Next Page >>
SP 2
--------------------
This vulnerability was verified by the authors on the following platforms:
Windows NT4 SP1
Windows Server 2003 SP2
Windows XP SP3
Windows Vista x32
Windows 7 x32 RC
However, all versions of Windows implementing NTLMv1 are suspected to be
Microsoft comfirms/reports the following products are vulnerable:
Microsoft Windows 2000 SP 4
Windows XP SP 2
Windows XP SP 3
Windows XP Professional x64 Edition SP 2
| Security Manager Versions | Common Services |
| | Versions |
|-----------------------------------------+---------------------|
| Prior to 3.2 | Various |
|-----------------------------------------+---------------------|
| 3.2, 3.2 SP1, 3.2 SP2 | 3.1 |
|-----------------------------------------+---------------------|
| 3.2.1, 3.2.1 SP1 | 3.1.1 |
|-----------------------------------------+---------------------|
| 3.2.2, 3.2.2 SP1, 3.2.2 SP2, 3.2.2 SP3, | 3.2 |
| 3.2.2 SP4 | |
4. *Vulnerable packages*
. Microsoft Windows 2000 (SP4 and previous)
. Microsoft Windows XP (SP3, SP2 and previous)
. Microsoft Windows 2003 (SP2 and previous)
. Microsoft Windows 2008 (SP2 and previous)
. Microsoft Windows 2008 R2
. Microsoft Exchange Server 2003 (SP3, SP2 and previous)
. Microsoft Exchange Server 2007 (SP2, SP1 and previous)
4. *Vulnerable packages*
. Windows Server 2008 for x64-based Systems
. Windows Server 2008 for x64-based Systems SP2
. Windows Server 2008 R2 for x64-based Systems
. Windows Server 2008 R2 for x64-based Systems SP1
5. *Non-vulnerable packages*
Affected Products
CA XOsoft Replication r12.0 sp1
CA XOsoft High Availability r12.0 sp1
CA XOsoft Content Distribution r12.0 sp1
CA XOsoft Replication r12.5 sp2 rollup
CA XOsoft High Availability r12.5 sp2 rollup
CA XOsoft Content Distribution r12.5 sp2 rollup
CA ARCserve Replication and High Availability r15.0 sp1
Non-Affected Products
4. *Vulnerable packages*
. Internet Explorer 5.01 SP4 on Windows 2000 sp4
. Internet Explorer 6sp1 on Windows 2000 sp4
. Internet Explorer 6sp2 on Windows XP sp2
. Internet Explorer 6sp2 on Windows XP sp3
. Internet Explorer 7 on Windows XP sp2
. Internet Explorer 7 on Windows XP sp3
. Internet Explorer 7 on Windows Vista sp1
. Internet Explorer 7 on Windows Vista sp2
Severity: CA has given these vulnerabilities a High risk rating.
Affected Products:
Admin r8.1 SP2
Advantage Data Transformer r2.2
Allfusion Harvest Change Manager r7.1
CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3
CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3
CA Directory r8.1
Affected Versions:
The following versions of Adaptive Authentication (On-Premise) might be affected:
6.0.2.1 SP1 Patch 2 and SP1 Patch 3
6.0.2.1 SP2 and SP2 Patch 1
6.0.2.1 SP3
Recommendation:
Methods: POST, GET
Protocols: HTTP, HTTPS
2. Adobe LiveCycle Data Services ES2 3.0
Windows XP SP2 / Tomcat 6.0.14
Endpoint URIs:
{server.name}:{server.port}/
{context.root}/messagebroker/http
yes, of course :) but u are running Windows Media Player 11 which is
not the default one for Windows XP SP2. Moreover, this Media Player
edition is not slipped through any software update either. Therefore,
if you are not a Media Player fan, you will never get this version on
a fully patched XP SP2 machine. I tend to use iTunes on XP SP2, so yes
I am vulnerable.
On 9/18/07, Memisyazici, Aras <arasm@vt.edu> wrote:
> Hi pdp!
>
Severity: CA has given this vulnerability a High risk rating.
Affected Products:
CA ARCserve Backup for Laptops and Desktops r11.5
CA ARCserve Backup for Laptops and Desktops r11.1 SP2
CA ARCserve Backup for Laptops and Desktops r11.1 SP1
CA ARCserve Backup for Laptops and Desktops r11.1
CA ARCserve Backup for Laptops and Desktops r11.0
CA Desktop Management Suite 11.2
CA Desktop Management Suite 11.1
The Hewlett-Packard Company thanks Abhisek Datta of iViZ Security Research Team for reporting this
vulnerability to security-alert@hp.com
HP Data Protector Express 'Hot Fix' (Build 47065) for version 3.5 SP2 is supported on the following:
Operating System
Version
Windows Operating Systems
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks AbdulAziz Hariri of Insight Technologies along with TippingPoint.s Zero Day Initiative for reporting this vulnerability to security-alert@hp.com
HP Data Protector Express 'Hot Fix' (Build 56936) for version 3.5 SP2 is supported on the following:
Windows Operating Systems
Version
Microsoft Windows Unified Data Storage Server (incl. R2)
To: Memisyazici, Aras
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: security notice: Backdooring Windows Media Files
yes, of course :) but u are running Windows Media Player 11 which is
not the default one for Windows XP SP2. Moreover, this Media Player
edition is not slipped through any software update either. Therefore,
if you are not a Media Player fan, you will never get this version on
a fully patched XP SP2 machine. I tend to use iTunes on XP SP2, so yes
I am vulnerable.
Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
The Hewlett-Packard Company thanks Abhisek Datta of iViZ Security Research Team for reporting this vulnerability to security-alert@hp.com
=========================================================================
HP Data Protector Express 'Hot Fix' (Build 47065) for version 3.5 SP2 is supported on the following:
=========================================================================
=====================
Windows Operating Systems
=====================
Affected Versions:
The following versions of Adaptive Authentication (On-Premise) might be affected:
6.0.2.1 SP1 Patch 2 and SP1 Patch 3
6.0.2.1 SP2 and SP2 Patch 1
6.0.2.1 SP3
Recommendation:
* Windows 2000 SP4, IE6 SP1
* Windows XP (x86) SP3, IE 6 SP3
* Windows XP (x86) SP3, IE 7
* Windows XP x64 SP1, IE 6 SP1 (32-bit and 64-bit)
* Windows XP x64 SP1, IE 7 (32-bit and 64-bit)
* Windows XP x64 SP2, IE 7 (32-bit and 64-bit)
* Windows XP x64 SP2, IE 8 (32-bit and 64-bit)
* Windows Vista (x86) SP2, IE 7
* Windows Vista (x86) SP2, IE 8
So far, I haven't been able to bypass the mitigation. I've tried 'for
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks AbdulAziz Hariri of Insight Technologies along with TippingPoint.s Zero Day Initiative
for reporting this vulnerability to security-alert@hp.com
HP Data Protector Express 'Hot Fix' (Build 56936) for version 3.5 SP2 is supported on the following
Windows Operating Systems
Version
Microsoft Windows Unified Data Storage Server (incl. R2)
* and special thanks to str0ke for his advices and support ( you are the best brotha )
* example :
* ##########################################################################################
# Coded By SimO-s0fT #
* # 0 [*]Microsoft Windows Trust SP3 (Frensh):ESP #
* # 1 [*]Microsoft Windows Trust SP2 (Frensh):ESP #
* # 2 [*]Microsoft Windows XP SP3 (Frensh) : ESP #
* # 3 [*]Microsoft Windows XP SP2 (Frensh) : ESP #
* # USAGE : #
* # exploit1.exe file.rml platform #
* # more information contact me { Maroc-anti-connexion[at]hotmail[dot]com } #
High (Code Execution)
Systems Affected:
Internet Explorer 6 SP1 - Windows 2000 SP4
Internet Explorer 6 SP1 - Windows XP SP1
Internet Explorer 6 SP2 - Windows XP SP2
Internet Explorer 6 SP1 - Windows Server 2003 SP1
Internet Explorer 6 SP2 - Windows Server 2003 SP2
Overview:
eEye Digital Security has discovered a heap overflow vulnerability in
IV. DETECTION
Microsoft has reported the following products vulnerable:
* Microsoft Excel 2003 SP 3
* Microsoft Excel 2007 SP 2
* Microsoft Office 2007 SP 2
* Microsoft Excel 2010 (32-bit editions)
* Microsoft Excel 2010 SP 1 (32-bit editions)
* Microsoft Office 2010 and Microsoft Office 2010 SP 1 (32-bit editions)
* Microsoft Excel 2010 (64-bit editions)
IV. DETECTION
Microsoft has reported the following products vulnerable:
* Microsoft Excel 2003 SP 3
* Microsoft Excel 2007 SP 2
* Microsoft Office 2007 SP 2
* Microsoft Excel 2010 (32-bit editions)
* Microsoft Excel 2010 SP 1 (32-bit editions)
* Microsoft Office 2010 and Microsoft Office 2010 SP 1 (32-bit editions)
* Microsoft Excel 2010 (64-bit editions)
IV. DETECTION
Microsoft has reported the following products vulnerable:
* Microsoft Excel 2003 SP 3
* Microsoft Excel 2007 SP 2
* Microsoft Office 2007 SP 2
* Microsoft Excel 2010 (32-bit editions)
* Microsoft Excel 2010 SP 1 (32-bit editions)
* Microsoft Office 2010 and Microsoft Office 2010 SP 1 (32-bit editions)
* Microsoft Excel 2010 (64-bit editions)
It would be useful to know if this is also an issue with msjet40.dll
4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
because I don't have many apps that still use MDAC.
On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
said:
>
> (C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)
heap. But, what is that pointer? Why does it increment everytime I press
the button? Let's see the technical analysis:
Inside CWindow's constructor (mshtml's standard) a variable "IDEvent",
is initialized to 1
Module: mshtml.dll Vista SP2
.text:7403EC0A mov dword ptr [ecx+30h], 1 ;
TimerID_Counter = 1
Flash Player sends only one policy-file request per player per host
per port.
# Tested platforms
Works on:
* Windows XP SP2: Internet Explorer 6 / Flash Player 9.0.47.0
* Windows XP SP2: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Windows XP SP2: IE 7.0.5730.11 Flash Player 9.0.47.0
* Ubuntu Edgy: Firefox 2.0.0.5 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 2.0.4 / Flash Player 9.0.47.0
* Mac OSX 10.4.10: Safari 3.0.2 / Flash Player 9.0.47.0
Proof of Concept:
We tested Google Chrome 0.2.149.27 on Windows XP SP2 (Open Calculator)
http://security.bkis.vn/Proof-Of-Concept/PoC-XPSP2.html
With others Windows not XP SP 2:
- Juha-Matti
"CaseArmour.net Security Administrator" <security@casearmour.net> kirjoitti:
> It would be useful to know if this is also an issue with msjet40.dll
> 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
> for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
> because I don't have many apps that still use MDAC.
>
> On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
Title:
======
SonicWall Viewpoint v6.0 SP2 - SQL Injection Vulnerability
Date:
=====
2011-10-01
Next Page>>
|
