Next Page >>
interaction
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
------------------------------------------------------------------------
Introduction
------------------------------------------------------------------------
ClickOnce is a deployment technology that allows you to create
self-updating Windows-based applications that can be installed and run
with minimal user interaction. A ClickOnce application is any Windows
Forms or Console application published using ClickOnce technology.
Applications can be published from a web page, a file share, or from
media (i.e. CD-ROM). ClickOnce is available in .NET 2.0 and later.
An application that is deployed through ClickOnce consists of at least
===========
Multiple vulnerabilities have been discovered in Adobe Flash Player:
* The access scope of SystemsetClipboard() allows ActionScript
programs to execute the method without user interaction
(CVE-2008-3873).
* The access scope of FileReference.browse() and
FileReference.download() allows ActionScript programs to execute the
methods without user interaction (CVE-2008-4401).
Google Notebook is a service where it's possible to "add text, images, and links from web pages without leaving your browser window."
Google Bookmarks is a service where it's possible to save bookmarks.
II. Description:
Three cross site scripting vulnerabilities were identified inside Google Notebook. A remote attacker can make a malformed block notes and invite, through the sharing option inside Google Notebook, other users to see it to obtain their cookie. User interaction is required to exploit all three vulnerabilies.
Browser affected: Firefox 3.
Browser not affected: Internet Explorer 7, Opera 9.5, Safari 3.
One cross site scripting vulnerability was identified inside Google Bookmarks. A remote attacker can make a malformed bookmark inside his account and then share it with other users to obtain their cookie. User interaction is required to exploit this vulnerability.
PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals
Description:
BEA Plumtree Foundation portal 6.0 and BEA AquaLogic Interaction 6.1 are
vulnerable to a XSS vulnerability affecting the 'name' parameter which
is submitted to the '/portal/server.pt' server-side script.
Date found: 12th September 2006
On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote:
> The future of malware is going to be largely through social engineering.
> Does that mean we ignore every threat that comes out because it requires
> user interaction? Seems like whistling past the graveyard to me.
Alex, no-one is saying we should ignore it. I would say we downgrade the level
of threat if it requires user interaction. If it requires a lot of
interaction to launch the threat, we downgrade it some more.
That's an interesting figure (86% that is). Can you give us some
insight into what you define as "user interaction"?
If it is clicking a link or reading an HTML email, then OK. If it is
opening an .exe from an email, I'd like to see what client you are
talking about and what environment (meaning, what OS/email client and
what did they have to do to get it to run). But specifically, how many
were exploits where a user had to visit an untrusted site, download an
executable, run it, and explicitly give it administrative credentials to
run? Not just people running as administrator, but typing in the admin
I included any exploit that took any end-user's interaction into the 86%
number. I included the list of exploits and what I considered a
client-side attack (versus truly remote) in the article:
http://weblog.infoworld.com/securityadviser/archives/WindowsExploitAnaly
sis.xls
It's not perfect, and may even contain a few mistakes. However, I don't
think any of the mistakes would change the overall numbers much. The
exploit chart (I listed two years of vulnerabilities, not three as I
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple OS X. User interaction is required to
exploit this vulnerability in that the target must open a malicious
file.
The specific flaw exists in the handling of internet enabled disk image
files. When a specially crafted Menu Extras plugin is included in the
II. Impact
Email Notification System:
A remote attacker is able to construct a malicious email that will cause the Palm Pre WebOS to execute arbitrary HTML code if the notification system is enabled. Upon receiving a malicious email where the FROM field contains HTML code, the Palm Pre WebOS will issue a user a notification that an email has arrived and execute the HTML code of the attacker’s choice. This vulnerability does not require user interaction.
Calendar Application:
A remote attacker can create a malicious calendar event putting arbitrary HTML code inside the event/title field that can be executed without user interaction. To trigger this vulnerability, any of the following conditions can occur:
Minimo includes a password manager feature that allows users to store
user/password information of sites they visit. There are two ways this
feature can be abused. First, the action of any form can be changed
dynamically via JavaScript, which could be introduced into a site via a
cross-site scripting (XSS)bug. Second, the form fields can be
automatically filled in without user interaction. As a result, a XSS bug
could allow an attacker to inject an invisible form into a victims
browser that could collect the user/pass without any interaction or
visible indication.
Note: The Password Manager bug is often misunderstood for how it work.
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Oracle Java Runtime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw is due to insufficient defenses against system
clipboard hijacking. When in focus, a handle to the system clipboard can
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Office PowerPoint Viewer. User
interaction is required to exploit this vulnerability in that the target
must open a malicious PowerPoint PPT file.
The specific flaw exists in the handling of TextCharsAtom (0x0fa0)
records contained in a PPT file. Due to the lack of bounds checking on
the size argument an unchecked memcpy copies user-supplied data from the
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must open a
malicious file.
The specific flaw exists in QuickTimeMPEG.qtx and results when QuickTime
attempts to parse a malformed 'genl' atom that may be present in any
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apples Webkit. User interaction is required
in that the user must coerced into visiting a website or opening a
malicious document.
The specific flaw exists within how the library removes a particular
container element containing another element holding the contentEditable
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to potentially execute
arbitrary code on vulnerable installations of Microsoft Internet
Explorer. User interaction is required to exploit this vulnerability in
that the target must visit a malicious page.
The specific flaw exists during a race condition while repetitively
clicking between two elements at a fast rate. When clicking back and
forth between these two elements a corruption occurs resulting in a call
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
software utilizing a vulnerable version of Mozilla's Firefox. User
interaction is required in that the victim must visit a malicious
website or be coerced into opening a malicious document.
The specific flaw exists within how the application handles particular
events for an nsTreeSelection element. Upon execution of a "select"
event the application will access an element without checking to see if
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple's Webkit. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists within how the WebKit library handles
recursively defined Use elements. Upon expanding the target of the use
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sun's Java Runtime Environment. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists in the processing of JPEG image dimensions.
When specifying large values to the dimensions of a subsample an integer
overflow occurs leading to memory corruption. Successful exploitation of
Description:
============
This vulnerability allows remote attackers to execute arbitrary code
on vulnerable installations of McAfee LinuxShield. User interaction
is not required to exploit this vulnerability but an attacker must
be authenticated.
The LinuxShield Webinterface communicates with the localy installed
"nailsd" daemon, which listens on port 65443/tcp, to do configuration
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple QuickTime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists during the rendering of an audio stream
utilizing QDesign's audio codec. The application will perform an
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple's Webkit. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists with how WebKit inserts error messages into
documents utilizing the SVG namespace. Upon a parsing error the library
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required in that a user must visit a malicious web page.
The specific flaw exists in the parsing of CSS style information. When a
writing-mode style is used with a specific combination of HTML tags,
memory corruption occurs. Exploitation of this vulnerability will lead
to remote system compromise under the credentials of the currently
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sun's Java Runtime Environment. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists in the processing of JPEG image dimensions.
When specifying large values to the dimensions of a subsample an integer
overflow occurs leading to memory corruption. Successful exploitation of
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Mac OS X. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists within the Apple ImageIO framework during the
parsing of malformed JPEG2000 files. The function
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple's Webkit. User interaction is required
in that a user must be coerced into viewing a website.
The specific flaw exists within the way the library handles selections.
If a particular element is selected by the application, an event can be
triggered in order to interrupt execution handling a component of the
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Shockwave. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists within the code responsible for parsing 3D
objects defined inside Director files. An undocumented 4-byte field
Microsoft Internet Explorer
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific flaw exists when a Col element is used within an HTML table
container. If this element is removed while the table is in use a cache
that exists of the table's cells will be used after one of it's elements
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or otherwise render a malicious file.
The specific flaw exists within a particular XSLT transformation when
applied to an XML document. If a large number of elements have this
Next Page>>
|
