<< Previous Next >>
Microsoft Windows
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://corelabs.coresecurity.com/
Microsoft Windows CreateWindow function callback vulnerability
1. *Advisory Information*
Title: Microsoft Windows CreateWindow function callback vulnerability
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
-------- Original Message --------
> From: "Christian Sciberras" <uuf6429@gmail.com>
> Sent: Thursday, December 02, 2010 2:51 PM
> To: "Steno Plasma" <exploitdevelopmentdotcom@gmail.com>
> Subject: Re: Flaw in Microsoft Windows SAM Processing Allows Continued
Administrative Access Using Hidden Regular User Masquerading After
Compromise (2010-M$-001)
>
> I don't understand how this is even relevant to security?
>
>
> -------- Original Message --------
> > From: "Christian Sciberras" <uuf6429@gmail.com>
> > Sent: Thursday, December 02, 2010 2:51 PM
> > To: "Steno Plasma" <exploitdevelopmentdotcom@gmail.com>
> > Subject: Re: Flaw in Microsoft Windows SAM Processing Allows Continued
> Administrative Access Using Hidden Regular User Masquerading After
> Compromise (2010-M$-001)
> >
> > I don't understand how this is even relevant to security?
> >
3. *Vulnerability Description*
A security vulnerability was found in the driver 'vmswitch.sys',
associated to the Windows Hypervisor subsystem, allowing an
authenticated local DoS. The vulnerability could allow denial of service
if a specially crafted packet is sent to the VMBus by an authenticated
user in one of the guest virtual machines hosted by the Hyper-V server.
The impact is all guests on that host became non-responsive.
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer
Overflow Vulnerability (MS11-092)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
the user's desktop system but will not be able to fully compromise it to
execute arbitrary code without restrictions.
4. *Vulnerable packages*
. Internet Explorer 5.01 SP4 on Windows 2000 sp4
. Internet Explorer 6sp1 on Windows 2000 sp4
. Internet Explorer 6sp2 on Windows XP sp2
. Internet Explorer 6sp2 on Windows XP sp3
. Internet Explorer 7 on Windows XP sp2
. Internet Explorer 7 on Windows XP sp3
version 6.0.6001.18000) and Windows XP SP3 (T2EMBED.DLL version
5.1.2600.5512). Previous versions may also be affected.
Microsoft comfirms/reports the following products are vulnerable:
Microsoft Windows 2000 SP 4
Windows XP SP 2
Windows XP SP 3
I shall complete the information related to Bugtraq ID: 33359
Title: HTC / Windows Mobile OBEX FTP Service Directory Traversal
Author: Alberto Moreno Tablado
Vendor: HTC
Vulnerable Products:
- HTC devices running Windows Mobile 6
- HTC devices running Windows Mobile 6.1
Non vulnerable products:
- HTC devices running Windows Mobile 5.0
----------------------------------------------------------
www.ExploitDevelopment.com 2010-M$-001
----------------------------------------------------------
TITLE:
Flaw in Microsoft Windows SAM Processing Allows Continued
Administrative Access Using Hidden Regular User Masquerading After
Compromise
SUMMARY AND IMPACT:
All versions of Microsoft Windows allow real-time modifications to the
----- Original Message ----
From: Tavis Ormandy <taviso@cmpxchg8b.com>
To: full-disclosure@lists.grok.org.uk
Cc: bugtraq@securityfocus.com
Sent: Wed, June 9, 2010 4:46:21 PM
Subject: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
available on Vista)
4.1. *Vulnerable platforms*
. Microsoft Windows 2000 up to and including Service Pack 4
. Microsoft Windows Server 2003 up to and including Service Pack 2
. Microsoft Windows XP up to and including Service Pack 3
. Windows Vista up to and including Service Pack 1 (not exploitable
with IE running with Protected mode on)
. Windows Server 2008
PUBLIC
=========================================================================
ACROS Security Problem Report #2010-12-14-1
-------------------------------------------------------------------------
ASPR #2010-12-14-1: Remote Binary Planting in Windows Address Book
=========================================================================
Document ID: ASPR #2010-12-14-1-PUB
Vendor: Microsoft Corp. (http://www.microsoft.com)
Target: Windows Address Book & Windows Contacts
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
(And try dealing with Microsoft licensing sometime if you think security
communication is lacking)
Tavis Ormandy wrote:
> Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
> ----------------------------------------------------------------------------
>
> Help and Support Centre is the default application provided to access online
> documentation for Microsoft Windows. Microsoft supports accessing help documents
> directly via URLs by installing a protocol handler for the scheme "hcp",
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
available.
3. Problem Description
a. VMware Descheduled Time Accounting driver vulnerability may cause a
denial of service in Windows based virtual machines.
The VMware Descheduled Time Accounting Service is an optional,
experimental service that provides improved guest operating system
accounting.
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows*
CA ARCserve Backup r11.1 Windows*
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server
CA20120320-01: Security Notice for CA ARCserve Backup
Issued: March 20, 2012
CA Technologies Support is alerting customers to a potential risk
with CA ARCserve Backup for Windows. A vulnerability exists that can
allow a remote attacker to cause a denial of service condition. CA
Technologies has issued fixes to address the vulnerability.
The vulnerability, CVE-2012-1662, occurs due to insufficient
validation of certain network requests. An attacker can potentially
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2011-039: RSA®, The Security Division of EMC, announces security fixes and improvements for RSASecurID® Software Token 4.1 for Microsoft®Windows®
Advisories
Updated December 12, 2011
Summary:
compromise of the host system but could lead to a privilege
escalation on guest operating system. An attacker would need to
have a user account on the guest operating system.
Affected
64-bit Windows and 64-bit FreeBSD guest operating systems and
possibly other 64-bit operating systems. The issue does not
affect the 64-bit versions of Linux guest operating systems.
VMware would like to thank Derek Soeder for discovering
this issue and working with us on its remediation.
http://www.nsfocus.com/en/advisories/0903.html
Affected system:
==============
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows Vista/SP1
Microsoft Windows Server 2008
PUBLIC
=========================================================================
ACROS Security Problem Report #2010-04-12-2
-------------------------------------------------------------------------
ASPR #2010-04-12-2: Local Binary Planting in VMware Tools for Windows
=========================================================================
Document ID: ASPR #2010-04-12-2-PUB
Vendor: VMware, Inc. (http://www.vmware.com)
Target: VMware Tools for Windows
details.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.3 build 185404 or later
Player 2.5.x any 2.5.3 build 185404 or later
has assigned the name CVE-2008-2098 to this issue.
VMware Product Running Replace with/
Product Version on Apply Patch
============ ======== ======= =================
Workstation 6.x Windows 6.0.4 build 93057
Workstation 6.x Linux 6.0.4 build 93057
Workstation 5.x Windows not affected
Workstation 5.x Linux not affected
Player 2.x Windows 2.0.4 build 93057
available.
VMware Product Running Replace with/
Product Version on Apply Patch
========= ======== ======= =================
vCenter any Windows not affected
hosted* any any not affected
ESXi any any not affected
* thanks To : Stack & fl0 fl0w & SKD
* and special thanks to str0ke for his advices and support ( you are the best brotha )
* example :
* ##########################################################################################
# Coded By SimO-s0fT #
* # 0 [*]Microsoft Windows Trust SP3 (Frensh):ESP #
* # 1 [*]Microsoft Windows Trust SP2 (Frensh):ESP #
* # 2 [*]Microsoft Windows XP SP3 (Frensh) : ESP #
* # 3 [*]Microsoft Windows XP SP2 (Frensh) : ESP #
* # USAGE : #
* # exploit1.exe file.rml platform #
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-012
Advisory Title: Microsoft Windows CE IGMP Denial of Service
Author: Ollie Whitehouse / ollie_whitehouse@symantec.com
Release Date: 22-10-2007
Application: Windows CE 5.01 / Windows Mobile 5
Platform: Microsoft Windows
Severity: Denial of Service
this advisory.
Windows NT Domain Authentication Bypass Vulnerability
+----------------------------------------------------
Because of a Microsoft Windows NT Domain authentication issue the Cisco
ASA and Cisco PIX devices may be susceptible to a VPN authentication
bypass vulnerability. Cisco ASA or Cisco PIX security appliances that
are configured for IPSec or SSL-based remote access VPN using Microsoft
Windows NT Domain authentication may be vulnerable. Devices that are
using any other type of external authentication (that is, LDAP, RADIUS,
<<Previous Next>>
|
