dialog box
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
graphs. This will be true if the victim has previously authenticated
1. Select "Programs->Cisco Systems VPN Client->VPN Client" from the Start
menu. This action will open the Cisco VPN Client graphical user
interface.
2. Select the option "About VPN Client..." from the "Help" menu. This
menu option will display a dialog box that contains text similar to
"Cisco Systems VPN Client Version 4.8.01.0300."
Note: By default, the "Cisco Systems VPN Client" folder is located in the
"Programs" sub-menu of the Windows Start menu. The system administrator
may have chosen to use a different name or location.
Exploitation of this vulnerability results in the execution of arbitrary
code in the context of the user opening an attachment delivered via
email. In order to be successful, an attacker must social engineer the
victim into processing a specially crafted email attachment in a certain
way. Specifically, the victim must open the attachment and click the
view button on the attachment dialog box.
IV. DETECTION
Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
Only when he opens the certificate's details the correct and
protected information is decoded and thus certified
information is shown.
Users are informed by a small symbol in the statusbar about
a valid digital signature, and the first dialog box already
informs them about the following:
- name of signer
- signer's certificate issuer (which induces the trust)
- date of signature
There is little incentive for an average user to go beyond
Summary
Mozilla Firefox allows spoofing the information presented in the basic
authentication dialog box. This can allow an attacker to conduct phishing
attacks, by tricking the user to believe that the authentication dialog box
is from a trusted website.
Affected versions
Mozilla Firefox v2.0.0.11.
Prior versions and other Mozilla products may also be affected.
Exploitation of this vulnerability results in the execution of arbitrary
code in the context of the user opening an attachment delivered via
email. In order to be successful, an attacker must social engineer the
victim into processing a specially crafted email attachment in a certain
way. Specifically, the victim must open the attachment and click the
view button on the attachment dialog box.
IV. DETECTION
Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
For what is is worth...
I'm running MR4 version (11.0.4000.2295) and executing the command under a non-privileged account does throw a dialog box with the error message. It also puts an event in the application event log to the effect of "Faulting application smc.exe, version 11.0.4000.2261, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x000079f", but watchng task manager SMC.EXE running under the SYSTEM user and SMCGUI.EXE running under the same non-privileged account never dies. I do see an additional SMC.EXE process startup under the non-privileged user, but it is the process failing. I also tried this running the command with an admin account with the same results.
Exploitation of this vulnerability results in the execution of arbitrary
code in the context of the user opening an attachment delivered via
email. In order to be successful, an attacker must social engineer the
victim into processing a specially crafted email attachment in a certain
way. Specifically, the victim must open the attachment and click the
view button on the attachment dialog box.
IV. DETECTION
Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
Exploitation of this vulnerability results in the execution of arbitrary
code in the context of the user opening an attachment delivered via
email. In order to be successful, an attacker must social engineer the
victim into processing a specially crafted email attachment in a certain
way. Specifically, the victim must open the attachment and click the
view button on the attachment dialog box.
IV. DETECTION
Lotus Notes versions 6.0, 6.5, 7.0, 8.0, 8.5 are vulnerable.
from the user via HTTP authentication. This style of attack has been documented
in the past, and some of variations on this theme are explored in a recent paper
by VSR [5].
However, in the case of vulnerable versions of Google Chrome, the password
manager may pre-fill the authentication dialog box with credentials intended for
parent page's domain, leaving users one click away from account compromise.
This issue would affect Chrome users which use applications that allow users to
embed objects from third parties. Examples of such applications may include
message boards, blogs, or social networking sites.
var pp = this.getPrintParams();
pp.interactive = pp.constants.interactionLevel.silent;
Outside of batch, console, and menu events, the values of bUI and of
interactive are ignored and a print dialog box will always be
presented.
--END--
But Adobe has not realized it in the current version, so we can
enticing a user into starting a malicious BitTorrent download, and
execute arbitrary code through unspecified vectors. Additionally, a
specially crafted JavaScript may trigger the "virtual function"
vulnerability. The JavaScript engine can also access previously freed
but uncleaned memory. Finally, a user can be fooled with a too long
HTTP server name that does not fit the dialog box, or a URI containing
whitespaces.
Workaround
==========
http://www.ibm.com/support/docview.wss?rs=475&uid=swg21285600
Workaround 1: Delete the keyview.ini file in the Notes program directory.
This disables ALL viewers. When a user clicks View (for any file), a
dialog box will display with the message "Unable to locate the viewer
configuration file.".
Workaround 2: Delete the problem file l123sr.dll file. When a user tries
to view the specific file type, a dialog box will display with the message
"The viewer display window could not be initialized." All other file types
disable IEV on Cisco Security Manager, perform the following steps:
1. Access the Microsoft Windows Server that Cisco Security Manager
is installed on.
2. Open the Services dialog box (Choose Start > Administrative Tools
> Services).
3. Locate the Cisco IPS Event Viewer service and open Properties.
4. Change Startup Type: to Disabled and click Ok.
>
> This does interesting things to firefox as well. Specifically, it hangs
> seemingly indefinably (with no cpu utilization). Tested with firefox-2.0.0.6 on
> Foresight Linux (firefox=/foresight.rpath.org@fl:1-devel//1/2.0.0.6-1-1).
er, spoke too soon. It actually just presents a dialog box that doesn't let you
choose an option (to continue logging in or not). What I was seeing was firefox
not letting me do anything until I chose one of the non-existent options.
Killing the dialog box makes the firefox session resume normally. Apparently
this dialog-issue was fixed in trunk (for 3.x) but not in 2.x.
Dear Secunia Research,
SR> The vulnerability is caused by KGet downloading files without the
SR> user's acknowledgment, overwriting existing files of the same name
SR> when displaying a dialog box that allows a user to choose the file to
SR> download out of the options offered by a metalink file.
SR> The Common Vulnerabilities and Exposures (CVE) project has assigned
SR> CVE-2010-1511 for the vulnerability.
display an alert with arbitrary content:
https://[target]/Reach/Client/WebPages/ReachJoin.aspx?xml=&&reachLocale=en-us%22;var%20xxx=%22http://www.foofus.net/~bede/foofuslogo.jpg%22;open%28xxx%29;alert%28%22error,%20please%20enable%20popups%20from%20this%20server%20and%20reload%20from%20the%20link%20you%20were%20given%22%29//
Pop-ups will need to be enabled in order to load a new tab, but this can be
circumvented by social engineering (i.e. a dialog box) or possibly by
more clever javascript insertion.
4. Impact
|
