<< Previous Next >>
Internet security
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-006
- Original release date: April 5th, 2009
- Last revised: June 5th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.4/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2006-004
- Original release date: April 18, 2006
- Last revised: November 13, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 1/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-006
- Original release date: December 18th, 2007
- Last revised: December 24th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
Affected products :
- AVG Anti-Virus Network Edition (prior to engine build 8.5 323)
- AVG Internet Security Netzwerk Edition (prior to engine build 8.5 323)
- AVG Server Edition fr Linux/FreeBSD (prior to engine build 8.5 323)
- AVG eMail Server Edition (prior to engine build 8.5 323)
- AVG File Server Edition (prior to engine build 8.5 323)
- AVG Internet Security SBS Edition (prior to engine build 8.5 323)
- AVG Anti-Virus SBS Edition (prior to engine build 8.5 323)
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-002
- Original release date: 31st January, 2007
- Last revised: 22th December, 2008
- Discovered by: Daniel Fernandez Bleda
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-009
- Original release date: July 21st, 2009
- Last revised: July 23rd, 2009
- Discovered by: Juan Galiana Lara
- Severity: 5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
ZDI-10-165: Trend Micro Internet Security Pro 2010 ActiveX extSetOwner Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-10-165
August 25, 2010
-- CVSS:
9, (AV:N/AC:L/Au:N/C:P/I:P/A:C)
-- Affected Vendors:
Trend Micro
=============================================
INTERNET SECURITY AUDITORS ALERT 2008-004
- Original release date: 12th December, 2008
- Last revised: 22nd December, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-001
- Original release date: February 25th, 2009
- Last revised: March 19th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 7.8/10 (CVSS Base Scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-004
- Original release date: December 3rd, 2008
- Last revised: March 10th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 6.3/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
brlc> Microsoft was informed on 29.07.08 and declined to comment on this issue.
brlc> == Effects on Virusscanners ==
brlc> NOD32 takes several minutes of kerneltime to scan the multikill mails. ESET
brlc> did not comment on this issue and was informed on 01.08.08.
brlc> Kaspersky Internet Security Suite takes several minutes to scan the
brlc> multikill mail. Kaspersky was informed on 29.07.08, confirmed the issue and
brlc> promised to fix the problem.
brlc> Norton Antivirus takes several minutes to scan the multikill mails. Norton
brlc> was informed on informed 01.08.08 and answered promptly and politely.
brlc> Norton promised not to fix the problem, since it would not qualify as a
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-003
- Original release date: March 2nd, 2009
- Last revised: December 17th, 2009
- Discovered by: Juan Galiana Lara
- Severity: 9/10 (CVSS scored)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2006-006
- Original release date: February 28, 2006
- Last revised: July 18th, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
On Fri, Jul 17, 2009 at 2:48 PM, ISecAuditors Security
Advisories<advisories@isecauditors.com> wrote:
> =============================================
> INTERNET SECURITY AUDITORS ALERT 2009-NNN
> - Original release date: July 7th, 2009
> - Last revised: July 17th, 2009
> - Discovered by: Vicente Aguilera Diaz
> - Severity: 4.5/10 (CVSS Base Score)
> =============================================
Vulnerable software:
* BlackICE PC Protection 3.6.cqn
* G DATA InternetSecurity 2007
* Ghost Security Suite beta 1.110 and alpha 1.200
* Kaspersky Internet Security 7.0.0.125
* Norton Internet Security 2008 15.0.0.60
* Online Armor Personal Firewall 2.0.1.215
* Outpost Firewall Pro 4.0.1025.7828
=============================================
INTERNET SECURITY AUDITORS ALERT 2008-001
- Original release date: January 3rd, 2008
- Last revised: December 22nd, 2008
- Discovered by: Jesus Olmos Gonzalez
- Severity: 2/5
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-004
- Original release date: November 7th, 2007
- Last revised: December 7th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 4/5
=============================================
I. VULNERABILITY
-------------------------
Microsoft was informed on 29.07.08 and declined to comment on this issue.
== Effects on Virusscanners ==
NOD32 takes several minutes of kerneltime to scan the multikill mails. ESET
did not comment on this issue and was informed on 01.08.08.
Kaspersky Internet Security Suite takes several minutes to scan the
multikill mail. Kaspersky was informed on 29.07.08, confirmed the issue and
promised to fix the problem.
Norton Antivirus takes several minutes to scan the multikill mails. Norton
was informed on informed 01.08.08 and answered promptly and politely.
Norton promised not to fix the problem, since it would not qualify as a
For the third year in a row, the NATO Cooperative Cyber Defence Centre of Excellence invites experts from government, military, academia and the private sector to Tallinn to discuss recent trends in cyber security.
This year the ICCC (www.ccdcoe.org/ICCC) takes place on 7-10 June and will focus on the topic of Generating Cyber Forces. The initial agenda (www.ccdcoe.org/ICCC/agenda.html) and registration (www.ccdcoe.org/ICCC/registration ) are now available on the ICCC website.
Key speakers include:
Dmitri Alperovich, McAfee - Towards Establishment of Cyberspace Deterrence Strategy
Jart Armin, HostExploit - Handling Botnets
Jeff Bardin, Treadstone71 - Augmenting Cyber Forces
Susan Brenner, University of Dayton - Conscription and Cyber Conflict: Legal Issues
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-NNN
- Original release date: July 7th, 2009
- Last revised: July 17th, 2009
- Discovered by: Vicente Aguilera Diaz
- Severity: 4.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
-------------------------
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-011
- Original release date: October 13th, 2009
- Last revised: December 18th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3702
- Severity: 8.5/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
=============================================
INTERNET SECURITY AUDITORS ALERT 2009-012
- Original release date: October 13th, 2009
- Last revised: December 16th, 2009
- Discovered by: Juan Galiana Lara
- CVE ID: CVE-2009-3701
- Severity: 6.3/10 (CVSS Base Score)
=============================================
I. VULNERABILITY
ZDI-11-093: CA Internet Security Suite HIPS XML Security Database Parser Class Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-093
February 23, 2011
-- CVE ID:
CVE-2011-1036
-- CVSS:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Advisory: Panda Internet Security/Antivirus+Firewall 2008
cpoint.sys Kernel Driver Memory Corruption Vulnerability
Advisory ID: TKADV2008-001
Revision: 1.0
Release Date: 2008/03/08
Last Modified: 2008/03/08
Date Reported: 2008/01/08
=============================================
INTERNET SECURITY AUDITORS ALERT 2007-005
- Original release date: May 23rd, 2007
- Last revised: November 24th, 2007
- Discovered by: Jesus Olmos Gonzalez
- Severity: 5/5
=============================================
I. VULNERABILITY
-------------------------
Severity: CA has given these vulnerabilities a Medium risk rating.
Affected Products:
CA Host-Based Intrusion Prevention System r8
CA Internet Security Suite 2007 (v3.2) with CA Personal Firewall
2007 (v9.1) Engine version 1.2.260 and below
CA Internet Security Suite 2008 (v4.0) with CA Personal Firewall
2008 (v10.0) Engine version 1.2.260 and below
CA Personal Firewall 2007 (v9.1) with Engine version 1.2.260 and
below
Affected Products:
CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1,
r8, r8.1
CA Anti-Virus 2007 (v8), 2008
eTrust EZ Antivirus r7, r6.1
CA Internet Security Suite 2007 (v3), 2008
CA Internet Security Suite Plus 2008
CA Threat Manager for the Enterprise (formerly eTrust Integrated
Threat Management) r8, 8.1
CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
CA Protection Suites r2, r3, r3.1
Disclosure Policy :
http://blog.zoller.lu/2008/09/notification-and-disclosure-policy.html
Affected products :
- Global Protection 2009 (Hotifx)
- Internet Security 2009 (Hotifx)
- Panda Antivirus Pro 2009 (Hotfix)
- Panda Security for Business with Exchange
- Panda Security for Business
- Panda Security for Enterprise
- Panda GateDefender Integra (patched through automatic updates)
>== Specific Software ==
>Vulnerable:
>Microsoft Outlook Express 6, Version 6.00.2900.5512
>Opera Version: 9.51 Build: 10081 System: Windows XP
>Incredimail Build ID: 5853710 Setup ID: 7 Pn: 92977368
>Norton Internet Security Version 15.5.0.23
>ESet NOD32 2.70.0039.0000
>Kaspersky Internet Security 2009; Databases from 23.07.2008
>
>Slightly affected:
>Mozilla Thunderbird Version 2.0.14 (20080421)
--Saturday, October 31, 2009, 5:24:38 PM, you wrote to bugtraq@securityfocus.com:
PRL> #####################################################################################
PRL> Application: Panda Global Protection 2010
PRL> Panda Internet Security 2010
PRL> Platforms: Windows XP Professional SP & windows Vista SP1
PRL> Exploitation: Local Privilege Escalation
<<Previous Next>>
|
