Next Page >>
analysis
Note: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-056 Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-057 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
Note: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-041 Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access
Could Allow Remote Code Execution (955617)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-042 Vulnerability in Microsoft Word Could Allow Remote Code Execution (955048)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-003 Vulnerability in Active Directory Could Allow Denial of Service (946538)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-004 Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
Title: CA20090107-01: CA Service Metric Analysis and CA Service
Level Management smmsnmpd Arbitrary Command Execution
Vulnerability
CA Advisory Reference: CA20090107-01
CA Advisory Date: 2009-01-07
> much like my earlier attacks on BIND 9, BIND 8 and Microsoft
> Windows DNS server.
>
> Interestingly enough, OpenBSD uses a flavor of this PRNG for
> another field, this time the IP fragmentation ID, part of the
> OpenBSD kernel network stack. The analysis carries out quite
> similarly to show that OpenBSD's IP ID is predictable as well,
> which gives way to O/S fingerprinting, idle-scanning, host alias
> detection, traffic analysis, and in some cases, even to TCP blind
> data injection.
>
much like my earlier attacks on BIND 9, BIND 8 and Microsoft
Windows DNS server.
Interestingly enough, OpenBSD uses a flavor of this PRNG for
another field, this time the IP fragmentation ID, part of the
OpenBSD kernel network stack. The analysis carries out quite
similarly to show that OpenBSD's IP ID is predictable as well,
which gives way to O/S fingerprinting, idle-scanning, host alias
detection, traffic analysis, and in some cases, even to TCP blind
data injection.
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS07-043 Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
Note: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-070 Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349)
Analysis - SMA does not have this component. Patch will not run successfully
Action - Customers should not be concerned with this issue.
-------------------------------------------------
MS Patch - MS08-071 Vulnerabilities in GDI Could Allow Remote Code Execution (956802)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
the real, qt, and matroska demuxers which result in process termination
or memory corruption that may have wider implications.
The oCERT team was contacted by the Xine project requesting a review of
some code changes relating to memory allocations. These vulnerabilities
were the findings of this requested analysis. The full analysis text can
be found in the references below.
Affected version:
xine-lib <= 1.1.14
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-018 Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-019 Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
Core acknowledges receipt of the previous mail from the Microsoft team
and reminds them that the publication date proposed by Core is November
24th, 2009.
. 2009-09-14:
Core requests Microsoft's analysis of the second reported bug.
. 2009-09-14:
Microsoft confirms that the first bug reported on Excel is exploitable
and that they are working on defining a ship date. Microsoft also states
that the bug reported as MSRC case 9154 / CORE-2009-0504 is not
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
- Database security & attacks
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique,
vulnerability research)
- Traffic analysis
> - Database security & attacks
> - Protocol security & exploitation
> - Advanced Trojans, worms and backdoor technique
> - Encryption & decryption technique
>
> --- Intrusion detection/forensics analysis
> - File system analysis & recovery
> - Real-time data structure recovery
> - Reverse engineering (malicious code analysis technique,
> vulnerability research)
> - Traffic analysis
>> - Database security & attacks
>> - Protocol security & exploitation
>> - Advanced Trojans, worms and backdoor technique
>> - Encryption & decryption technique
>>
>> --- Intrusion detection/forensics analysis
>> - File system analysis & recovery
>> - Real-time data structure recovery
>> - Reverse engineering (malicious code analysis technique,
>> vulnerability research)
>> - Traffic analysis
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS08-030 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue
-------------------------------------------------
MS Patch - MS08-031 Cumulative Security Update for Internet Explorer (950759)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
NOTE: Patch installation instructions are shown at the end of this table.
-------------------------------------------------
MS Patch - MS07-063 Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
Analysis - SMA does not have this component. Patch will not run successfully.
Action - Customers should not be concerned with this issue.
-------------------------------------------------
MS Patch - MS07-064 Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
---------------------------
7T Interactive Graphical SCADA System (IGSS) versions prior to 9.0.0.11143
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Oracle Java JDK and JRE 6 Update 25 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Oracle Java JDK and JRE 6 Update 25 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Oracle Java JDK and JRE 6 Update 25 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Oracle Java JDK and JRE 6 Update 25 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Oracle Java JDK and JRE 6 Update 25 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Oracle Java JDK and JRE 6 Update 25 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows XP Service Pack 3
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a proof-of-concept code
are available through the VUPEN Binary Analysis & Exploits Service :
---------------------------
Adobe Shockwave Player v11.6.0.626 and prior
IV. Binary Analysis & Exploits/PoCs
---------------------------------------
In-depth binary analysis of the vulnerability and a code execution exploit
are available through the VUPEN Binary Analysis & Exploits Service :
Next Page>>
|
