<< Previous Next >>
referenced
media types:
0 DWORD Sample description size
4 DWORD Data format
6 BYTE[6] Reserved
12 WORD Data reference index
These four fields may be followed by additional data specific to the
media type and data format.
For video media, the general sample description format is extended by
the following structure:
Microsoft Office Excel Malformed Records Stack Buffer Overflow
TSL ID : FSC20090609-01
Reference: http://telussecuritylabs.com/threats/show/FSC20090609-01
1. Affected Software
Microsoft Office Excel 2000
Microsoft Office Excel 2002
Because the ECX register can be controlled (0x47 is the ASCII code for
the letter "G"), the attacker can control the ESP register through the
"lea 0xfffffffc(%ecx),%esp" instruction at 0x0804fdc7. The attacker can
execute code in mapserv's process space by setting the ESP register to
an address that holds a reference to code and letting the "ret"
instruction execute at 0x0804fdca; this will assign the EIP register an
attacker-supplied value.
This overflow may be triggered by user input as well. Note that the
"mapserv->Id" character array is defined as IDSIZE bytes long and that
Versions: See below
Severity: High
Author: Timothy D. Morgan <tmorgan {a} vsecurity.com>
Vendor Status: Patch Released [3]
CVE Candidate: CVE-2008-2086
Reference: http://www.vsecurity.com/bulletins/advisories/2008/JWS-props.txt
- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Product Description
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup LDBserver
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=1942
93
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=188143
Solution Document Reference APARs:
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA Service Desk
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=186585
Solution Document Reference APARs:
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup for Laptops and Desktops
Server LGServer
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181721
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for
CA Host-Based Intrusion Prevention System SDK
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=182496
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access.
References: CVE-2008-1665
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HPSI Active Directory Bidirectional LDAP Connector v 2.20, 2.20.001, 2.20.002, 2.30
BACKGROUND
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA Secure Content Manager HTTP Gateway Service
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177784
Solution Document Reference APARs:
Workaround: As a temporary workaround, stop and disable the CA
ARCserve Discovery service. With the service disabled, deploying
agents using Auto-discovery will not work.
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Discovery Service
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=178937
Solution Document Reference APARs:
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup caloggerd and xdr functions
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=176798
Solution Document Reference APARs:
BrightStor ARCserve Backup r11.5 Alert.exe 7.1.758.0
BrightStor ARCserve Backup r11.1 Alert.exe 7.1.758.0
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for Alert Notification Server
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173103
Solution Document Reference APARs:
CA Desktop Management Suite 11.2 localized
rxRPC.dll February 18 2008 / 126976
Workaround: None
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA ARCserve Backup for Laptops and Desktops
Server and CA Desktop Management Suite
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105
Microsoft KB article 240797
<http://support.microsoft.com/kb/240797> for information on how to
disable an ActiveX control.
References (URLs may wrap):
CA Support:
http://support.ca.com/
Security Notice for CA products using the DSM gui_cm_ctrls ActiveX
control
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=174256
release (Sophos)
*Vulnerability Information*
Class: Invalid memory reference
Remotely Exploitable: No
Locally Exploitable: Yes
Bugtraq ID: 28741 28742 28743 28744
CVE Name: CVE-2008-1735 CVE-2008-1736 CVE-2008-1737 CVE-2008-1738
{BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}. Disabling the control may
prevent the GUI from functioning correctly. Refer to Microsoft KB
article 240797 <http://support.microsoft.com/kb/240797> for
information on how to disable an ActiveX control.
References (URLs may wrap):
CA SupportConnect:
http://support.ca.com/
CA products using the DSM ListCtrl ActiveX Control Security Notice
https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/DSM_ListCtr_secnot.html
Solution Document Reference APARs:
* For Protection Suites r2, follow instructions for BrightStor
ARCserve Backup r11.5.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
BrightStor ARCserve Backup Security Notice
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
Solution Document Reference APARs:
* For Protection Suites r2, follow instructions for BrightStor
ARCserve Backup r11.5.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
BrightStor ARCserve Backup Security Notice
http://supportconnectw.ca.com/public/storage/infodocs/basb-secnotice.asp
Solution Document Reference APARs:
4. Check the version. If the version is less than 8.0.0.93, the
installation is vulnerable.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
Security Notice for CA Host-Based Intrusion Prevention System
(CA HIPS) Server
http://supportconnectw.ca.com/public/cahips/infodocs/cahips-secnotice.asp
July 03 2007 / 122880 bytes
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA ARCserve Backup for Laptops and Desktops Server Security Notice
http://supportconnectw.ca.com/public/sams/lifeguard/infodocs/caarcservebld-securitynotice.asp
Solution Document Reference APARs:
the toolbar to view the version. If the version is less than 11.6,
the installation is vulnerable.
Workaround: None
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA BrightStor Hierarchical Storage Manager CsAgent Security Notice
http://supportconnectw.ca.com/public/bstorhsm/infodocs/bstorhsm-secnot.asp
Solution Document Reference APARs:
can be defined in the URL passed to enter_bug.cgi,
overwriting the User-Agent string and may lead to cross-site scripting.
The guided form is not usually used by Bugzilla
installations, as it is shipped only as an example to be modified for
their own use.
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=386942
Issue 2
- -------
Class: Command Injection
Versions: 2.23.4 and above
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Insight Software Installer for Windows . The vulnerabilities could be exploited locally to allow unauthorized access to data and remotely to allow Cross Site Request Forgery (CSRF).
References: CVE-2010-1967 (unauthorized access to data), CVE-2010-1968 (CSRF)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Insight Software Installer for Windows for all versions prior to v6.1
BACKGROUND
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari's Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within how the application frees references
from a particular element. When freeing these references, the
application will fail to remove the reference from the rendering object.
Later upon trying to free the element again, the application will access
the freed reference which can lead to code execution under the context
of the application.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP TCP/IP Services for OpenVMS Running NTP. The vulnerabilities could be remotely exploited to execute arbitrary code or create a Denial of Service (DoS).
References: SSRT090073, CVE-2009-0159, CVE-2009-1252, CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP TCP/IP Services for OpenVMS v5.4, v5.5, v5.6, and v5.7 (only affected by CVE-2009-3563) on Itanium and Alpha platforms.
BACKGROUND
<object data="index.dat" type="text/html" width="100%" height="50"></object>
- -----------/
It allows to set the MIME type (in the type attribute) of an externally
referenced file in the data attribute which will be loaded as an object.
4. Internet Explorer behaves in a slightly different way when
displaying a page directly rather than displaying that page inside an
HTML '<frame>' tag. For example, a page containing an HTML '<object>'
tag like the one shown below will prompt the user to accept the download
of file being referenced inside if loaded directly but it will be
to inject both headers and content to any browser that
supported "Server Push" (mostly only Gecko-based browsers
like Firefox). This could lead to Cross-Site Scripting
vulnerabilities, and possibly other more dangerous
security issues as well.
References: https://bugzilla.mozilla.org/show_bug.cgi?id=600464
http://cwe.mitre.org/data/definitions/113.html
CVE Number: CVE-2010-3172
Class: Information Leak
Versions: 2.12 to 3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1
<<Previous Next>>
|
