| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
History of vulnerabilities analyzed by Vigil@nce:
Firefox 4, 5, 6, 7: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Firefox can be used by an attacker to execute code on victim's computer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 09/11/2011.
Identifiers: BID-50591, BID-50592, BID-50593, BID-50594, BID-50595, BID-50597, BID-50600, BID-50602, CVE-2011-3648, CVE-2011-3649, CVE-2011-3650, CVE-2011-3651, CVE-2011-3652, CVE-2011-3653, CVE-2011-3654, CVE-2011-3655, MDVSA-2011:169, MFSA 2011-47, MFSA 2011-48, MFSA 2011-49, MFSA 2011-50, MFSA 2011-51, MFSA 2011-52, openSUSE-SU-2011:1242-1, openSUSE-SU-2011:1243-1, openSUSE-SU-2012:0567-1, openSUSE-SU-2014:1100-1, SUSE-SU-2011:1256-1, SUSE-SU-2011:1266-1, VIGILANCE-VUL-11138.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Firefox.
An attacker can generate a Cross Site Scripting on sites using the Shift-JIS encoding. [severity:2/4; BID-50593, CVE-2011-3648, MFSA 2011-47]
An attacker can generate several memory corruptions. [severity:4/4; BID-50597, BID-50600, BID-50602, CVE-2011-3651, CVE-2011-3652, CVE-2011-3654, MFSA 2011-48]
An attacker can corrupt the memory via Firebug. [severity:4/4; BID-50595, CVE-2011-3650, MFSA 2011-49]
An attacker can access to data of another site via Windows D2D Azure. [severity:2/4; BID-50591, CVE-2011-3649, MFSA 2011-50]
On Mac OS X, an attacker can read data of another web site via WebGL. [severity:2/4; BID-50592, CVE-2011-3653, MFSA 2011-51]
An attacker can execute code via NoWaiverWrapper. [severity:4/4; BID-50594, CVE-2011-3655, MFSA 2011-52]
The most severe vulnerabilities lead to code execution.
Full Vigil@nce bulletin... (Free trial) |
Firefox 3: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Firefox can be used by an attacker to execute code on victim's computer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/11/2011.
Identifiers: BID-50589, BID-50593, BID-50595, CERTA-2011-AVI-626, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650, DSA-2341-1, MDVSA-2011:169, MFSA 2011-46, MFSA 2011-47, MFSA 2011-49, openSUSE-SU-2011:1242-1, openSUSE-SU-2011:1243-1, openSUSE-SU-2014:1100-1, RHSA-2011:1437-01, SUSE-SU-2011:1256-1, SUSE-SU-2011:1266-1, VIGILANCE-VUL-11137.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Firefox.
In some cases, the XPCNativeWrappers protection is removed, so privileged code can be executed via loadSubScript. [severity:2/4; BID-50589, CERTA-2011-AVI-626, CVE-2011-3647, MFSA 2011-46]
An attacker can generate a Cross Site Scripting on sites using the Shift-JIS encoding. [severity:2/4; BID-50593, CVE-2011-3648, MFSA 2011-47]
An attacker can corrupt the memory via Firebug. [severity:4/4; BID-50595, CVE-2011-3650, MFSA 2011-49]
The most severe vulnerabilities lead to code execution.
Full Vigil@nce bulletin... (Free trial) |
Windows AD, ADAM, AD LDS: user access via LDAPS
Synthesis of the vulnerability
An attacker owning a revoked certificate can authenticate on a domain using LDAPS.
Severity: 2/4.
Creation date: 08/11/2011.
Identifiers: 2630837, BID-50570, CERTA-2011-AVI-624, CVE-2011-2014, MS11-086, VIGILANCE-VUL-11136.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Active Directory can be configured to use LDAP over SSL (LDAPS).
A user can authenticate to the domain via a certificate. The administrator can revoke this certificate in a CRL (Certificate Revocation List). The user then cannot use thus certificate to authenticate.
However, when the Active Directory uses LDAPS, the CRL is not checked. An attacker with a valid account can thus continue to authenticate even if his certificate was revoked.
An attacker owning a revoked certificate can therefore authenticate on a domain using LDAPS.
Full Vigil@nce bulletin... (Free trial) |
Windows Mail, Meeting Space: code execution via DLL Preload
Synthesis of the vulnerability
An attacker can create a malicious DLL and invite the victim to open a document in the same directory, in order to execute code.
Severity: 2/4.
Creation date: 08/11/2011.
Identifiers: 2620704, BID-50507, CERTA-2011-AVI-623, CVE-2011-2016, MS11-085, VIGILANCE-VUL-11135.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Windows Mail and Windows Meeting Space programs load a DLL library when they start.
However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.
An attacker can therefore create a malicious DLL and invite the victim to open a document (.eml, .wcinv, etc.) in the same directory, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
Windows: denial of service via TrueType
Synthesis of the vulnerability
An attacker can invite the victim to display or to preview a malicious TrueType file, in order to restart the Windows kernel.
Severity: 1/4.
Creation date: 08/11/2011.
Identifiers: 2617657, BID-50510, CERTA-2011-AVI-622, CVE-2011-2004, MS11-084, VIGILANCE-VUL-11134, VU#675073.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The display of TrueType fonts calls the Win32k.sys kernel driver.
TrueType are analyzed:
- when the user opens a TrueType file
- when the user browses a local or remote (SMB, WebClient WebDAV) directory containing a TrueType file (via the preview feature)
However, during the analysis of a TrueType file, the kernel driver does not correctly validate an array index. The system thus stops, and restarts.
An attacker can therefore invite the victim to display or to preview a malicious TrueType file, in order to restart the Windows kernel.
Full Vigil@nce bulletin... (Free trial) |
Windows: code execution via UDP
Synthesis of the vulnerability
A remote attacker can send several UDP packets to a closed port of Windows, in order to execute code.
Severity: 4/4.
Creation date: 08/11/2011.
Identifiers: 2588516, BID-50517, CERTA-2011-AVI-621, CVE-2011-2013, MS11-083, VIGILANCE-VUL-11133, VU#951982.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The TCP/IP stack of Windows processes received packets: IP, IP+TCP, IP+UDP, IP+ICMP, etc.
UDP packets sent to a closed port are stored in memory, before being processed. The number of packets is indicated in the Reference Counter variable. However, this variable is never decremented, and if the number of packets is sufficient, this variable can overflow. When it becomes zero, an uninitialized memory area is freed.
A remote attacker can therefore send several UDP packets to a closed port of Windows, in order to execute code.
Full Vigil@nce bulletin... (Free trial) |
Adobe Shockwave Player: several vulnerabilities
Synthesis of the vulnerability
Several Adobe Shockwave Player vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 08/11/2011.
Identifiers: APSB11-27, BID-50581, BID-50583, BID-50584, BID-50586, CAL-2011-0052, CAL-2011-0054, CERTA-2011-AVI-625, CORE-2011-0825, CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449, VIGILANCE-VUL-11132.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several Adobe Shockwave Player vulnerabilities were announced.
An attacker can create a memory corruption in the DIRapi library via a PAMM atom. [severity:3/4; BID-50581, CAL-2011-0052, CERTA-2011-AVI-625, CVE-2011-2446]
An attacker can create a memory corruption in TextXtra.x32. [severity:3/4; BID-50584, CORE-2011-0825, CVE-2011-2447]
An attacker can create a memory corruption in the DIRapi library via a rcsl chunk. [severity:3/4; BID-50583, CAL-2011-0054, CVE-2011-2448]
An attacker can create several memory corruptions in the TextXtra module. [severity:3/4; BID-50586, CVE-2011-2449]
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: information disclosure about keyboard
Synthesis of the vulnerability
A local attacker can read files of /proc or /dev, in order to obtain information about keys pressed by other users.
Severity: 1/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/11/2011.
Identifiers: BID-50573, CVE-2011-4915, CVE-2011-4916, CVE-2011-4917, VIGILANCE-VUL-11131.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Three vulnerabilities can be used by a local attacker to obtain information on pressed keys.
An attacker can read the number of keybord interruptions indicated in /proc/interrupts, in order to guess the number of pressed keys. [severity:1/4; BID-50573, CVE-2011-4915, CVE-2011-4917]
An attacker can monitor the changing time of /dev/pts/ and /dev/tty*, in order to guess the number of pressed keys. [severity:1/4; CVE-2011-4916]
An attacker can read the number of Scheduler events indicated in /proc/$PID/sched, in order to guess the number of pressed keys. [severity:1/4]
A local attacker can therefore read files of /proc or /dev, in order to obtain information about keys pressed by other users.
Full Vigil@nce bulletin... (Free trial) |
Excel: memory corruption
Synthesis of the vulnerability
An attacker can invite the victim to open a malicious document with Excel, in order to create a denial of service or execute code on his computer.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/11/2011.
Identifiers: VIGILANCE-VUL-11130.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Two vulnerabilities were announced in Microsoft Office Excel.
An attacker can create an Excel document containing a malicious macro, in order to use a freed memory area in DllVbeInit(). [severity:2/4]
An attacker can create a malicious Excel document, which corrupts the memory in the Ordinal41() function. [severity:2/4]
An attacker can therefore invite the victim to open a malicious document with Excel, in order to create a denial of service or execute code on his computer.
Full Vigil@nce bulletin... (Free trial) |
Citrix Presentation Server Client: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities were announced in Citrix Presentation Server Client for Windows.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/11/2011.
Identifiers: CTX111827, CTX112589, CTX116227, VIGILANCE-VUL-11129.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Citrix Presentation Server Client for Windows.
A vulnerability of the Citrix Presentation Server Client for Windows ActiveX can be used by a remote attacker to execute code. [severity:2/4; CTX111827]
A vulnerability of ICA connections of Citrix Presentation Server Client for Windows can be used by an attacker to execute code. [severity:2/4; CTX112589]
The memory of the Citrix Presentation Server Client for Windows process contains sensitive information. [severity:1/4; CTX116227]
Full Vigil@nce bulletin... (Free trial) |
Previous page Next page Direct access to page
1
21
41
61
81
101
121
141
161
181
201
221
241
261
281
301
321
341
361
381
401
421
441
461
481
501
521
541
561
581
601
621
641
661
681
701
721
741
761
781
801
821
841
861
881
901
921
941
961
981
1001
1021
1041
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1081
1101
1121
1141
1161
1181
1201
1221
1241
1261
1281
1301
1321
1341
1361
1381
1401
1421
1441
1461
1481
1501
1521
1541
1561
1581
1601
1621
1641
1661
1681
1701
1721
1741
1761
1781
1801
1821
1841
1861
1881
1901
1921
1941
1961
1981
2001
2021
2041
2061
2081
2101
2121
2141
2161
2181
2201
2221
2241
2261
2281
2301
2321
2341
2361
2381
2401
2421
2441
2461
2481
2501
2521
2541
2561
2581
2601
2621
2641
2661
2681
2701
2721
2741
2761
2781
2801
2821
2841
2861
2881
2901
2921
2930
|