| New User, Welcome! Login |
personal computers
VULNERABILITY SUMMARY
Potential security vulnerabilities has been identified with HP Data Protector Notebook Extension. These vulnerabilities could be remotely exploited to allow execution of arbitrary code.
References: CVE-2011-3156 (ZDI-CAN-1222), CVE-2011-3157 (ZDI-CAN-1225), CVE-2011-3158 (ZDI-CAN-1226), CVE-2011-3159 (ZDI-CAN-1227), CVE-2011-3160 (ZDI-CAN-1228), CVE-2011-3161 (ZDI-CAN-1229), CVE-2011-3162 (ZDI-CAN-1296).
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Data Protector Notebook Extension version 6.20, running on Windows platform (2000, 2003, XP, 2008, Vista, Win7).
HP Data Protector for Personal Computers version 7.0, running on Windows platform (2000, 2003, XP, 2008, Vista, Win7).
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
I. BACKGROUND
---------------------
Microsoft Windows Media Player (WMP) is a media player and media library
application that is used for playing audio, video and viewing images on
personal computers running the Microsoft Windows operating system.
II. DESCRIPTION
---------------------
[5] Jorge Luis Alvarez Medina, Abusing Insecure Feature of Internet
Explorer, Feb. 2010
http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-article.pdf
[6] Jorge Luis Alvarez Medina, Internet Explorer turns your personal
computer into a public File Server, BlackHat Technical Security
conference, Feb. 2010, Washington D.C., USA.
http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-BHDC2010-Slides.pdf
[7] Wikipedia, Trident (layout engine).
http://en.wikipedia.org/wiki/Trident_(layout_engine)
"Java is a programming language and computing platform released by Sun
Microsystems (now Oracle). It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide, and
on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
"Java is a programming language and computing platform released by
Sun Microsystems. It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide,
and on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
"Java is a programming language and computing platform released by
Sun Microsystems. It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide,
and on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
"Java is a programming language and computing platform released by Sun
Microsystems (now Oracle). It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide, and
on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
*Vulnerability Description*
CORE FORCE is the first community oriented security solution for personal
computers that provides a comprehensive endpoint security solution for
Windows 2000 and Windows XP systems.
CORE FORCE provides inbound and outbound stateful packet filtering for
TCP/IP protocols using a Windows port of OpenBSD's PF firewall, granular
file system and registry access control and programs' integrity
Vuln : TEHTRI-SA-2010-018
Tool : LuckySploit Exploit Pack
Title: Remote execution in LuckySploit
LuckySploit is a tool used by attackers to penetrate companies or
personal computers by abusing client-side vulnerabilities. This malware
exploitation kit is full of anti Microsoft technologies.
By auditing this Malware, TEHTRI-Security has found a pre-auth remote
exploit in the file /mod/to.php
"Java is a programming language and computing platform released by Sun
Microsystems (now Oracle). It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide, and
on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
"Java is a programming language and computing platform released by Sun
Microsystems (now Oracle). It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide, and
on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
Carlos Sarraute (Core Security)
17h00-18h00 ? Evolution of Microsoft security mitigations ? Tim Burrell
(Microsoft)
Friday 2010-04-09:
10h30-11h30 ? Internet Explorer turns your personal computer into a
public file server ? Jorge Luis Alvarez Medina (Core Security)
11h30-12h30 ? Breaking Virtualization by switching to Virtual 8086 mode
? Jonathan Brossard (P1 Security)
14h00-15h00 ? Mac OS X Physical Memory Analysis ? Matthieu Suiche
Abstract
In 2009 we examined the effects of manipulating synchronization
objects in security software suites frequently found on personal
computers running Windows XP and Vista. The synchronization objects
were mutexes and events, and the security software included products
from AVG, Avast, Avira, BitDefender, BullGuard, CheckPoint, Eset,
F-Prot, F-Secure, Kaspersky, McAfee, Microsoft (Security Essentials),
Norman, Norton, Panda, PC Tools, Quick Heal, Symantec, and Trend
Micro.
"Java is a programming language and computing platform released by Sun
Microsystems (now Oracle). It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide, and
on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
"Java is a programming language and computing platform released by Sun
Microsystems (now Oracle). It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide, and
on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
Original URL:
http://securityreason.com/achievement_securityalert/73
- --- 0.Description ---
Opera is a Web browser and Internet suite developed by the Opera Software company. The browser handles common Internet-related tasks such as displaying Web sites, sending and receiving e-mail messages, managing contacts, IRC online chatting, downloading files via BitTorrent, and reading Web feeds. Opera is offered free of charge for personal computers and mobile phones.
- --- 1. Opera 10.01 Remote Array Overrun (Arbitrary code execution) ---
The main problem exist in dtoa implementation. Opera has a very similar dtoa algorithm to the BSD, Chrome and Mozilla products. It is the same issue like SREASONRES:20090625.
"Java is a programming language and computing platform released by
Sun Microsystems. It is the underlying technology that powers
state-of-the-art programs including utilities, games, and business
applications.
Java runs on more than 850 million personal computers worldwide,
and on billions of devices worldwide, including mobile and TV devices."
II. DESCRIPTION
---------------------
|
|
|
