Next Page >>
user interaction
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
In particular this attack vector exposes workstations to:
- - Direct remote execution of arbitrary commands without user interaction.
- - Direct exploitation of IE bugs without user interaction. For example,
exploitation bugs that normally require the user to click on a URL
provided by the attacker can be exploited directly using this attack
vector.
- - Direct injection of scripting code in Internet Explorer. For example,
------------------------------------------------------------------------
Introduction
------------------------------------------------------------------------
ClickOnce is a deployment technology that allows you to create
self-updating Windows-based applications that can be installed and run
with minimal user interaction. A ClickOnce application is any Windows
Forms or Console application published using ClickOnce technology.
Applications can be published from a web page, a file share, or from
media (i.e. CD-ROM). ClickOnce is available in .NET 2.0 and later.
An application that is deployed through ClickOnce consists of at least
Google Notebook is a service where it's possible to "add text, images, and links from web pages without leaving your browser window."
Google Bookmarks is a service where it's possible to save bookmarks.
II. Description:
Three cross site scripting vulnerabilities were identified inside Google Notebook. A remote attacker can make a malformed block notes and invite, through the sharing option inside Google Notebook, other users to see it to obtain their cookie. User interaction is required to exploit all three vulnerabilies.
Browser affected: Firefox 3.
Browser not affected: Internet Explorer 7, Opera 9.5, Safari 3.
One cross site scripting vulnerability was identified inside Google Bookmarks. A remote attacker can make a malformed bookmark inside his account and then share it with other users to obtain their cookie. User interaction is required to exploit this vulnerability.
===========
Multiple vulnerabilities have been discovered in Adobe Flash Player:
* The access scope of SystemsetClipboard() allows ActionScript
programs to execute the method without user interaction
(CVE-2008-3873).
* The access scope of FileReference.browse() and
FileReference.download() allows ActionScript programs to execute the
methods without user interaction (CVE-2008-4401).
PR06-12: XSS on BEA Plumtree Foundation and AquaLogic Interaction portals
Description:
BEA Plumtree Foundation portal 6.0 and BEA AquaLogic Interaction 6.1 are
vulnerable to a XSS vulnerability affecting the 'name' parameter which
is submitted to the '/portal/server.pt' server-side script.
Date found: 12th September 2006
On Thursday 01 November 2007 11:49:09 Alex Eckelberry wrote:
> The future of malware is going to be largely through social engineering.
> Does that mean we ignore every threat that comes out because it requires
> user interaction? Seems like whistling past the graveyard to me.
Alex, no-one is saying we should ignore it. I would say we downgrade the level
of threat if it requires user interaction. If it requires a lot of
interaction to launch the threat, we downgrade it some more.
That's an interesting figure (86% that is). Can you give us some
insight into what you define as "user interaction"?
If it is clicking a link or reading an HTML email, then OK. If it is
opening an .exe from an email, I'd like to see what client you are
talking about and what environment (meaning, what OS/email client and
what did they have to do to get it to run). But specifically, how many
were exploits where a user had to visit an untrusted site, download an
executable, run it, and explicitly give it administrative credentials to
run? Not just people running as administrator, but typing in the admin
I included any exploit that took any end-user's interaction into the 86%
number. I included the list of exploits and what I considered a
client-side attack (versus truly remote) in the article:
http://weblog.infoworld.com/securityadviser/archives/WindowsExploitAnaly
sis.xls
It's not perfect, and may even contain a few mistakes. However, I don't
think any of the mistakes would change the overall numbers much. The
exploit chart (I listed two years of vulnerabilities, not three as I
http://www.tippingpoint.com
- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Oracle Java. User interaction is required to
exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists within JavaFX, a downloadable Java extension.
The JavaFX Jar file is signed by Oracle and can be installed without
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple OS X. User interaction is required to
exploit this vulnerability in that the target must open a malicious
file.
The specific flaw exists in the handling of internet enabled disk image
files. When a specially crafted Menu Extras plugin is included in the
II. Impact
Email Notification System:
A remote attacker is able to construct a malicious email that will cause the Palm Pre WebOS to execute arbitrary HTML code if the notification system is enabled. Upon receiving a malicious email where the FROM field contains HTML code, the Palm Pre WebOS will issue a user a notification that an email has arrived and execute the HTML code of the attacker’s choice. This vulnerability does not require user interaction.
Calendar Application:
A remote attacker can create a malicious calendar event putting arbitrary HTML code inside the event/title field that can be executed without user interaction. To trigger this vulnerability, any of the following conditions can occur:
Minimo includes a password manager feature that allows users to store
user/password information of sites they visit. There are two ways this
feature can be abused. First, the action of any form can be changed
dynamically via JavaScript, which could be introduced into a site via a
cross-site scripting (XSS)bug. Second, the form fields can be
automatically filled in without user interaction. As a result, a XSS bug
could allow an attacker to inject an invisible form into a victims
browser that could collect the user/pass without any interaction or
visible indication.
Note: The Password Manager bug is often misunderstood for how it work.
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of the Oracle Java Runtime. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw is due to insufficient defenses against system
clipboard hijacking. When in focus, a handle to the system clipboard can
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Windows XP, Server and Vista. User
interaction is required in that a user must open a malicious image file
or browse to a malicious website.
The specific flaws exist in the GDI+ subsystem when parsing maliciously
crafted GIF files. By supplying a malformed graphic control extension an
attacker can trigger an exploitable memory corruption condition.
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required in that a user must visit a malicious web page.
The specific flaw exists in the manipulation and parsing of certain HTML
tags. The ordering of various objects in a malformed way results in
memory corruption resulting in a call to a dangling pointer which can be
further leveraged via a heap spray. Exploitation of this vulnerability
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required in that a user must visit a malicious web page.
The specific flaw exists in the parsing of CSS style information. When a
writing-mode style is used with a specific combination of HTML tags,
memory corruption occurs. Exploitation of this vulnerability will lead
to remote system compromise under the credentials of the currently
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page.
The specific flaw exists in the garbage collection of JavaScript set
elements in WebCore. When an SVG set object is appended to an SVG marker
scip AG Vulnerability ID 4143 (07/08/2010)
http://www.scip.ch/?vuldb.4143
I. INTRODUCTION
Grabbit is a popular freeware client for binary Usenet interaction.
More information is available on the official web site at the following URL:
http://www.shemes.com/index.php?p=download
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.
The specific flaw exists within the libpr0n library which is responsible
for handling image caching and animation and is due to the way the
-- Affected Products:
Oracle Secure Backup
-- Vulnerability Details:
This vulnerability allows remote attackers to inject arbitrary commands
on vulnerable installations of Oracle Secure Backup. User interaction is
not required to exploit this vulnerability but an attacker must be
authenticated.
The specific flaw exists in the handling of various variables to the
script property_box.php used in the administration server running on
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple's Webkit. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists within how the WebKit library handles
recursively defined Use elements. Upon expanding the target of the use
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allws attackers to execute arbitrary code on
vulnerable installations of CA BrightStor ARCserve Backup for Linux.
User interaction is not required to exploit this vulnerability.
The specific flaw exists due to improper bounds checking in the
xdr_rwsstring() library function. By sending a long parameter into a
daemon using this function to process strings, a stack based buffer
overflow occurs, leading to execution of arbitrary code.
-- Affected Products:
Apple OS X
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple OS X. User interaction is required to
exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw appears to exist in the ATSServer font server upon
parsing of malicious Compact Font Format files. A boundary condition
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Acrobat and Adobe Reader. User
interaction is required in that a user must visit a malicious web site
or open a malicious file.
The specific flaw exists when processing malicious JavaScript contained
in a PDF document. When supplying a specially crafted argument to the
getIcon() method of a Collab object, proper bounds checking is not
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of both IBM Informix Dynamic Server and EMC
Legato Networker. User interaction is not required to exploit this
vulnerability.
The specific flaw exists within the RPC protocol parsing library,
librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound
by default to TCP port 36890. During authentication, a lack of a proper
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Sun Java Web Start. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists in the writeManifest() method of the CacheEntry
class. A directory traversal flaw in this method allows the creation of
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple WebKit. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page.
The specific flaw exists in the handling of attr() functions in a CSS
content object. When a large numerical value is passed as the argument
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to force a Microsoft Windows
system to execute a given local executable. User interaction is required
in that the target must access a malicious URL.
The specific flaw exists within the ShellExecute API. Using a specially
formatted URL an attacker can bypass sanitization checks within this
function and force the calling application into running an executable of
Microsoft Internet Explorer
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the target
must visit a malicious page.
The specific vulnerability exist due to improper AJAX request
synchronization in Internet Explorer. When many asynchronous
XMLHttpRequest are running concurrently memory corruption can occur that
Next Page>>
|
