Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Microsoft Office (multiple bugs)
дополнено с 13 февраля 2007 г.
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7232
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные уязвимости в отработке различных типов объектов.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.)
 CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.)
 CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.)
 CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.)
 CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.)
 CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.)
 CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.)
 CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.)
 CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.)
 CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.)
Оригинальный текстdocumentMICROSOF, Microsoft Security Bulletin MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) (13.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434) (13.02.2007)
Файлы:Microsoft Security Bulletin MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
 Microsoft Security Bulletin MS07-014 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)

Многочисленные уязвимости в Microsoft Internet Explorer (multiple bugs)
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7233
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждения памяти при работе с COM-объектами и разборе ответа сервера FTP могут быть использования для скрытой установки вредоносного кода.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.)
 CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.)
 CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.13.07: Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability (14.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) (14.02.2007)
Файлы:MS 07-016 FTP Server Response PoC
 Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer

Переполнение буфера в Microsoft Step-by-Step Interactive Training (buffer overflow)
дополнено с 13 февраля 2007 г.
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7223
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файлов закладок (.cbl, .cbm, .cbo).
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.)
Оригинальный текстdocumentBrett Moore, MS Interactive Training .cbo Overflow (14.02.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-005 (13.02.2007)
Файлы:Microsoft Security Bulletin MS07-005 Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

DoS против Microsoft Excel
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7234
Тип:клиент
Уровень опасности:
2/10
Описание:Обращение по нулевому указателю при открытии поврежденного файла фоматов XML и XLS.
Затронутые продукты:MICROSOFT : Office 2003
CVE:CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.)
Оригинальный текстdocumentsehato, Microsoft Office Excel 2003 XLS File Denial Of Service (14.02.2007)
 documentsehato, Microsoft Office Excel 2003 XLS File Denial Of Service (14.02.2007)
Файлы:Microsoft Excel DoS PoC 2
 Microsoft Excel DoS PoC.

Многочисленные ошибки в Cisco IOS IPS (multiple bugs)
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7235
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход защиты через фрагментированные IP-пакеты, DoS при использовании регулярных выражений.
Затронутые продукты:CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (traffic loss) use regular expressions via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature.)
 CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple IOS IPS Vulnerabilities (14.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:14 февраля 2007 г.
Источник:
SecurityVulns ID:7236
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:JUPITERPORTAL : Jupiter Cms 1.1
 WEBTESTER : WebTester 5.0
CVE:CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot), or an absolute pathname, in the n parameter.)
 CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter.)
 CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Jupiter CMS 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header and certain other HTTP headers, which are displayed without proper sanitization when an administrator performs a Logged Guest action.)
 CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in Jupiter CMS 1.1.5 allows remote attackers to upload arbitrary files by modifying the HTTP request to send an image content type, and to omit is_guest and is_user parameters. NOTE: this issue might be related to CVE-2006-4875.)
 CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.)
 CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.)
 CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files.)
 CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.)
 CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to inject arbitrary web script or HTML via the cat parameter.)
Оригинальный текстdocumentMoran Zavdi, WebTester 5.0.2 sql injection and XSS vulnerabilities (14.02.2007)
 documentgmdarkfig_(at)_gmail.com, Jupiter CMS 1.1.5 Multiple Vulnerabilities (14.02.2007)
 documentShaFuq31_(at)_HoTMaiL.CoM, Fullaspsite Shop (tr) Xss & SqL İnj. VulnZ. (14.02.2007)
Файлы:Jupiter CMS SQL Injection Vulnerability (POC #1)
 Jupiter CMS File Upload Vulnerability (POC #2)
 Jupiter CMS "Logged Guest" XSS Vulnerability (POC #3)
 PhpSploit Class

Многочисленные уязвимости в MailEnable (multiple bugs)
дополнено с 14 февраля 2007 г.
Опубликовано:2 марта 2007 г.
Источник:
SecurityVulns ID:7237
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные возможности межсайтового скриптинга в Web-интерфейсе, DoS на NTLM-аутентификации. Переполнение буфера в команде IMAP APPEND.
Затронутые продукты:MAILENABLE : MailEnable Professional 2.35
 MAILENABLE : MailEnable Professional 2.37
CVE:CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.)
 CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.)
 CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.)
 CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via (1) e-mail messages and (2) the ID parameter to (a) right.asp, (b) Forms/MAI/list.asp, and (c) Forms/VCF/list.asp in mewebmail/base/default/lang/EN/.)
Оригинальный текстdocumentmu-b, [Full-disclosure] MailEnable v2.37 APPEND exploit (02.03.2007)
 documentmu-b, [Full-disclosure] MailEnable DoS POC (14.02.2007)
 documentSECUNIA, [Full-disclosure] Secunia Research: MailEnable Web Mail Client Multiple Vulnerabilities (14.02.2007)
Файлы:Exploits Mail Enable Professional/Enterprise v2.32-7 (win32)
 Mail Enable Professional/Enterprise v2.32-4 (win32) remote exploit
 Mail Enable Professional <=v2.35 (win32) remote exploit
 Exploits Mail Enable Professional/Enterprise <=v2.35 (win32)
 Mail Enable Professional/Enterprise v2.32-4 (win32) remote exploit

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород