Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office security vulnerabilities
Published:11.07.2012
Source:
SecurityVulns ID:12465
Type:client
Threat Level:
5/10
Description:VBA unsafe library loading, Office for Mac weak files permissions.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2011 for Mac
CVE:CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability.")
 CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.)
Files:Microsoft Security Bulletin MS12-046 - Important Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
 Microsoft Security Bulletin MS12-051 - Important Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015)

Microsoft Sharepoint multiple security vulnerabilities
Published:11.07.2012
Source:
SecurityVulns ID:12466
Type:remote
Threat Level:
6/10
Description:Crossite scripting, URL redirection.
CVE:CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability.")
 CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability.")
 CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability.")
 CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability.")
 CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability.")
 CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
Files:Microsoft Security Bulletin MS12-050 - Important Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502)

libpurple / Pidgin code execution
Published:11.07.2012
Source:
SecurityVulns ID:12468
Type:library
Threat Level:
5/10
Description:Code execution in MXit protocol.
Affected:PIDGIN : Pidgin 2.10
CVE:CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2509-1] pidgin security update (11.07.2012)

Asterisk security vulnerabilities
Published:11.07.2012
Source:
SecurityVulns ID:12469
Type:remote
Threat Level:
5/10
Description:Few DoS conditions.
Affected:ASTERISK : Asterisk 1.8
 ASTERISK : Asterisk 10.3
CVE:CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.)
Original documentdocumentASTERISK, AST-2012-011: Remote crash vulnerability in voice mail application (11.07.2012)
 documentASTERISK, AST-2012-010: Possible resource leak on uncompleted re-invite transactions (11.07.2012)

Checkpoint Arba protection bypass
Published:11.07.2012
Source:
SecurityVulns ID:12470
Type:remote
Threat Level:
5/10
Description:It's possible to bypass sandbox protection.
Original documentdocumentkomarov_(at)_group-ib.ru, Checkpoint Abra - Vulnerabilities (11.07.2012)

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.07.2012
Source:
SecurityVulns ID:12471
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APACHE : Hadoop 2.0
 APACHE : Sling 2.1
 BOOKNUX : BookNux 0.2
 FLOGR : Flogr 1.7
CVE:CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.)
 CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.)
Original documentdocumentBlack Hat, PHP NUKE ALL VERSION MULTI VULNERABILITY (11.07.2012)
 documentBlack Hat, NDTV Cross Site Scripting Vulnerabilitiy (11.07.2012)
 documentBlack Hat, Joomla Board All Version Sql Vulnerability (11.07.2012)
 documentBlack Hat, Arasism Remote Command Upload Vulnerability (11.07.2012)
 documentBlack Hat, Gharine Cross Site Scripting Vulnerabilitiy (11.07.2012)
 documentBlack Hat, Flogr V1.7 Xss Vulnerability (11.07.2012)
 documentBlack Hat, Behsamanco CMS Editor Vulnerability (11.07.2012)
 documentpereira_(at)_secbiz.de, BookNux 0.2 <= Multiple Vulnerabilities (11.07.2012)
 documentAPACHE, [SECURITY] CVE-2012-2138 Apache Sling denial of service vulnerability (11.07.2012)
 documentAaron T. Myers, [CVE-2012-3376] Apache Hadoop HDFS information disclosure vulnerability (11.07.2012)

HP Operations Agent code execution
updated since 11.07.2012
Published:16.07.2012
Source:
SecurityVulns ID:12467
Type:remote
Threat Level:
5/10
Description:coda.exe buffer overflow on HTTP GET request processing.
Affected:HP : HP Operations Agent 11.03
CVE:CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.)
 CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.)
Original documentdocumentZDI, ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability (16.07.2012)
 documentZDI, ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability (16.07.2012)
 documentHP, [security bulletin] HPSBMU02796 SSRT100594 rev.1 - HP Operations Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code (11.07.2012)

Microsoft Windows multiple security vulnerabilities
updated since 11.07.2012
Published:26.08.2012
Source:
SecurityVulns ID:12464
Type:library
Threat Level:
9/10
Description:Microsoft XML Services memory corruption, ADO memory corruption, kernel drivers vulnerabilities, Window Shell command injection, TLS vulnerabilities
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability.")
 CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability.")
 CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability.")
 CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.)
 CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability.")
 CVE-2012-0175 (The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability.")
Original documentdocumentZDI, ZDI-12-158 : Microsoft Internet Explorer MSADO CacheSize Remote Code Execution Vulnerability (26.08.2012)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-1123 - Windows Kernel ReadLayoutFile Heap Overflow (18.07.2012)
Files:Microsoft Security Bulletin MS12-043 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)
 Microsoft Security Bulletin MS12-044 - Critical Cumulative Security Update for Internet Explorer (2719177)
 Microsoft Security Bulletin MS12-045 - Critical Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)
 Microsoft Security Bulletin MS12-047 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)
 Microsoft Security Bulletin MS12-048 - Important Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)
 Microsoft Security Bulletin MS12-049 - Important Vulnerability in TLS Could Allow Information Disclosure (2655992)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod