Home Edition
VULNERABLE PRODUCTS
Vulnerability #1 (CVE-2009-3524)
Avast! Professional Edition <= 4.8.1351
Avast! Home Edition <= 4.8.1351
Vulnerability #2
Avast! Professional Edition <= 4.8.1356
Avast! Home Edition <= 4.8.1356
> vulnerability in Asus notebook.
>
>> That is I standard issue with Windows XP.
>
> Dave, this is not standard issue for all versions Windows XP. It can
> be only issue of XP Home Edition (because I found such cases only in
> XP HE), but I'm investigating it now to be completely sure in it.
>
> In all Windows XP (in all versions with which I worked from 2001),
> after installation the default Administrator account's password was
> always set equal to first admin's password.
Release Date: 2008/03/30
Last Modified: 2008/03/30
Date Reported: 2008/03/16
Author: Tobias Klein (tk at trapkit.de)
Affected Software: avast! 4.7 Professional Edition
avast! 4.7 Home Edition
Remotely Exploitable: No
Locally Exploitable: Yes
Vendor URL: http://www.avast.com
Vendor Status: Vendor has released a fixed version
Patch development time: 13 days
in Asus notebook.
> That is I standard issue with Windows XP.
Dave, this is not standard issue for all versions Windows XP. It can be only
issue of XP Home Edition (because I found such cases only in XP HE), but I'm
investigating it now to be completely sure in it.
In all Windows XP (in all versions with which I worked from 2001), after
installation the default Administrator account's password was always set
equal to first admin's password.
You are encouraged to read the time line and draw your own conclusions.
Desktop Protection
* avast! 4 Professional (impact low, reason real-time protection)
* avast! 4 Home Edition (impact low, reason real-time protection)
* avast! Pro Family pack (impact low, reason real-time protection)
* avast! WHS Edition (impact low, reason real-time protection)
* avast! Mac Edition (impact unknown)
* avast! Linux Home Edition (impact unknown)
* avast! U3 Edition (impact unknown)
>> After publication of information about Insufficient Authentication
>> vulnerability in Acer notebooks (http://www.securityfocus.com/archive/1/503398/30/0/
>> ), I decided to investigate all notebooks of my friends.
>> Particularly I checked two Asus notebooks: at one with Windows XP
>> Professional there is no such vulnerability, at another with
>> Windows XP Home Edition there is such vulnerability.
>>
>> In Windows XP Home in default administrator's account
>> “Administrator” there
>> is empty password. And it does not set equal to password of first
>> admin,
> After publication of information about Insufficient Authentication
> vulnerability in Acer notebooks
> (http://www.securityfocus.com/archive/1/503398/30/0/), I decided to
> investigate all notebooks of my friends. Particularly I checked two Asus
> notebooks: at one with Windows XP Professional there is no such
> vulnerability, at another with Windows XP Home Edition there is such
> vulnerability.
>
> In Windows XP Home in default administrator's account "Administrator" there
> is empty password. And it does not set equal to password of first admin,
> when admin account is creating during first start of notebook (as it happens
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" / fastdetect /NoExecute=OptIn
--B-O-U-N-D-A-R-Y732118720442
Content-Disposition: form-data; name="class"
s
--B-O-U-N-D-A-R-Y732118720442--
>> vulnerability in Asus notebook.
>>
>>> That is I standard issue with Windows XP.
>>
>> Dave, this is not standard issue for all versions Windows XP. It can be
>> only issue of XP Home Edition (because I found such cases only in XP HE),
>> but I'm investigating it now to be completely sure in it.
>>
>> In all Windows XP (in all versions with which I worked from 2001), after
>> installation the default Administrator account's password was always set
>> equal to first admin's password.
>> vulnerability in Acer notebooks
>> (http://www.securityfocus.com/archive/1/503398/30/0/), I decided to
>> investigate all notebooks of my friends. Particularly I checked two
>> Asus
>> notebooks: at one with Windows XP Professional there is no such
>> vulnerability, at another with Windows XP Home Edition there is such
>> vulnerability.
>>
>> In Windows XP Home in default administrator's account
>> "Administrator" there
>> is empty password. And it does not set equal to password of first
Application: 53KF Web IM
Vendor: www.53kf.com
Corporation: LiuDu, Inc.
Version: Latest: (19 JAN 2009) - Home Edition, Enterprise & Professional
Description: 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities
Background:
==============
53KF is a web-based group chat tool that lets invite a client,
colleague, or vendor to chat, and collaborate.More than 220,000
Application: LooYu Web IM
Vendor: www.looyu.com
Corporation: DuoYou, Inc.
Version: Latest: (19 SEP 2008) - Home Edition, Enterprise & Professional
Description: LooYu Web IM 2008 Cross-Site Scripting Vulnerabilities
Background:
==============
LooYu is a web-based group chat tool that lets invite a client,
colleague, or vendor to chat, and collaborate.
> After publication of information about Insufficient Authentication
> vulnerability in Acer notebooks
> (http://www.securityfocus.com/archive/1/503398/30/0/), I decided to
> investigate all notebooks of my friends. Particularly I checked two
> Asus notebooks: at one with Windows XP Professional there is no such
> vulnerability, at another with Windows XP Home Edition there is such
> vulnerability.
>
> In Windows XP Home in default administrator's account “Administrator”
> there
> is empty password. And it does not set equal to password of first admin,
After publication of information about Insufficient Authentication
vulnerability in Acer notebooks
(http://www.securityfocus.com/archive/1/503398/30/0/), I decided to
investigate all notebooks of my friends. Particularly I checked two Asus
notebooks: at one with Windows XP Professional there is no such
vulnerability, at another with Windows XP Home Edition there is such
vulnerability.
In Windows XP Home in default administrator's account “Administrator” there
is empty password. And it does not set equal to password of first admin,
when admin account is creating during first start of notebook (as it happens
>>> vulnerability in Asus notebook.
>>>
>>>> That is I standard issue with Windows XP.
>>>
>>> Dave, this is not standard issue for all versions Windows XP. It can be
>>> only issue of XP Home Edition (because I found such cases only in XP
>>> HE),
>>> but I'm investigating it now to be completely sure in it.
>>>
>>> In all Windows XP (in all versions with which I worked from 2001),
>>> after
|
