This bulletin summary lists 2 released Microsoft security bulletins for September, 2012.
b37c73b574740d8905d7df57178229e7e05094fdfc405aaca379cf4a69316b23VUPEN Vulnerability Research Team discovered a critical vulnerability in Mozilla Firefox. The vulnerability is caused by a use-after-free error in the "setUserData()" method within the "nsHTMLEditRules" class, which could allow remote attackers execute arbitrary code via a specially crafted web page. Products affected include Mozilla Firefox versions prior to 15, Mozilla Firefox ESR versions prior to 10.0.7, Mozilla Thunderbird versions prior to 15, Mozilla Thunderbird ESR versions prior to 10.0.7, and Mozilla SeaMonkey versions prior to 2.12.
b959bb054b031b5fb76ff256d6ea33e667b137e39e0b15d5f9ad08cc17dd93afVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft products. The vulnerability is caused by a use-after-free error in the "TabStrip" Control within the "MSCOMCTL.OCX" component, which could allow remote attackers execute arbitrary code via a specially crafted web page or malicious Office document. A large amount of products are affected.
83d4ac95b7df6d9d0e21446d37657b74bd6349ccb853b935fd08488698d5329fVUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash Player. The vulnerability is caused by an integer overflow error in the "copyRawDataTo()" method within the "Matrix3D" class when processing malformed arguments, which could allow remote attackers execute arbitrary code via a specially crafted web page. Adobe Flash Player versions 11.3.300.271 and prior are affected.
d2ffa29681b8fc88e5a88e349eabd789a616bded95aa6af9e69538a75b01138cSubrion CMS version 2.2.1 suffers from multiple cross site scripting vulnerabilities.
71aa556707546212a6d4ed18794a6e021c18c65c8fdf27d058c7c52dbd76147eSubrion CMS version 2.2.1 suffers from a cross site request forgery vulnerability.
8af87e791ee1c2ad086a56411f33adf74456599c5da8043cb2938341e5458e9eRSA BSAFE SSL-C version 2.8.6 contains fixes designed to prevent BEAST attacks and buffer overflow vulnerabilities.
07866ead31523b9bb7ab72641a09d85bba54b75eb00d3fb5390de3d35846dc0eSecurity Explorations discovered multiple security vulnerabilities in IBM SDK, Java Technology Edition software. This is IBM's implementation of Java SE technology for AIX, Linux, z/OS and IBMi platforms. Among a total of 17 security weaknesses found, there are issues that can lead to the complete compromise of a target IBM Java environment.
867ac9eef17a67029d0c83a32794fd6f14dae99bbb8a7705e718b79b7bd50592Red Hat Security Advisory 2012-1255-01 - The libexif packages provide an Exchangeable image file format library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
950eef62427ecffcf4434bea906d1443d0484f2902205545590132231c5202ebRed Hat Security Advisory 2012-1256-01 - Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures and an interpreter for Portable Document Format files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library. An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript.
e992fb046a4ff2889ed6c6092055f9db6deaf8f238ece7cd352e50ae3b1a0446Ubuntu Security Notice 1548-2 - USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, Jason Smith, John Schoenick, Vladimir Vukicevic and Daniel Holbert discovered memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Abhishek Arya discovered multiple use-after-free vulnerabilities. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. Various other issues were also addressed.
dfaba959f6502b040fab156a51640bd5873540cd3fb41bf5a80683ee08d50f11Ezylog Photovoltaic Management Server suffers from remote SQL injection, broken session management, hard-coded credential, and command injection vulnerabilities. The vendor has ignored the researcher.
c08de71fe982a59f6dfe14d76d8893338a491e1cf4c84021950bc3a71f354cacSiteGo suffers from a remote file inclusion vulnerability.
c797879792ae8c7301e769c55cd13c98f92f854719dec1a9a9bece53c0598d6cWordpress Download Monitor version 3.3.5.7 suffers from a cross site scripting vulnerability.
62a3d6dc277efb88b7649f9126607e4ef62d62c1c19ec0fb2fabddcef3b89547RSA BSAFE Micro Edition Suite contains updates designed to prevent BEAST attacks. There is a known vulnerability in SSLv3 and TLS v1.0 to do with how the Initialization Vector (IV) is generated. For symmetric key algorithms in CBC mode, the IV for the first record is generated using keys and secrets set during the SSL or TLS handshake. All subsequent records are encrypted using the ciphertext block from the previous record as the IV. With symmetric key encryption in CBC mode, plain text encrypted with the same IV and key generates the same cipher text, which is why having a variable IV is important. The BEAST exploit uses this SSLv3 and TLS v1.0 vulnerability by allowing an attacker to observe the last ciphertext block, which is the IV, then replace this with an IV of their choice, inject some of their own plain text data, and when this new IV is used to encrypt the data, the attacker can guess the plain text data one byte at a time.
4e56495de2b69ef7d68078731b4a833e5b7e7e1fcf37eae6b23402acdfe8f530This Metasploit module exploits a vulnerability in Openfiler version 2.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'openfiler' user. The 'system.html' file uses user controlled data from the 'device' parameter to create a new 'NetworkCard' object. The class constructor in 'network.inc' calls exec() with the supplied data. The 'openfiler' user may 'sudo /bin/bash' without providing a system password.
ef6788fdc2bbdb21b278fd22582c6c12fb18b12cc2341fe8561207bf69d634a8This Metasploit module exploits a command execution vulnerability in WAN Emulator version 2.3 which can be abused to allow unauthenticated users to execute arbitrary commands under the context of the 'www-data' user. The 'result.php' script calls shell_exec() with user controlled data from the 'pc' parameter. This Metasploit module also exploits a command execution vulnerability to gain root privileges. The 'dosu' binary is suid 'root' and vulnerable to command execution in argument one.
1fb42426dc819635f534f9d0dfa8faeb1296d0151e8ddec91cb563bd1c4e5011This Metasploit module exploits a stack based buffer overflow in Winamp 5.55. The flaw exists in the gen_ff.dll and occurs while parsing a specially crafted MAKI file, where memmove is used with in a insecure way with user controlled data. To exploit the vulnerability the attacker must convince the attacker to install the generated mcvcore.maki file in the "scripts" directory of the default "Bento" skin, or generate a new skin using the crafted mcvcore.maki file. The module has been tested successfully on Windows XP SP3 and Windows 7 SP1.
5adb71bf40d8f22c0a8d648e7bf1a6e8306425ec34b9602f5ae6bdf26e12970bSecunia Security Advisory - A vulnerability has been reported in ColdFusion, which can be exploited by malicious people to cause a DoS (Denial of Service).
f3071207e7f8e86e85d6f2836a32c0cc0b5f4b33bce46970540f89454d37d3f9Secunia Security Advisory - Reaction Information Security has discovered a vulnerability in the Download Monitor plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.
12303c97b0425864a9e60b3c2c40d0491533bad148beb92d0cf2f8161f04cfbaSecunia Security Advisory - A vulnerability has been reported in Visual Studio Team Foundation Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
21f35933183e0919284e7319ce1384c80b84a5bf9f19906551110896554a5825Secunia Security Advisory - A vulnerability has been reported in System Center Configuration Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
34c5a266f839f4c1566b598db39d95e8d5b5f2b2bcebb64f00598909c6547a97ANTEMENE suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
c3e7b70af7b0947686b188fd14292ff4d33683e0fceaedbbd8ac149bee6b305eFBDj Stats suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
861a7c32cf329f736c93f97b2e4990dc1dc0bb799232aff5a7865a1c87005cc7Secunia Security Advisory - Ubuntu has issued an update for gimp. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
7a0165da3bb779e6447f8a361eb19ce169d01c886e018f048150cf7031604480
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed