Next Page >>
end user
I included any exploit that took any end-user's interaction into the 86%
number. I included the list of exploits and what I considered a
client-side attack (versus truly remote) in the article:
http://weblog.infoworld.com/securityadviser/archives/WindowsExploitAnaly
sis.xls
It's not perfect, and may even contain a few mistakes. However, I don't
think any of the mistakes would change the overall numbers much. The
exploit chart (I listed two years of vulnerabilities, not three as I
Affected products :
Client-side products
---------------------
These will not be patched, trends reason is that
malware will be detected up on extraction. While this is true for end-user
setups this is not the case if you use such products to scan Fileservers,
Database servers or any server where an enduser does not actively extract
content. The detection is still completely bypassed. In other words you
can no longer assume that RAR,ZIP,CAB (or any other archive) is safe/clean after
a Trendmicro scan with these products .
of web sites providing calendars files and open subscription to calendar
updates [3][4][5].
Three vulnerabilities discovered in the iCal application may allow
un-authenticated attackers to execute arbitrary code on vulnerable
systems with (and potentially without) the assistance from the end user
of the application or to repeatean resource liberationdly execute a
denial of service attack to crash the iCal application.
The most serious of the three vulnerabilities is due to potential
memory corruption resulting from a resource liberation bug that can be
of web sites providing calendars files and open subscription to calendar
updates [3][4][5].
Three vulnerabilities discovered in the iCal application may allow
un-authenticated attackers to execute arbitrary code on vulnerable
systems with (and potentially without) the assistance from the end user
of the application or to repeatean resource liberationdly execute a
denial of service attack to crash the iCal application.
The most serious of the three vulnerabilities is due to potential
memory corruption resulting from a resource liberation bug that can be
ciscoasa# show running-config webvpn
webvpn
enable outside
End user systems running Microsoft Windows may be affected if they
have used the Cisco Clientless VPN feature on an affected device from
a browser that supports ActiveX technology. Devices that contain the
cscopf.ocx ActiveX control registered with a class ID (CLSID) of
{B8E73359-3422-4384-8D27-4EA1B4C01232} are affected. The affected
controls are marked both Safe for Scripting (SFS) and Safe for
indexing, and jBPM workflow. The OpenKM system was developed using Java
technology.
[2] Cross-site Request Forgery
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CSRF is an attack which forces an end user to execute unwanted actions
on a
web application in which he/she is currently authenticated. With a
little help
of social engineering (like sending a link via email/chat), an attacker
may
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by manipulating RAR archive in
a "certain way" that the IBM engine cannot extract the content but
the end user is able to. Details are currently witheld (see below).
A professional reaction to a vulnerability notification is a way
to measure the maturity of a vendor in terms of security. IBM is
given a grace period of two (2) weeks to reply to my notification.
Failure to do so will resulting in POC being released in two (2)
II. Description
~~~~~~~~~~~~~~~
The parsing engine can be bypassed by manipulating RAR archive in
a "certain way" that the Clamav engine cannot extract the content but
the end user is able to. Details are currently witheld (thanks to IBM).
III. Impact
~~~~~~~~~~~
The bug results in denying the engine the possibility to inspect
code within the RAR archive. While the impact might be low client-
users to exploit them. Lotus Notes displays the file type and
corresponding icon based on the attached file’s extension rather than the
MIME Content-Type header in the email whereas the view functionality is
handled by the Verity KeyView component which processes the attachment
based on the file contents. Exploitation of these vulnerabilities
requires end-user interaction but the discrepancy described above could
allow an attacker to send a malicious Lotus 1-2-3 file as an attachment
with a seemingly innocuous extension (for example, .JPG or .GIF) that
more easily lure users into viewing it thus making it easier to succeed in
the exploitation attempt.
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security, Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
There are instances of XSS vulnerabilities in the Instance Management component of Oracle Enterprise Manager Grid Control. For example the 'commentinput' parameter of /em/console/database/monitoring/metricDetail$type web page is vulnerable to this kind of attacks.
Impact:
Attackers might steal administrator's session cookies, thereby allowing the attacker to impersonate the valid user.
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Hewlett-Packard (HP) is the world's largest PC dealer. According to IDC, HP shipped 14.7 million units worldwide, a 23.3 percent year-over-year growth and a 19 percent market share.
PC's and laptops from HP are often shipped with preinstalled software running on Microsoft Windows. The software is designed so the end-user can keep drivers and HP software automatically updated. This is done through a ActiveX plugin for Microsoft Internet Explorer.
CSIS have discovered multiple high-risk vulnerabilities in several parts of that specific software. The affected component are found preinstalled on a broad range of HP equipment but are also installed when a end user visits HP webpage in order to access software updates such as applications, drivers and firmware for multiple HP products.
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Credits:
This vulnerability was discovered and researched by Esteban Martinez Fayo of Application Security, Inc.
Details:
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
There are instances of XSS vulnerabilities in the Instance Management component of Oracle Enterprise Manager Grid Control. For example, the 'datasource' parameter of /em/console/database/instance/sitemap web page is vulnerable to this kind of attacks.
Impact:
Attackers might steal administrator's session cookies, thereby allowing the attacker to impersonate the valid user.
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 28, 2008
I. BACKGROUND
Hewlett-Packard's Internet Services provides end-user emulation of major
business applications and a single integrated view of the Internet
infrastructure. For more information, please visit following URL.
http://www.openview.hp.com/products/ovis/index.html
experiencing AIM "bugs" or "problems" related to the issues reported in
Core‟s advisory [6],[7] and that AOL itself seems to be using
HTML/JavaScript injection and instantiation of third-party ActiveX
controls [8]. Therefore, to provide accurate information that helps
security practitioners understand the risks and devise mitigation
strategies for affected end users and organizations Core has decided to
release this security advisory on Monday Sept. 24th. AOL‟s statement
regarding release of fixed clients and any other mitigation mechanism is
expected by COB Friday Sept. 21st. In the meantime, Core researchers will
try to find suitable workarounds to prevent exploitation.
*2007-09-20*: Email from AOL PVT indicating that the bug posted publicly
Console. An attacker, who can convince a user to follow a URL or view
a webpage, can use redirection to potentially carry out additional
web based attacks.
Note: These vulnerabilities only affect the Administrative Console
and do not apply to end user facing pages.
Risk Rating
Medium
policy, allowing or denying them.
- This is only an issue with gateway products
Every environment where the archive is not actively extracted by
the end-user is affected. For example, fileservers, databases
etc. pp. Over the years I saw the strangest environments that
were affected by this type of "bug". My position is that customers
deserve better security than this.
- If this is exploited by a worm it will be fixed within minutes.
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web application uses input from a user
in the output it generates without validating or encoding it.
For additional information, please read [1].
Vulnerable Function / ID Calls: (XSS)
sc_error
Cross Site Scripting:
http://www.website.tld/sitecore/login/default.aspx?sc_error=<script>alert(0)</script>
- You can input whatever you like in sc_error which will be echoed directly to the end-user as an error message.
2nd Cross Site Scripting: (example)
http://www.website.tld/sitecore/login/default.aspx?sc_error=You do not have any rights to perform that action. <script>alert(0)</script>
-:: Solution ::-
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources
are exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and
software security auditing. Based in Boston, MA and Buenos Aires,
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources
are exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and
software security auditing. Based in Boston, MA and Buenos Aires,
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources are
exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and software
security auditing. Based in Boston, MA and Buenos Aires, Argentina, Core
Core Security Technologies develops strategic solutions that help
security-conscious organizations worldwide develop and maintain a
proactive process for securing their networks. The company's flagship
product, CORE IMPACT, is the most comprehensive product for performing
enterprise security assurance testing. CORE IMPACT evaluates network,
endpoint and end-user vulnerabilities and identifies what resources
are exposed. It enables organizations to determine if current security
investments are detecting and preventing attacks. Core Security
Technologies augments its leading technology solution with world-class
security consulting services, including penetration testing and
software security auditing. Based in Boston, MA and Buenos Aires,
Next Page>>
|
