Computer Security
[EN] securityvulns.ru no-pyccku


Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
updated since 10.09.2010
Published:16.09.2010
Source:
SecurityVulns ID:11126
Type:client
Threat Level:
9/10
Description:Multiple memory corruptions, integer overflows, buffer overflows, code execution, crossite scripting.
Affected:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.5
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.0
 MOZILLA : Thunderbird 3.1
CVE:CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.)
 CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.)
 CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability.")
 CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.)
 CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file.)
 CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.)
 CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.)
 CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.)
 CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability.")
 CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object.)
 CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow.)
 CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.)
 CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function.)
 CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.)
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753.)
Original documentdocumentAmit Klein, New writeup by Amit Klein (Trusteer): "Cross-domain information leakage in Firefox 3.6.4-3.6.8, Firefox 3.5.10-3.5.11 and Firefox 4.0 Beta1" (16.09.2010)
 documentZDI, ZDI-10-176: Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability (16.09.2010)
 documentZDI, ZDI-10-171: Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability (14.09.2010)
 documentZDI, ZDI-10-172: Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability (14.09.2010)
 documentZDI, ZDI-10-173: Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability (14.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-63 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-62 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-61 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-60 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-59 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-58 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-57 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-56 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-55 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-54 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-53 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-52 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-51 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-50 (10.09.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-49 (10.09.2010)

Microsoft Windows multiple security vulnerabilities
updated since 15.09.2010
Published:16.09.2010
Source:
SecurityVulns ID:11142
Type:remote
Threat Level:
9/10
Description:Privilege escalation and code execution in spooler services,memory corruption in MPEG-4 codec, memroy corruption in RPC, privilege escalation in LSA, privilege escalation in CSRSS subsystem, WordPad memory corruption.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability.")
 CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability.")
 CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability.")
 CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability.")
 CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2; Active Directory Application Mode (ADAM) in Windows XP SP2 and SP3 and Windows Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) in Windows Vista SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote authenticated users to execute arbitrary code via malformed LDAP messages, aka "LSASS Heap Overflow Vulnerability.")
 CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-067 - Important Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922) (16.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539) (15.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-066 - Important Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802) (15.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-062 - Critical Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558) (15.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-061 - Critical Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290) (15.09.2010)
Files:Microsoft Security Bulletin MS10-061 - Critical Vulnerability in Print Spooler Service Could Allow Remote Code Execution (2347290)
 Microsoft Security Bulletin MS10-062 - Critical Vulnerability in MPEG-4 Codec Could Allow Remote Code Execution (975558)
 Microsoft Security Bulletin MS10-066 - Important Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)
 Microsoft Security Bulletin MS10-068 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Elevation of Privilege (983539)
 Microsoft Security Bulletin MS10-069 - Important Vulnerability in Windows Client/Server Runtime Subsystem Could Allow Elevation of Privilege (2121546)
 Microsoft Security Bulletin MS10-067 - Important Vulnerability in WordPad Text Converters Could Allow Remote Code Execution (2259922)

Microsoft Office multiple security vulnerabilities
updated since 15.09.2010
Published:16.09.2010
Source:
SecurityVulns ID:11143
Type:remote
Threat Level:
9/10
Description:Buffer overflow in Microsoft Outlook message parsing, memory corruption on fonts parsing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Office XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.)
 CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability.")
 CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability.")
Original documentdocumentadi_ks_(at)_secniche.org, CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability (16.09.2010)
 documentSECUNIA, Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability (16.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-064 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) (15.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-063 - Critical Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) (15.09.2010)
Files:Microsoft Security Bulletin MS10-063 - Critical Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
 Microsoft Security Bulletin MS10-064 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)

SAMBA buffer overflow
Published:16.09.2010
Source:
SecurityVulns ID:11144
Type:remote
Threat Level:
7/10
Description:Buffer overflow on share SID parsing.
CVE:CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.)
Original documentdocumentUBUNTU, [USN-987-1] Samba vulnerability (16.09.2010)

Microsoft Internet Information Services multiple security vulnerabilities
Published:16.09.2010
Source:
SecurityVulns ID:11145
Type:remote
Threat Level:
9/10
Description:Authentication bypass, buffer overflow, DoS.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability.")
 CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability.")
 CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) (16.09.2010)

Google Message Security SaaS multiple security vulnerabilities
Published:16.09.2010
Source:
SecurityVulns ID:11146
Type:remote
Threat Level:
6/10
Description:Crossite scripting, SQL injection.
Affected:GOOGLE : Message Security SaaS 6.25
Original documentdocumentmarian.ventuneac_(at)_gmail.com, MVSA-10-001 - Google Message Security SaaS - SQL Injection vulnerabilities (16.09.2010)
 documentmarian.ventuneac_(at)_gmail.com, MVSA-10-002 - Google Message Security SaaS - Multiple XSS vulnerabilities (16.09.2010)

Novell PlateSpin Orchestrate shell characters vulnerability
Published:16.09.2010
Source:
SecurityVulns ID:11147
Type:remote
Threat Level:
6/10
Description:Shell characters vulnerability on graphs rendering.
Original documentdocumentZDI, ZDI-10-178: Novell PlateSpin Orchestrate Graph Rendering Remote Code Execution Vulnerability (16.09.2010)

IBM Lotus Domino buffer overflow
Published:16.09.2010
Source:
SecurityVulns ID:11148
Type:remote
Threat Level:
6/10
Description:Buffer overflow on oversized mailto within iCalendar.
Original documentdocumentZDI, ZDI-10-177: IBM Lotus Domino iCalendar MAILTO Stack Overflow Vulnerability (16.09.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod