Next Page >>
Microsoft Windows
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Server 2.0.2 and earlier,
VMware Fusion 3.0,
VMware Fusion 2.0.6 and earlier,
VMware VIX API for Windows 1.6.x,
VMware ESXi 4.0 before patch ESXi400-201002402-BG
VMware ESXi 3.5 before patch ESXe350-200912401-T-BG
VMware ACE 2.6,
VMware ACE 2.5.3 and earlier,
VMware Server 2.0.2 and earlier,
VMware Fusion 3.0,
VMware Fusion 2.0.6 and earlier,
VMware VIX API for Windows 1.6.x,
VMware ESXi 4.0 before patch ESXi400-201002402-BG
VMware ESXi 3.5 before patch ESXe350-200912401-T-BG
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
Workstation 6.5.x any 6.5.1 build 126130 or later
Workstation 6.0.x any upgrade to at least 6.5.1
Workstation 5.5.x any 5.5.9 build 126128 or later
provided by VMware when run in IE. Under specific circumstances,
exploitation of these ActiveX controls might result in denial-of-
service or can allow running of arbitrary code when the user
browses a malicious Web site or opens a malicious file in IE
browser. An attempt to run unsafe ActiveX controls in IE might
result in pop-up windows warning the user.
Note: IE can be configured to run unsafe ActiveX controls without
prompting. VMware recommends that you retain the default
settings in IE, which prompts when unsafe actions are
requested.
Severity: CA has given this vulnerability a Medium risk rating.
Affected Products:
CA ARCserve Backup r12.0 Windows
CA ARCserve Backup r11.5 Windows SP3 and prior*
CA ARCserve Backup r11.1 Windows*
CA ARCserve Backup r11.1 Netware*
CA Server Protection Suite r2
CA Business Protection Suite r2
JFTR: the downloadable self-extracting setup program "OLReader2502_DE.exe"
as well as the contained files (SETUP.EXE, SCSetup\WS*.DLL) are all
signed with an X.509 certificate valid until 2012-05-26T23:59:59Z.
Fortunately some wise guy but missed to time-stamp the signed files,
Windows treats the signature as invalid since 2012-05-27T00:00:00Z.-P
According to it's manufacturer, this application supports Windows 2000
and later versions.
- --------------------------------------------------------------------------
Summary
=======
Two vulnerabilities exist in the Cisco VPN Client for Microsoft Windows
that may allow unprivileged users to elevate their privileges to those of
the LocalSystem account.
A workaround exists for one of the two vulnerabilities disclosed in this
advisory.
+---------------------------------------------------------------------
Summary
=======
CiscoWorks Common Services for Microsoft Windows contains a
vulnerability that could allow an authenticated, remote attacker to
execute arbitrary commands on the affected system with the privileges
of a system administrator.
Cisco has released free software updates that address this
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ESA-2012-037: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability
EMC Identifier: ESA-2012-037
CVE Identifier: CVE-2012-2287
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data
Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and
NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute
arbitrary code.
Potential Security Impact: Local Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2010-3007, ZDI-CAN 581
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 56936
Potential Security Impact: Local Denial of Service (DoS), execution of arbitrary code
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2009-0714
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Express 3.x and HP Data Protector Express SSE 3.x prior to build 47065
VUPEN Security Research - Microsoft Windows OpenType CFF Driver Stack
Overflow Vulnerability (CVE-2011-0034)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Microsoft Windows is a series of software operating systems and graphical
(to get the scripts mentioned by this advisory please get the full
version at http://www.hexale.org/advisories/OCHOA-2010-0209.txt; I did
not include them here to reduce the size of this email)
Windows SMB NTLM Authentication Weak Nonce Vulnerability
Security Advisory
Hernan Ochoa (hernan@gmail.com) - Agustin Azubel (agustin.azubel@gmail.com)
Title: Windows SMB NTLM Authentication Weak Nonce Vulnerability
Advisory ID: HTB23108
Product: Microsoft Windows
Vendor: Microsoft Corporation
Vulnerable Version(s): Windows Vista, Windows Server 2008, Windows 7, Windows 8 RP
Tested Version: Windows Vista Ultimate SP1, Windows 2008 SP2, Windows 7 Professional SP1, Windows 8 RP
Vendor Notification: August 7, 2012
Public Disclosure: October 9, 2012
Vulnerability Type: Uncontrolled Search Path Element [CWE-427]
CVSSv2 Base Score: 6 (AV:L/AC:H/Au:S/C:C/I:C/A:C)
Risk Level: Medium
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
method.
4. *Vulnerable packages*
. Microsoft Windows 2000 (SP4 and previous)
. Microsoft Windows XP (SP3, SP2 and previous)
. Microsoft Windows 2003 (SP2 and previous)
. Microsoft Windows 2008 (SP2 and previous)
. Microsoft Windows 2008 R2
. Microsoft Exchange Server 2003 (SP3, SP2 and previous)
Writers Team.
8. *Technical Description / Proof of Concept Code*
Operating systems based on Microsoft Windows NT technologies provide a
flat 32-bit virtual address space that describes 4 gigabytes of virtual
memory to 32-bit processes. This address space is used by the process to
map its executable code and the data that it uses during its runtime.
For performance and efficiency reasons the process address space is
usually split so that 2 GB of address space are directly accessible by
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
VUPEN Security Research - Microsoft Windows OLE Automation Integer Underflow
Vulnerability (MS11-038)
Website : http://www.vupen.com/english/research.php
Twitter : http://twitter.com/vupen
I. BACKGROUND
---------------------
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector
Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows versions. The vulnerability could be
exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
References: CVE-2010-3008, ZDI-CAN 582
DEC
HP-UX
Linux
Mac OS X
Solaris
Windows
Affected Products
CA Aion Business Rules Expert r11.0
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
I. BACKGROUND
---------------------
"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)
II. DESCRIPTION
---------------------
Next Page>>
|
