proventia Sensor Appliance Multiple Input Validation
> Vulnerabilities
> Description: The IBM Proventia Sensor Appliance is a hardware based
> intrusion prevention and detection system. The device is exposed to
> multiple input validation issues because it fails to sufficiently
> sanitize user-supplied data. IBM Proventia Sensor Appliance CX5108 and
> GX5008 are affected.
> Ref: http://www.sybsecurity.com/hack-proventia-1.pdf
> ______________________________________________________________________
>
> 07.29.93 CVE: Not Available
> Platform: Network Device
> Title: TippingPoint IPS Unicode Character Detection Bypass
> Description: TippingPoint Intrusion Prevention System (IPS) appliances
> provide network security by inspecting and filtering traffic. The
> application is exposed to a detection bypass issue because the
> appliance fails to properly handle Unicode characters.
> Ref: http://www.securityfocus.com/archive/1/473311
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>