Global Security
RealNetworks RealPlayer IVR File Processing Multiple Code Execute Vulnerabilities
2009.February.05
Fortinet's FortiGuard Global Security Research Team Discovers Two Vulnerabilities in RealNetworks RealPlayer.
Summary:
========
Two code execute vulnerabilities exist in RealNetworks RealPlayer 11 through malformed IVR files.
Microsoft Office Web Components Remote Memory Corruption Vulnerability
2009.July.13
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft Office Web Components.
Summary:
========
A memory corruption vulnerability exists in the ActiveX Controls of Microsoft Office Web Components which allows a remote attacker to compromise a system through a malicious site.
Impact:
Microsoft Office Excel Remote Memory Corruption Vulnerability
2009.April.14
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Microsoft Office Excel.
Summary:
========
A memory corruption vulnerability exists in Microsoft Office Excel which allows a remote attacker to compromise a system through a malicious document.
Impact:
Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability
2009.June.10
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Adobe Reader / Acrobat.
Summary:
========
A memory corruption vulnerability exists when processing PDF documents and handling TrueType fonts, which could allow an attacker to execute arbitrary code with the privileges of the current user.
Impact:
Apple Safari Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Apple Safari.
Summary:
========
A memory corruption vulnerability exists in Apple Safari which allows a remote attacker to execute arbitrary code through a malicious webpage.
Impact:
Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft's Internet Explorer.
Summary:
========
A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.
Impact:
Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH Command Buffer Overflow Vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Oracle Secure Backup
Summary:
========
A Buffer Overflow vulnerability exists Oracle Secure Backup 10.2.0.2 through a malformed NDMP packet.
SEC Consult Security Advisory < 20090525-2 >
==========================================================================
title: SonicWALL Global Security Client Local Privilege
Escalation Vulnerability
program: SonicWALL Global Security Client
vulnerable version: 1.0.0.15 and possibly other versions
homepage: http://www.sonicwall.com
found: October 2006
by: lofi42
permanent link: https://www.sec-consult.com/advisories_e.html#a56
forgets to check the value of the 'csrfid' token when processing 'POST'
requests, even though the 'csrfid' hidden field is included in every
'FORM', making the application vulnerable to Cross-Site Request Forgery.
The vulnerable areas of the WebSphere administrative console include the
'Security > Global Security' panel [6], and the 'Save changes to the
master configuration' feature. This makes possible for a remote attacker
to disable the 'Administrative Security', 'Application Security' and
'Java 2 Security' options, and then to save the changes to the
configuration, by tricking an IBM WebSphere administrator which is
currently logged in to the administrative console to visit a malicious
FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability
2009.April.08
Summary:
========
Fortinet's FortiGuard Global Security Research Team has discovered a buffer overflow vulnerability in EMC RepliStor.
Impact:
=======
Remote code execution.
FGA-2008-23:EMC NetWorker Denial of Service Vulnerability
2008.October.21
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in EMC NetWorker
Summary:
A resource exhaustion vulnerability exists throughout multiple EMC products through an exploited RPC interface.
Impact:
Oracle Secure Backup Multiple Denial Of Service vulnerabilities
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers multiple vulnerabilities in Oracle Secure Backup
Summary:
========
Multiple Denial Of Service vulnerabilities exist Oracle Secure Backup 10.2.0.2 through malformed NDMP packets.
Oracle Secure Backup's observiced.exe Denial Of Service vulnerability
2009.January.13
Fortinet's FortiGuard Global Security Research Team Discovers a vulnerability in observiced.exe of Oracle Secure Backup
Summary:
========
A Denial Of Service vulnerability exists Oracle Secure Backup 10.2.0.2 observiced.exe through malformed packet.
Apple iTunes DAAP Messages Handling Denial of Service Vulnerability
2009.Mar.13
Fortinet's FortiGuard Global Security Research Team Discovers Vulnerability in Apple iTunes
Summary:
========
A DoS vulnerability in Apple iTunes through a maliciously crafted DAAP message.
Impact:
CA Advisory Date: 2008-10-09
Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a
TELUS Company
Greg Linares of eEye Digital Security
Issued: June 8, 2010
CA Technologies support is alerting users to multiple security risks
with the PSFormX and WebScan ActiveX controls previously available
from the CA Global Security Advisor site. Multiple vulnerabilities
exist that can potentially allow a remote attacker to execute
arbitrary code. The vulnerabilities, CVE-2010-2193, are due to
insufficient verification of input parameters. CA has issued a
single replacement ActiveX control for both affected controls in
May of 2009. These controls are not included in any CA product.
Reference Base Vector Base Score
CVE-2008-1842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Liu Zhen Hua of FortiGuard Global Security Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made the following procedure available to resolve the vulnerability.
Reference Base Vector Base Score
CVE-2008-1842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Liu Zhen Hua of FortiGuard Global Security Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made the following software patches available to resolve the vulnerability.
2008-06-30 - Vendor issued update
2088-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
Reference Base Vector Base Score
CVE-2008-1842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Liu Zhen Hua of FortiGuard Global Security Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made archive files and patches available to resolve the vulnerability. The archive files are listed in the table below. In some cases a patch is required. The patch will insure that NNM is compatible with the software files in the archive. No patch is required for NNM v7.53
Note: The files installed for the Resolution in "rev.1" of this Security bulletin must be removed. Instructions for removing the files are in the Readme.txt file. The files recommended in "rev.1" of this Security Bulletin introduced a problem with the 'ovstop -c' command. Under certain circumstances the 'ovstop -c' command would not stop certain NNM processes. The files recommended in "rev.1" of this Security Bulletin do resolve the security vulnerability.
Reference Base Vector Base Score
CVE-2008-1842 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Liu Zhen Hua of FortiGuard Global Security Research Team for reporting this vulnerability to security-alert@hp.com.
RESOLUTION
HP has made patches available to resolve the vulnerability.
The patches are available from http://support.openview.hp.com/selfsolve/patches
* Jun Mao and Ryan Smith of iDefense Labs reported an integer
overflow related to the FlateDecode filter, which triggers a
heap-based buffer overflow (CVE-2009-1856).
* Haifei Li of Fortinet's FortiGuard Global Security Research Team
reported a memory corruption vulnerability related to TrueType fonts
(CVE-2009-1857).
* The Apple Product Security Team reported a memory corruption
vulnerability in the JBIG2 filter (CVE-2009-1858).
CVE-2009-0717 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2009-0718 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===============================================
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Zhenhua Liu, Junfeng Jia, and Xiaopeng Zhang of Fortinet's Fortiguard Global Security Research Team for reporting these vulnerabilities to security-alert@hp.com.
RESOLUTION
HP has provided HP StorageWorks Storage Mirroring v5.1.1.1090.15 to resolve these vulnerabilities.
enterprises with branch offices and simplify security deployments
and manageability. VPN-1 UTM Edge appliances consolidate proven
enterprise-class technology into a single branch office solution
that does not compromise the corporate network and eliminates the
branch office as your weakest link. As part of Check Point's Unified
Security Architecture, VPN-1 UTM Edge can enforce a global security
policy and allows administrators to manage and update thousands of
appliances as easily as managing one."
Insufficient input validation and output encoding on the login page
allows attacker to perform html-injection by posting suitable string
2008-06-30 - Vendor issued update
2008-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
2008-06-30 - Vendor issued update
2088-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
* Users should apply the solution provided by Adobe(APSB10-26 http://www.adobe.com/support/security/bulletins/apsb10-26.html ).
* FortiGuard Labs released a signature to protect against this vulnerability.
Fortinet customers who subscribe to Fortinet’s intrusion prevention (IPS) service should be protected against this vulnerability. Fortinet’s IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by the FortiGuard Global Security Research Team, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.
References:
Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-26.html
CVE ID: CVE-2010-3637 (FG-VD-10-020)
Hi there,
Just want to let you know, the Fortinet's FortiGuard Global Security
Research Team has provided an in-depth research on the recent PDF
zero-day exploit (CVE-2009-3459).
http://www.fortiguard.com/analysis/pdfanalysis.html
"Taking a look back over this 0-day attack as a whole, each single
part of it is somehow ingenious - whether it be the vulnerability,
2008-06-30 - Vendor issued update
2088-07-20 - Coordinated public release of advisory
Acknowledgment:
Zhenhua Liu of Fortinet's FortiGuard Global Security Research Team
Disclaimer:
Although Fortinet has attempted to provide accurate information in these
|
