Информационная безопасность
[RU] switch to English


Проблема с RAIUS-аутентификаций в Microsoft ISA Server
Опубликовано:14 июля 2009 г.
Источник:
SecurityVulns ID:10071
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно обойти аутентификацию через Web-форму, если сервер настроен на RADIUS-аутентификация с использование одноразовых паролей.
Затронутые продукты:MICROSOFT : Internet Security and Acceleration Server 2006
CVE:CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953) (14.07.2009)
Файлы:Microsoft Security Bulletin MS09-031 - Important Vulnerability in Microsoft ISA Server 2006 Could Cause Elevation of Privilege (970953)

Повреждение памяти в Mozilla firefox
Опубликовано:14 июля 2009 г.
Источник:
SecurityVulns ID:10067
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти во время выполнения javascript.
Затронутые продукты:MOZILLA : Firefox 3.5
Оригинальный текстdocumentmrx_(at)_propergander.org.uk, [Full-disclosure] [SA35798] Firefox 3.5 memory corruption vulnerability (14.07.2009)

Многочисленные уязвимости безопасности в HP ProCurve Threat Management Services zl Module
Опубликовано:14 июля 2009 г.
Источник:
SecurityVulns ID:10064
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS-условия, несанционированный доступ.
CVE:CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424.)
 CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39412, a different vulnerability than CVE-2009-1423 and CVE-2009-1425.)
 CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425.)
 CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS) (14.07.2009)

Переполнение буфера в Novell eDirectory iMonitor
Опубликовано:14 июля 2009 г.
Источник:
SecurityVulns ID:10066
Тип:удаленная
Уровень опасности:
5/10
Описание:Однобайтовое переполнение буфера на заголовке Accept-Language: запроса HTTP.
Затронутые продукты:NOVELL : eDirectory 8.8
CVE:CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.)
Оригинальный текстdocumentSECUNIA, Secunia Research: Novell eDirectory iMonitor "Accept-Language" Buffer Overflow (14.07.2009)

Многочисленные уязвимости безопасности в Microsoft DirectShow
Опубликовано:14 июля 2009 г.
Источник:
SecurityVulns ID:10068
Тип:библиотека
Уровень опасности:
7/10
Описание:Многочисленные DoS условия и повреждения памяти при обработке форматов Apple QuickTime.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability.")
 CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability.")
 CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability.")
Оригинальный текстdocumentDVLabs, TPTI-09-05: Microsoft DirectShow QuickTime Atom Parsing Memory Corruption Vulnerability (14.07.2009)
 documentZDI, ZDI-09-045: Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability (14.07.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-028 - Critical Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633) (14.07.2009)
Файлы:Microsoft Security Bulletin MS09-028 - Critical Vulnerabilities in Microsoft DirectShow Could Allow Remote Code Execution (971633)

Многочисленные уязвимости безопасности в libtiff
дополнено с 7 июля 2009 г.
Опубликовано:14 июля 2009 г.
Источник:
SecurityVulns ID:10048
Тип:библиотека
Уровень опасности:
6/10
Описание:Отказ в функции LZWDecodeCompat, потенциальные целочисленные переполнения в tiff2rgba и rgb2ycbcr.
Затронутые продукты:LIBTIFF : libtiff 3.8
CVE:CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.)
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327.)
Оригинальный текстdocumentAndrea Barisani, [oCERT-2009-012] libtiff tools integer overflows (14.07.2009)

Обращение по неинициализированному указателю в Microsoft Office Publisher
дополнено с 14 июля 2009 г.
Опубликовано:16 июля 2009 г.
Источник:
SecurityVulns ID:10070
Тип:клиент
Уровень опасности:
5/10
Описание:Обращение по неинициализированному указателю при преобразовании из форматов предыдущих версий Publisher.
Затронутые продукты:MICROSOFT : Office 2007
CVE:CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 07.15.09: Microsoft Office Publisher 2007 Arbitrary Pointer Dereference Vulnerability (16.07.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-030 - Important Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516) (14.07.2009)
Файлы: Microsoft Security Bulletin MS09-030 - Important Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution (969516)

Повреждение памяти в ActiveX Microsoft Office Web Components
дополнено с 14 июля 2009 г.
Опубликовано:20 августа 2009 г.
Источник:
SecurityVulns ID:10065
Тип:клиент
Уровень опасности:
8/10
Описание:Уязвимость в ActiveX компоненте активно используется для скрытой установки вредоносного кода.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability.")
 CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability.")
 CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability.")
 CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 08.11.09: Microsoft Office Web Components 2000 Buffer Overflow Vulnerability (20.08.2009)
 documentZDI, ZDI-09-055: Microsoft Office OWC10 ActiveX Control Loading and Unloading Heap Corruption Vulnerability (12.08.2009)
 documentZDI, ZDI-09-054: Microsoft Office OWC10.Spreadsheet ActiveX msDataSourceObject() Heap Corruption Vulnerability (12.08.2009)
 documentZDI, ZDI-09-056: Microsoft Office OWC10.Spreadsheet ActiveX BorderAround() Heap Corruption Vulnerability (12.08.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638) (11.08.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Microsoft Office Web Components Remote Memory Corruption Vulnerability (14.07.2009)
Файлы:Microsoft Security Advisory (973472) Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution
 Microsoft Security Bulletin MS09-043 - Critical Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (957638)

Многочисленные уязвимости безопасности в шрифтах Embedded OpenType (EOT) Microsoft Windows
дополнено с 14 июля 2009 г.
Опубликовано:15 января 2010 г.
Источник:
SecurityVulns ID:10069
Тип:библиотека
Уровень опасности:
8/10
Описание:Целочисленные переполнения, переполнения буфера динамической памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability.")
 CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability.")
 CVE-2009-0231 (The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability.")
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA10-012B -- Microsoft Windows EOT Font and Adobe Flash Player 6 Vulnerabilities (15.01.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-001 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270) (13.01.2010)
 documentIDEFENSE, iDefense Security Advisory 07.15.09: Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability (16.07.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-029 - Critical Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371) (14.07.2009)
Файлы:Microsoft Security Bulletin MS10-001 - Critical Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
 Microsoft Security Bulletin MS09-029 - Critical Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород