Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 7 No. 7
>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Microsoft Windows WebDAV Mini-Redirector Heap
> Overflow (MS08-007)
> Affected:
> Microsoft Windows XP
> Microsoft Windows Server 2003
> Microsoft Windows Vista
>
> Description: Web Distributed Authoring and Versioning, known
> as WebDAV,
> is a protocol allowing filesystem-like access to resources
> exported via
> HTTP. The WebDAV mini-redirector is a kernel-level resource
> in Microsoft
> Windows that allows systems to transparently access WebDAV resources.
> The WebDAV mini-redirector contains a heap-based buffer
> overflow in its
> handling of WebDAV traffic. A malicious WebDAV server could
> exploit this
> vulnerability, allowing an attacker to execute arbitrary code with
> SYSTEM privileges. Note that WebDAV resources can be accessed by
> clicking links on web pages or email messages. Technical details are
> publicly available for this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx
> Hex Blog Post (contains technical details)
> http://hexblog.com/2008/02/mrxdavsys_and_hexrays.html
> Wikipedia Article on WebDAV
> http://en.wikipedia.org/wiki/WebDAV
> SecurityFocus BID
> http://www.securityfocus.com/bid/27670
>
> ***************************************************
>
> (3) CRITICAL: Apple QuickTime ActiveX Control Multiple Vulnerabilities
> Affected:
> Apple QuickTime ActiveX Control versions prior to 7.4.1
>
> Description: Apple QuickTime is Apple's streaming media framework,
> available for both Apple Mac OS X and Microsoft WIndows. On Microsoft
> Windows, some functionality is provided by an ActiveX control. This
> ActiveX control contains multiple vulnerabilities in its handling of
> parameters passed to various methods. A malicious web page that
> instantiates this control could exploit one of these
> vulnerabilities to
> execute arbitrary code with the privileges of the current user. Full
> technical details and a proof-of-concept are publicly available for
> these vulnerabilities. Note that the affected control is
> installed along
> with Apple iTunes and Apple Safari.
>
> Status: Apple has not confirmed, no updates available. Users can
> mitigate the impact of this vulnerability by disabling the affected
> control via Microsoft's "kill bit" mechanism using CLSID
> "02BF25D5-8C17-4B23-BC80-D3488ABDDC6B". Note that this may
> affect normal
> application functionality.
>
> References:
> Posting by Laurent Gaffie
> http://www.securityfocus.com/archive/1/488045
> Microsoft Knowledge Base Article (details the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> Apple QuickTime Home Page
> http://www.apple.com/quicktime
>
> ***************************************************
>
> ***************************************************
>
> (6) CRITICAL: Adobe Reader Multiple Vulnerabilities
> Affected:
> Adobe Reader versions prior to 8.1.2
>
> Description: Adobe Reader is Adobe's reader for the Portable Document
> Format (PDF). Reader contains multiple vulnerabilities in its handling
> of JavaScript embedded in PDF documents. A specially crafted PDF
> containing calls to certain JavaScript functions could exploit these
> vulnerabilities, allowing an attacker to execute arbitrary
> code with the
> privileges of the current user. Note that PDF documents are generally
> viewed upon receipt, and without further user action. Several
> proofs-of-concept are publicly available for these
> vulnerabilities, and
> these vulnerabilities are being actively exploited in the wild.
>
> Status: Adobe confirmed, updates available.
>
> References:
> Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-08-004.html
> Adobe Security Advisory
> http://www.adobe.com/support/security/advisories/apsa08-01.html
> iDefense Security Advisories
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=655
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=657
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=656
> Proofs-of-Concept
> https://www.immunityinc.com/downloads/immpartners/acrobat.tgz
> https://www.immunityinc.com/downloads/immpartners/acrobatfull.tgz
> Adobe Update Information
> http://kb.adobe.com/selfservice/viewContent.do?externalId=kb40
3079&sliceId=1
> SecurityFocus BID
> http://www.securityfocus.com/bid/27641
>
>
> (8) CRITICAL: ClamAV Multiple Vulnerabilities
> Affected:
> ClamAV versions prior to 0.92.1
>
> Description: ClamAV is a popular open source antivirus system. It
> contains multiple vulnerabilities in its parsing of executables. A
> specially crafted Portable Executable (PE) file or executable file
> compressed with the MEW application could trigger a memory corruption
> vulnerability. Successfully exploiting these vulnerabilities
> would allow
> an attacker to execute arbitrary code with the privileges of the
> vulnerable process. Note that, on systems using ClamAV to scan email,
> it is sufficient for exploitation to have an email transit the system;
> no user interaction is necessary. Technical details for these
> vulnerabilities are available via source code analysis.
>
> Status: ClamAV confirmed, updates available.
>
> References:
> ClamAV Release Notes
> http://sourceforge.net/project/shownotes.php?release_id=575703
> iDefense Security Advisoriy
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=658
> ClamAV Home Page
> http://www.clamav.net/
> SecurityFocus BID
> http://www.securityfocus.com/bid/27751
>
> ***************************************************
>
> (9) HIGH: Microsoft OLE Memory Corruption (MS08-008)
> Affected:
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
> Microsoft Windows Vista
> Microsoft Visual Basic 6.0
>
> Description: Microsoft Object Linking and Embedding (OLE) is Microsoft
> Windows component used for application communication and
> control. It is
> related to the ActiveX suite of technologies. OLE contains a
> flaw in its
> handling of certain user requests. A specially crafted web page could
> exploit this flaw, leading to a memory corruption. Successfully
> exploiting this vulnerability would allow an attacker to execute
> arbitrary code with the privileges of the current user.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx
> SecurityFocus BID
> http://www.securityfocus.com/bid/27661
>
> ***************************************************
>
> (10) HIGH: Microsoft Word Memory Corruption (MS08-009)
> Affected:
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office 2003
> Microsoft Office Word Viewer 2003
>
> Description: Microsoft Word contains a flaw in its handling of certain
> Word documents. A specially crafted Word document could
> trigger a memory
> corruption vulnerability in Word. Successfully exploiting this
> vulnerability would allow an attacker to execute arbitrary
> code with the
> privileges of the current user. Note that on recent versions of
> Microsoft Office, Word documents are not opened upon receipt without
> user interaction. Some technical details are publicly
> available for this
> vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx
> Reversemode Advisory
> http://www.securityfocus.com/archive/1/488071
> SecurityFocus BID
> http://www.securityfocus.com/bid/27656
>
> ***************************************************
>
> (11) HIGH: Microsoft Internet Explorer Multiple
> Vulnerabilities (MS08-010)
> Affected:
> Microsoft Internet Explorer versions 7 and prior
>
> Description: Microsoft Internet Explorer contains multiple
> vulnerabilities in its handling of a variety of web page
> elements, image
> formats, and ActiveX controls. A specially crafted web page containing
> one of these objects could trigger a memory corruption vulnerability.
> Successfully exploiting one of these vulnerabilities would allow an
> attacker to execute arbitrary code with the privileges of the current
> user.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
> Zero Day Initiative Advisory
> http://zerodayinitiative.com/advisories/ZDI-08-006.html
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=661
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/27666
> http://www.securityfocus.com/bid/27668
> http://www.securityfocus.com/bid/27689
>
> ***************************************************
>
> (12) HIGH: Microsoft Office Publisher Multiple
> Vulnerabilities (MS08-012)
> Affected:
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office 2003
>
> Description: Microsoft Office Publisher contains multiple
> vulnerabilities in its handling of Publisher files. A
> specially crafted
> Publisher file could trigger a memory corruption vulnerability upon
> opening. Some technical details are publicly available for this
> vulnerability. Note that on recent versions of Microsoft Office,
> Publisher files are not opened upon receipt without user intervention.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS08-012.mspx
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/27740
> http://www.securityfocus.com/bid/27739
>
> ***************************************************
>
> (13) HIGH: Microsoft Office Memory Corruption (MS08-013)
> Affected:
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office 2003
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Office allows document authors to embed objects
> in documents. A document with a specially crafted embedded
> object could
> trigger a memory corruption vulnerability in Office. Successfully
> exploiting this vulnerability would allow an attacker to execute
> arbitrary code with the privileges of the current user. Note that on
> recent versions of Microsoft Office, documents are not opened upon
> receipt without user intervention.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS08-013.mspx
> SecurityFocus BID
> http://www.securityfocus.com/bid/27738
>
> ***************************************************
>
> (14) HIGH: Microsoft Works Converter Multiple Vulnerabilities
> (MS08-011)
> Affected:
> Microsoft Office 2003
> Microsoft Works 8
> Microsoft Works Suite 2005
>
> Description: The Microsoft Works Converter is used to convert
> documents
> created by Microsoft Works into other formats. It contains multiple
> flaws in its handling of invalid Works documents. A specially crafted
> Works document could trigger one of these flaws, leading to a memory
> corruption vulnerability. Successfully exploiting this vulnerability
> would allow an attacker to execute arbitrary code with the privileges
> of the current user. Note that on recent versions of Microsoft Office,
> documents are not opened upon receipt without user intervention.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS08-011.mspx
> iDefense Security Advisories
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=659
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=660
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/27657
> http://www.securityfocus.com/bid/27658
> http://www.securityfocus.com/bid/27659
>
> ***************************************************
> ***************************************************
>
> (17) HIGH: Sun Java Runtime Environment Multiple Vulnerabilities
> Affected:
> Sun Java Runtime Environment versions prior to 6 Update 1
> Sun Java Development Kit versions prior to 6 Update 1
>
> Description: Sun's Java Runtime Environment contains multiple
> vulnerabilities in its handling of Java applets and applications. A
> specially crafted applet or application could bypass the
> normal sandbox
> provided by the runtime environment. Bypassing the sandbox environment
> would allow an otherwise untrusted applet or application to
> modify files
> or execute arbitrary commands with the privileges of the current user.
> Note that Java applets embedded in web pages are often run
> without first
> prompting the user. Sun's Java Runtime Environment is
> installed on Apple
> Mac OS X and many Unix, Linux, and Unix-like systems by default. It is
> also installed on a large number of Microsoft Windows systems.
>
> Status: Sun confirmed, updates available.
>
> References:
> Sun Security Advisory
> http://sunsolve.sun.com/search/document.do?assetkey=1-66-231261-1
> Sun Java Home Page
> http://java.sun.com
> SecurityFocus BID
> http://www.securityfocus.com/bid/27650
>
> ***************************************************
>
> (18) MODERATE: Microsoft Internet Information Services ASP
> Remote Code Execution (MS08-006)
> Affected:
> Microsoft Windows XP
> Microsoft Windows Server 2003
>
> Description: Microsoft Active Server Pages (ASP) is a Microsoft
> technology for dynamically generating web pages. A flaw in
> the handling
> of certain ASP functions could trigger a remote code execution
> vulnerability on a vulnerable server. Note that an attacker would need
> access to upload or otherwise insert ASP code into a web
> page. Note that
> ASP.NET is not affected by this vulnerability, and the vulnerable
> versions of the software are not installed by default on
> recent versions
> of Microsoft Windows. Note that a proof-of-concept for this
> vulnerability is available to members of Immunity Security's Partners'
> Program.
>
> Status: Microsoft confirmed, updates available.
>
> References;
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms08-006.mspx
> Proof-of-Concept
> https://www.immunityinc.com/downloads/immpartners/iisasp.py
> SecurityFocus BID
> http://www.securityfocus.com/bid/27676
>
|