Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 4
>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Microsoft Excel File Handling Remote Code Execution
> Affected:
> Microsoft Office 2000/2002/2003
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Excel contains a flaw in its handling
> of certain
> Excel files. A specially crafted Excel file could trigger an
> unspecified
> vulnerability in Excel, allowing an attacker to execute arbitrary code
> with the privileges of the current user. Note that, on recent versions
> of Microsoft Office, content is not opened upon receipt without user
> interaction. Further technical details are not publicly available for
> this vulnerability, but this vulnerability is being actively exploited
> in the wild.
>
> Status: Microsoft confirmed, no updates available.
>
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/947563.mspx
> SecurityFocus BID
> http://www.securityfocus.com/bid/27305
>
> **********************************************************
>
> (2) CRITICAL: Apple QuickTime Multiple Vulnerabilities
> Affected:
> Apple QuickTime versions prior to 7.4
>
> Description: QuickTime is Apple's streaming media framework for Apple
> Mac OS X and Microsoft Windows. QuickTime contains multiple
> vulnerabilities in the handling of various file formats. A specially
> crafted QuickTime video, image file or stream could trigger
> one of these
> vulnerabilities and execute arbitrary code with the privileges of the
> current user. QuickTime content is generally displayed automatically
> upon receipt, without further user intervention. Note that
> QuickTime is
> installed by default on all Apple Mac OS X systems, and is also
> installed as part of Apple's iTunes product on Microsoft Windows
> systems. Some technical details are publicly available for these
> vulnerabilities
>
> Status: Apple confirmed, updates available.
>
> References:
> Apple Security Advisory
> http://docs.info.apple.com/article.html?artnum=307301
> TippingPoint DVLabs Security Advisory
> http://dvlabs.tippingpoint.com/advisory/TPTI-08-01
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=642
> Apple QuickTime Home Page
> http://www.apple.com/quicktime
> SecurityFocus BIDs
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=642
> http://www.securityfocus.com/bid/27298
> http://www.securityfocus.com/bid/27299
> http://www.securityfocus.com/bid/27300
> http://www.securityfocus.com/bid/27301
>
> **********************************************************
>
> (3) CRITICAL: Citrix Presentation Server IMA Buffer Overflow
> Affected:
> Citrix Presentation Server versions 4.5 and prior
> Citrix Metaframe Presentation Server versions 3.0 and prior
> Citrix Access Essentials versions 2.0 and prior
> Citrix Desktop Server version 1.0
>
> Description: The Citrix Presentation Server is an application sharing
> system. It contains a flaw in its Independent Management Architecture
> (IMA) component. A specially crafted user request could
> trigger a buffer
> overflow during the request's processing. Successfully exploiting this
> buffer overflow would allow an attacker to execute arbitrary code with
> the privileges of the vulnerable process (usually SYSTEM). Some
> technical details are publicly available for this vulnerability.
>
> Status: Citrix confirmed, updates available. Users can mitigate the
> impact of this vulnerability by blocking access to TCP ports 2512 and
> 2513 at the network perimeter, if possible.
>
> References:
> Citrix Security Advisory
> http://support.citrix.com/article/CTX114487
> Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-08-002.html
> Product Home Page
> http://citrix.com/English/ps2/products/product.asp?contentID=186
> SecurityFocus BID
> http://www.securityfocus.com/bid/27329
>
> **********************************************************
>
> (4) CRITICAL: Cisco Unified Communications Manager
> CTLProvider Heap Overflow
> Affected:
> Cisco Unified Communications Manager versions 4.1(3) and prior
>
> Description: Cisco Unified Communications Manager (CUCM) is Cisco's
> telephony management platform. It contains a flaw in its "CTLProvider"
> component. This component manages cryptographic certificates. A
> specially crafted request to this component could trigger a heap
> overflow. Successfully exploiting this vulnerability would allow an
> attacker to execute arbitrary code with the privileges of the
> vulnerable
> process. No authentication is required to exploit this vulnerability.
> Some technical details are publicly available for this vulnerability.
> Note that successfully exploiting this vulnerability could lead to a
> disruption in telephony service, including emergency services.
>
> Status: Cisco confirmed, updates available. Users can mitigate the
> impact of this vulnerability by blocking access to TCP port
> 2444 at the
> network perimeter, if possible.
>
> References:
> Cisco Security Advisory
> http://www.cisco.com/warp/public/707/cisco-sa-20080116-cucmctl
> .shtml#@ID
> TippingPoint DVLabs Security Advisory
> http://dvlabs.tippingpoint.com/advisory/TPTI-08-02
> Product Home Page
> http://www.cisco.com/warp/public/cc/pd/nemnsw/callmn/index.shtml
> SecurityFocus BID
> http://www.securityfocus.com/bid/27313
>
> **********************************************************
> **********************************************************
>
> (8) HIGH: AOL Nullsoft Winamp Multiple Vulnerabilities
> Affected:
> AOL Nullsoft Winamp versions prior to 5.52
>
> Description: AOL Nullsoft Winamp is a popular media player
> for Microsoft
> Windows. It contains multiple vulnerabilities in its handling of
> Ultravox media streams. A specially crafted stream could
> trigger one of
> these vulnerabilities, leading to a buffer overflow. Successfully
> exploiting one of these buffer overflows would allow an attacker to
> execute arbitrary code with the privileges of the current user. Note
> that Ultravox streams may open without user intervention upon receipt,
> depending on system configuration. Some technical details are publicly
> available for this vulnerability.
>
> Status: AOL confirmed, updates available.
>
> References:
> Secunia Security Advisories
> http://secunia.com/advisories/27865/
> http://secunia.com/secunia_research/2008-2/advisory/
> Winamp Change Log
> http://www.winamp.com/player/version-history
> SecurityFocus BID
> http://www.securityfocus.com/bid/27344
>
> **********************************************************
>
> (9) HIGH: Skype Cross-Site Scripting Vulnerability
> Affected:
> Skype versions 3.5.x and 3.6.x
>
> Description: Skype is a popular cross platform voice and video
> conferencing system. It allows users the ability to add video
> and other
> web content to chat sessions. The web content added to these sessions
> runs with full Microsoft Internet Explorer "local zone" privileges on
> Microsoft Windows. This allows attackers to execute arbitrary scripts
> with the privileges of the current user. This can be leveraged to full
> arbitrary command and code execution. A proof-of-concept and video
> demonstration of this vulnerability is publicly available. Note that
> this vulnerability depends on the presence of cross site scripting
> vulnerabilities in associated web sites.
>
> Status: Skype has released a temporary fix for this vulnerability.
>
> References:
> Skype Security Bulletin
> http://skype.com/security/skype-sb-2008-001.html
> Posting by Miroslav Lucinskij
> http://seclists.org/fulldisclosure/2008/Jan/0328.html Posting by Aviv
> Raff (includes video demonstration)
> http://aviv.raffon.net/2008/01/17/SkypeCrosszoneScriptingVulne
> rability.aspx
> Skype Home Page http://www.skype.com SecurityFocus BID
> http://www.securityfocus.com/bid/27338
>
> **********************************************************
>
> (12) LOW: Apple iPhone/iPod Touch Mobile Safari Multiple
> Vulnerabilities
> Affected:
> Apple iPhone versions prior to 1.1.3
> Apple iPod Touch versions prior to 1.1.3
>
> Description: The Apple iPhone contains multiple vulnerabilities in its
> embedded web browser based on Safari, known as Mobile Safari. A
> specially crafted URL passed to the application could trigger a memory
> corruption vulnerability and allow an attacker to execute
> arbitrary code
> on the iPhone. Additionally, Mobile Safari fails to properly handle
> cross-domain scripting issues, exposing users to a Cross-Site
> Scripting
> attack. No other technical details are believed to be
> publicly available
> for these vulnerabilities.
>
> Status: Apple confirmed, updates available.
>
> References:
> Apple Security Advisory
> http://docs.info.apple.com/article.html?artnum=307302
> Product Home Page
> http://www.apple.com/iphone
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/27297
> http://www.securityfocus.com/bid/27296
>
> ______________________________________________________________________
>
> 08.4.23 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Malformed GIF File Denial of Service
> Description: Mozilla Firefox is a browser available for multiple
> platforms. This issue occurs because the application fails to handle
> malformed GIF files. Please refer to the link below for further
> details.
> Ref: http://www.securityfocus.com/archive/1/486163
> ______________________________________________________________________
>
> (c) 2008. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>
|