Next Page >>
Studio
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2010-0011
Synopsis: VMware Studio 2.1 addresses security vulnerabilities
in virtual appliances created with Studio 2.0.
Issue date: 2010-07-13
Updated on: 2010-07-13 (initial release of advisory)
CVE numbers: CVE-2010-2427 CVE-2010-2667
- ------------------------------------------------------------------------
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2009-0011
Synopsis: VMware Studio 2.0 addresses a security issue in the
public beta version of Studio 2.0
Issue date: 2009-08-31
Updated on: 2009-08-31 (initial release of advisory)
CVE numbers: CVE-2009-2968
- ------------------------------------------------------------------------
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
DAZ Studio Arbitrary Command Execution
1. *Advisory Information*
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
DX Studio Player Firefox plug-in command injection
1. *Advisory Information*
Hi Michael,
Indeed, MFC is the culprit. We were aware of Visual Studio as a typical environment
for building MFC apps, and MFC is an integral part of it. Presumably other ways of
building MFC apps will result in vulnerable builds too, but we noticed that older
some versions of MFC libraries were not vulnerable.
Thanks for broadening the view.
Mitja
users have the specified control installed.
IV. DETECTION
iDefense has confirmed this vulnerability in version 2.05.50727.42 of
hxvz.dll, which is installed with Visual Studio 2005.
The following products might also include vulnerable versions of the
control:
Visual Studio 2005
################################ IRANIAN THE BEST HACKERS IN THE WORLD ##################
#################### ####################
##
## Remote SQL injection Vulnerability
##
## Web Art Studio (prodotto.php?lang)
##
###############################################################
###############################################################
###############################################################
###############################################################
-----------------------------------------------------------------
Microsoft Visual Studio vulnerability
Overview:
In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly
written source file make the application crash at loading. That make it
really easy to make a simple denial of service against the application by
using CVS or SVN repositories. Exploitation of this bug is not yet know or
confirmed.
Unless I misread the description, this is an error in MFC, not in Visual
Studio.
Applications built using MFC and command-line tools would be equally
vulnerable; non-MFC applications built using Visual Studio would not be
(via this vector - obviously they could be vulnerable to binary planting
through other vectors).
Plenty of developers use Visual Studio to create non-MFC applications.
And at least a few of us use Microsoft toolchains and libraries without
################################ IRANIAN THE BEST HACKERS IN THE WORLD ##################
#################### ####################
##
## Remote SQL injection Vulnerability
##
## THE STUDIO (prod.php?id)
##
###############################################################
###############################################################
###############################################################
###############################################################
Hash: SHA1
Team SHATTER Security Advisory
*Security Vulnerability in CLR stored procedure deployment from IBM
Database Add-Ins for Visual Studio*
September 15th 2008
Risk Level:
High
3. *Vulnerability Description*
Autodesk 3D Studio Max [2] is a modeling, animation and redering
package widely used for video game , film , multimedia and web content
developement. The software provides a built-in scripting language,
allowing users to bind custome code to actions performed in the
applciation. Execution of scripting code does not require explicit
permission from the user. This mechanim can be exploited by an
#-------------------In The Name Of God------------
# BPstyle - Graphic studio SQL Injection Vulnerabilities
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@gmail.com
#Webstie: www.r00t.gigfa.com
#
###################################
#Google D0rk:
# "Designed and Created by: BPstyle - Graphic studio"
Solution
***************
The responsible development unit said that webdbm
is outdated and that customers should deinstall it and use the "Database Studio" instead.
See SAP note 1281820.
References:
***********
[*] 30/12/2009 : vendor contacted
[*] No response
[*] 09/01/2010 : public disclosure
Note: The same vulnerability was disclosed in a software from
E-Soft (DJ Studio Pro) 3 months ago and is still unpatched.
0x04 : Exploit
--------------
#!/usr/bin/ruby
About CubilFelino Security Research Lab
==========================================
It's very peaceful (underground), but dark place in Mexico which has a
lot of desktop and laptop computers, (hardc0re) network hardware,
wire/unwired stuff, some
hijacked Internet connections, music gear and studio (midi controllers
and synthesizers), Psytrance/Drum & Bass music almost always
resounding the walls, and why not?
a very very nice aquarium with river monsters: piranhas, oscar fish &
a plecostomus. Also, it's equipped with a little fridge full of
munchies, alcohol and caffeine;
<?php
/*
Pinnacle Studio 12 "Hollywood FX Compressed Archive" (.hfz) directory
traversal vulnerability poc
by Nine:Situations:Group::pyrokinesis
Our site: http://retrogod.altervista.org/
Software site: http://www.pinnaclesys.com/
Some keys exported from the registry:
List of speakers with presentations:
‣ Achim Reckeweg ; Sun Microsystems ; Germany
‣ Alex Stamos ; iSEC Partners ; USA
‣ Alexander Kornbrust ; Red Database Security GmbH ; Germany
‣ Andrea Monti ; Studio Legale Monti ; Italy
‣ Arrigo Triulzi ; Independent Security Consultant ; Italy
‣ Chema Alonso, José Parada ; Informática 64 ; Spain
‣ Daniel Mende, Simon Rich ; ERNW GmbH ; Germany
‣ Dr. Anton Chuvakin ; LogLogic, Inc ; USA
‣ Haroon Meer ; SensePost ; South Africa
Microsoft Office XP Service Pack 3
Microsoft Office 2000 Web Components SP3
Microsoft Office XP Web Components SP3
Microsoft BizTalk Server 2002
Visual Studio .NET 2003 Service Pack 1
V. WORKAROUND
Setting the kill bit for the following CLSIDs will mitigate the threat
from web based attacks conducted through Internet Explorer. The CLSID
Presentation Materials
http://conference.hitb.org/hitbsecconf2009kl/materials/
----
Keynote 1: Joe Grand (President, Grand Idea Studio)
Keynote 2: Rop Gonggrijp (Hacker and Activist)
Keynote 3: Ed Skoudis (Co-Founder, InGuardians)
Keynote 4: Julian Assange (Founder of WikiLeaks.org)
Presentations By:
2. <http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx>
| In the case where a system has no MFC applications currently installed
| but does have the vulnerable Visual Studio or Visual C++ runtimes
| installed, Microsoft recommends that users install this update as a
| defense-in-depth measure, in case of an attack vector being introduced
| or becoming known at a later time.
For the above products Microsofts advice is like a self-fullfilling
like this for cookies or hidden FFs.
Would you agree that the issue here is RTFM?
Many developers using Viewstates aren't aware they are using
Viewstates. Think "Newbie Visual Studio Jockey" developers. They are
using a control in their IDE and have no idea it's passing off stuff
in b64 strings to the web-browser/client that can be decoded and/or
modified.
The most common scenario where developers disable native Viewstate
These controls are as easy to turn on as flicking a switch. Super simple remediation. Most frameworks do not offer easy, native controls like this for cookies or hidden FFs.
Would you agree that the issue here is RTFM?
Many developers using Viewstates aren't aware they are using Viewstates. Think "Newbie Visual Studio Jockey" developers. They are using a control in their IDE and have no idea it's passing off stuff in b64 strings to the web-browser/client that can be decoded and/or modified.
The most common scenario where developers disable native Viewstate controls is in multi-websever deployments when they start load-balancing. The Viewstate keys don't match across servers; the app breaks; the developers Google just enough info to decide to turn off Viewstate encryption/checksums (or the server admin does it).
The fix for Viewstate load balancing issues is also super simple:
Share Viewstate MAC/checksum or encryption keys. But it is fairly common not to do this until after a security assessment. Usually for the same reasons I outlined above: they aren't really even sure what Viewstate is doing.
Microsoft Visual Studio can automatically make an application binary
planting-positive (i.e., vulnerable) even when the developer makes no programming
errors. Every MFC application seems to be automatically made vulnerable, with those
statically linking MFC libraries actually having the vulnerable code integrated in
their executables, making it harder to deploy patches to users.
http://blog.acrossecurity.com/2010/10/how-visual-studio-makes-your.html
Pleasant reading,
System process token, thus granting the process SYSTEM privileges.
EXPLOIT/POC:
---------------
Visual Studio project is available here:
http://www.4shared.com/file/238491842/ed3f7380/PoC.html and here:
http://www.easy-share.com/1909510835/PoC.zip
I am really sorry and appologize for using lame file uploading sites,
but I don't own a domain:( I tried to attach ZIP archive, but it seems
it's being filtered.
==================================================
Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
Adam Bixby - Gotham Digital Science (labs@gdssecurity.com)
Public Release Date: 8/9/2011
Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual Studio 2005 Service Pack 1
Browser used for testing: IE8 (8.0.7601.17514)
Severity: High
MS Bulletin: MS11-067 - http://www.microsoft.com/technet/security/Bulletin/MS11-067.mspx
CVE: CVE-2011-1976
About CubilFelino Security Research Lab
=======================================
It's very peaceful (underground), but dark place in Mxico which has a lot of
desktop and laptop computers, (hardc0re) network hardware, wire/unwired stuff,
some hijacked Internet connections, music gear and studio (midi controllers and
synthesizers), Psytrance/Drum & Bass music almost always resounding the walls,
and why not? a very very nice aquarium with river monsters: piranhas, oscar
fish & a plecostomus. Also, it's equipped with a little fridge full of munchies,
alcohol and caffeine; with a box of cigarretes on the desktop and a lot of books
that can't imagine about (in) security, martial-arts (yeah! we love Ninjutsu
have Kaspersky Online Scanner Control installed, the exploit page could
prompt the user to install this ActiveX.
Though this is a format string vulnerability, the traditional "%n"
technique will not work. This is due to this ActiveX being compiled
with Microsoft Visual Studio 2005, in which the "%n" format specifier
is disabled by default. However, the attacker could still exploit the
vulnerability using other methods.
IV. DETECTION
guest.commands.anonGuestCommandsRunAsConsoleUser=FALSE
The only feature of VMware Workstation that relies on this behavior is
the Integrated Virtual Debugger, i.e. the optional plugins for Eclipse
IDE and Microsoft Visual Studio. Disabling this login mode as documented
above will disable this feature.
In addition, VIX API client programs and scripts which depend on this
login mode while calling VixVM_LoginInGuest will need to be modified to
use a username and password to login to the guest.
-------------------------------------------------
MS Patch - MS07-051 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS07-052 Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS07-053 Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)
Analysis - SMA does not have this component. Patch will not run successfully.
Next Page>>
|
