ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 39



>
> **************************************************************
> *****************
>
> (3) HIGH: OpenOffice.org TIFF Image Parsing Integer Overflow
> Affected:
> OpenOffice.org versions prior to 2.3
>
> Description: OpenOffice.org is a popular cross-platform  open source
> office suite. OpenOffice.org fails to properly handle certain
> malformed
> Tagged Image File Format (TIFF) image files. A specially crafted TIFF
> image file could lead to an integer overflow. Successfully exploiting
> this overflow could lead to arbitrary code execution with the
> privileges
> of the current user. Note that this vulnerability may be exploited by
> image files embedded in other documents; such documents may be opened
> in OpenOffice.org without first prompting the user. OpenOffice.org is
> installed by default on many Unix, Unix-like, and Linux operating
> systems, and is commonly installed on Microsoft Windows systems.
> Technical details for this vulnerability are available via source code
> analysis.
>
> Status: OpenOffice.org confirmed, updates available.
>
> References:
> OpenOffice.org Security Advisory
> http://www.openoffice.org/security/cves/CVE-2007-2834.html
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=593
> Product Home Page
> http://www.openoffice.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/25690
>
> **************************************************************
> *****************
>
> (4) HIGH: Sun Java Web Start ActiveX Control Buffer Overflow
> Affected:
> Sun Java Runtime Environment versions 1.6.0 and prior
>
> Description: Sun Java Web Start is a method of distributing Java-based
> applications via the web. Facilities for using Web Start are included
> in the Sun Java Runtime Environment. On Microsoft Windows, these
> facilities include an ActiveX control. This ActiveX control contains a
> buffer overflow in its "dnsResolve" method. A specially
> crafted web page
> that instantiates this control could exploit this vulnerability to
> execute arbitrary code with the privileges of the current
> user. The Sun
> Java Runtime Environment is very often installed on Microsoft Windows
> systems. A proof-of-concept for this vulnerability is publicly
> available.
>
> Status: Sun has not confirmed, no updates available. Users
> can partially
> mitigate the impact of this vulnerability by disabling the vulnerable
> control via Microsoft's "kil lbit" mechanism for CLSID
> "5852F5ED-8BF4-11D4-A245-0080C6F74284". Note that this will disable
> normal application functionality.
>
> References:
> Proof-of-Concept
> http://downloads.securityfocus.com/vulnerabilities/exploits/25734.html
> Microsoft Knowledge Base Article (details the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> Product Home Page
> http://java.sun.com/products/javawebstart/
> SecurityFocus BID
> http://www.securityfocus.com/bid/25734
>
> **************************************************************
> *****************
>
> (5) MODERATE: Adobe Acrobat PDF Reader Undisclosed Vulnerability
> Affected:
> Adobe Acrobat PDF Reader
>
> Description: Adobe Acrobat PDF Reader, the most common
> Portable Document
> Format (PDF) reader application, contains an undisclosed code
> execution
> vulnerability. A specially crafted PDF document could exploit this
> vulnerability to execute arbitrary code with the privileges of the
> current user. PDF documents are generally opened without further
> prompting. Adobe has confirmed the existence of this
> vulnerability, and
> a proof-of-concept is present in the wild.
>
> Status: Adobe confirmed, no updates available.
>
> References:
> Blog Posting on GNUCITIZEN
> http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
> Proof-of-Concept Demonstration Video
> http://www.youtube.com/watch?v=R_mv49Sdeok
> PC World Article
> http://www.pcworld.com/article/id,137456-c,hackers/article.html
> Slashdot Thread
> http://it.slashdot.org/article.pl?sid=07/09/22/1040225
> SecurityFocus BID
> http://www.securityfocus.com/bid/25748
>
> **************************************************************
> *****************
>
> (6) MODERATE: VMware Workstation DHCP Server Multiple Vulnerabilities
> Affected:
> VMware Workstation versions prior to 6.0.1 build 55017
>
> Description: VMware Workstation, VMware's popular virtualization
> product, contains multiple vulnerabilities in its Dynamic Host
> Configuration Protocol (DHCP) server, used to dynamically configure
> clients' network settings. A specially crafted DHCP request
> or web page
> could exploit these vulnerabilities to execute arbitrary code with the
> privileges of the vulnerable process. The exact exploitation
> vectors are
> currently undisclosed.
>
> Status: VMware confirmed, updates available.
>
> References:
> VMware Release Notes
> http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html
> Wikipedia Article on DHCP
> http://en.wikipedia.org/wiki/DHCP
> SecurityFocus BID
> http://www.securityfocus.com/bid/25729
>
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 39, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5549 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
>
> ______________________________________________________________________
>
> 07.39.1 CVE: CVE-2007-4916
> Platform: Other Microsoft Products
> Title: Microsoft MFC Library CFileFind::FindFile Buffer Overflow
> Description: The CFileFind::FindFile method in the MFC library for
> Microsoft Windows is exposed to a buffer overflow issue due to a
> failure of the method to perform adequate boundary checks of
> user-supplied input. The MFC library included with Microsoft Windows
> XP SP2 is affected.
> Ref: http://www.kb.cert.org/vuls/id/611008
> ______________________________________________________________________
>
> 07.39.18 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow
> Description: Mercury/32 is a Mail Transport System available for
> Microsoft Windows. The application is exposed to a remote stack-based
> buffer overflow issue because the application fails to perform
> adequate boundary checks on user-supplied data. Mercury/32 version
> 4.52 is affected.
> Ref: http://www.securityfocus.com/bid/25733
> ______________________________________________________________________
>
> 07.39.30 CVE: CVE-2007-2834
> Platform: Cross Platform
> Title: OpenOffice TIFF File Parser Buffer Overflow
> Description: OpenOffice is a multi-platform office suite. Tagged
> Image File Format (TIFF) is a variable-resolution bitmapped image
> format. The application is exposed to a remote heap-based buffer
> overflow issue because it fails to bounds check user-supplied data
> before copying it into an insufficiently sized buffer. The TIFF parser
> incorrectly relies on user-supplied values to calculate memory
> allocation.
> Ref: http://rhn.redhat.com/errata/RHSA-2007-0848.html
> ______________________________________________________________________
>
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>
>



 




Copyright © Lexa Software, 1996-2009.