Информационная безопасность
[RU] switch to English


Повышение привилегий в службе WINS Microsoft Windows
Опубликовано:16 сентября 2011 г.
Источник:
SecurityVulns ID:11908
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема с обработкой пакетов на интерфейс закольцовывания.
Затронутые продукты:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability.")
Файлы:Microsoft Security Bulletin MS11-070 - Important Vulnerability in WINS Could Allow Elevation of Privilege (2571621)

Повреждение памяти в сервере WINS Microsoft Windows
дополнено с 10 мая 2011 г.
Опубликовано:16 сентября 2011 г.
Источник:
SecurityVulns ID:11659
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждение памяти при обработке ошибок отправки данных.
Затронутые продукты:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability.")
Оригинальный текстdocumentLuigi Auriemma, Advisory for MS11-035 / ZDI-11-167 (16.09.2011)
 documentZDI, ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability (12.05.2011)
 documentZDI, ZDI-11-167: Microsoft WINS Service Failed Response Memory Corruption Remote Code Execution Vulnerability (11.05.2011)
Файлы:Vulnerability in WINS Could Allow Remote Code Execution (2524426)

Неблагонадежные сертификаты DigiNotar
дополнено с 1 сентября 2011 г.
Опубликовано:16 сентября 2011 г.
Источник:
SecurityVulns ID:11889
Тип:удаленная
Уровень опасности:
6/10
Описание:Сертификаты известных доменов были выданы недоверенной стороне.
Затронутые продукты:MOZILLA : SeaMonkey 2.3
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 APPLE : MacOS X 10.6
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.1
 OPENSSL : OpenSSL 1.0
 MOZILLA : Thunderbird 6.0
 MOZILLA : Firefox 6.0
CVE:CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2309-1] openssl security update (16.09.2011)
 documentAPPLE, APPLE-SA-2011-09-09-1 Security Update 2011-005 (13.09.2011)
Файлы:Mozilla Foundation Security Advisory 2011-34 Protection against fraudulent DigiNotar certificates
 Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing
 Mozilla Foundation Security Advisory 2011-35 Additional protection against fraudulent DigiNotar certificates

Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 16 сентября 2011 г.
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11909
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти в Excel, неинициализированный указатель при разборе документов Microsoft Word, небезопасная загрузка динамических библиотек.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
CVE:CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability.")
 CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability.")
 CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability.")
 CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability.")
 CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability.")
 CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability.")
 CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability (20.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability (16.09.2011)
Файлы:Microsoft Security Bulletin MS11-072 - Important Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
 Microsoft Security Bulletin MS11-073 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Многочисленные уязвимости безопасности в Microsoft Sharepoint
дополнено с 16 сентября 2011 г.
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11910
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, внедрение кода, утечка информации.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
 MICROSOFT : SharePoint Workspace 2010
 MICROSOFT : Office Groove 2007
 MICROSOFT : Office Forms Server 2007
 MICROSOFT : SharePoint Server 2010
CVE:CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability.")
 CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability.")
 CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability.")
 CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability.")
 CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability.")
 CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability.")
Оригинальный текстdocumentNicolas Grégoire, XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke (20.09.2011)
 documentIrene Abezgauz, Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal (16.09.2011)
 documentIrene Abezgauz, Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal (16.09.2011)
Файлы:Microsoft Security Bulletin MS11-074 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
дополнено с 16 сентября 2011 г.
Опубликовано:31 октября 2011 г.
Источник:
SecurityVulns ID:11911
Тип:клиент
Уровень опасности:
7/10
Описание:Повышение привилегий, утечка памяти, выполнение кода, многочисленные переполнения буфера.
Затронутые продукты:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
CVE:CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability.")
 CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability.")
 CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.)
 CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.)
 CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.)
 CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability.")
 CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.)
 CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.)
Оригинальный текстdocumentZDI, ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability (31.10.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability (16.09.2011)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (16.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород