Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12410
Type:client
Threat Level:
8/10
Description:Buffer overflows, memory corruptions, use-after-free, code executions, privilege escalations.
Affected:MOZILLA : Firefox 12.0
 MOZILLA : Thunderbird 12.0
 MOZILLA : SeaMonkey 2.9
CVE:CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.)
 CVE-2012-1946 (Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.)
 CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.)
 CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.)
 CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.)
 CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.)
 CVE-2012-1941 (Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.)
 CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.)
 CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.)
 CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.)
 CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.)
 CVE-2011-3101 (Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors.)
Files:Mozilla Foundation Security Advisory 2012-34
 Mozilla Foundation Security Advisory 2012-35
 Mozilla Foundation Security Advisory 2012-36
 Mozilla Foundation Security Advisory 2012-37
 Mozilla Foundation Security Advisory 2012-38
 Mozilla Foundation Security Advisory 2012-39
 Mozilla Foundation Security Advisory 2012-40

ISC bind DoS
Published:13.06.2012
Source:
SecurityVulns ID:12412
Type:remote
Threat Level:
6/10
Description:Crash on zero length RADTA processing.
Affected:ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.)
Files:Handling of zero length rdata can cause named to terminate unexpectedly

PHP buffer overflow
Published:13.06.2012
Source:
SecurityVulns ID:12413
Type:library
Threat Level:
6/10
Description:Buffer overflow on tar files processing.
Affected:PHP : PHP 5.4
CVE:CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2492-1] php5 security update (13.06.2012)

PostgreSQL security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12414
Type:library
Threat Level:
5/10
Description:DoS, weak crypt() implementation.
Affected:POSTGRES : PostgreSQL 8.4
CVE:CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.)
 CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2491-1] postgresql-8.4 security update (13.06.2012)

Adobe Flash Player multiple security vulnerabilities
updated since 16.02.2012
Published:13.06.2012
Source:
SecurityVulns ID:12208
Type:client
Threat Level:
8/10
Description:Memory corruptions, protection bypass, crossite scripting.
Affected:ADOBE : Flash Player 11.1
CVE:CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.)
 CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.)
 CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.)
 CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion.")
 CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
Original documentdocumentZDI, ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentADOBE, http://www.adobe.com/support/security/bulletins/apsb12-03.html (16.02.2012)

RealNetworks RealPlayer multiple security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12415
Type:client
Threat Level:
6/10
Description:Multiple vulnerabilities on different sofrmats parsing.
Affected:REAL : RealPlayer SP 1.1
 REAL : RealPlayer 15.02
CVE:CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.)
 CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.)
 CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.)
 CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.)
 CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.)
Original documentdocumentZDI, ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability (13.06.2012)

Symantec WebGateway security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12416
Type:remote
Threat Level:
6/10
Description:Code execution, unfiltered shell characters.
Affected:SYMANTEC : Symantec Web Gateway 5.0
CVE:CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.)
 CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.)
Original documentdocumentZDI, ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability (13.06.2012)

Network Instruments Observer security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12417
Type:remote
Threat Level:
6/10
Description:Buffer overflows on SNMP parsing.
Affected:NETWORKINSTRUMEN : Observer 15.1
Original documentdocumentSECUNIA, Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service (13.06.2012)
 documentSECUNIA, Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows (13.06.2012)

Microsoft Remote Desktop memory corruption
Published:13.06.2012
Source:
SecurityVulns ID:12403
Type:remote
Threat Level:
8/10
Description:Memory corruption on RDP packets processing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.)
Files:Microsoft Security Bulletin MS12-036 - Critical Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

Mictosoft Lync multiple security vulnerabilities
Published:13.06.2012
Source:
SecurityVulns ID:12406
Type:remote
Threat Level:
6/10
Description:Font parsing vulnerabilities, unsafe DLL loading, crossite scripting.
Affected:MICROSOFT : Lync 2010
 MICROSOFT : Microsoft Communicator 2007
CVE:CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
 CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability.")
 CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
Files:Microsoft Security Bulletin MS12-039 - Important Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

Microsoft Dynamics AX crossite scripting
Published:13.06.2012
Source:
SecurityVulns ID:12407
Type:remote
Threat Level:
5/10
Description:Crossite scripting via URLs.
Affected:MICROSOFT : Dynamics AX 2012
CVE:CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability.")
Files:Microsoft Security Bulletin MS12-040 - Important Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

PHP PDO out-of-boundaures access
Published:13.06.2012
Source:
SecurityVulns ID:12408
Type:library
Threat Level:
5/10
Description:Out-of-bounds access via precompiled database request.
Original documentdocument0x721427D8 0x721427D8, [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation (13.06.2012)

Microsoft IIS protection bypass
Published:13.06.2012
Source:
SecurityVulns ID:12409
Type:remote
Threat Level:
6/10
Description:Password protection bypass, script files content access.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Original documentdocumentHI-TECH ., IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE (13.06.2012)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 13.06.2012
Published:25.06.2012
Source:
SecurityVulns ID:12404
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, code executions, information leakage.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability.")
 CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability.")
 CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability.")
 CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability.")
 CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability.")
 CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability.")
 CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.)
 CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability.")
 CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability.")
 CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability.")
 CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability.")
 CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
 CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876) (25.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability (17.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability (17.06.2012)
 documentZDI, ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability (17.06.2012)
Files:Microsoft Security Bulletin MS12-037 - Critical Cumulative Security Update for Internet Explorer (2699988)

FreeBSD kernel privilege escalation
updated since 13.06.2012
Published:25.06.2012
Source:
SecurityVulns ID:12411
Type:local
Threat Level:
6/10
Description:Privilege escalation on susret on some CPUs.
Affected:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
CVE:CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED] (25.06.2012)
 documentFREEBSD, CVE-2012-0217 (13.06.2012)

Microsoft Windows multiple security vulnerabilities
updated since 13.06.2012
Published:20.08.2012
Source:
SecurityVulns ID:12405
Type:remote
Threat Level:
7/10
Description:Code execution via .Net, kernel and different kernel drivers privilege escalation.
CVE:CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability.")
 CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability.")
 CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability.")
 CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.)
 CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.)
 CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability.")
 CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.)
 CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Original documentdocumentZDI, ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability (20.08.2012)
Files:Microsoft Security Bulletin MS12-038 - Critical Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
 Microsoft Security Bulletin MS12-041 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
 Microsoft Security Bulletin MS12-042 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod