The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

threat note CVE-2012-1894

Microsoft Office for Mac: privilege elevation via permissions

Synthesis of the vulnerability

Permissions on some directories of Microsoft Office for Mac allow a local attacker to store a Trojan Horse, in order to execute code with privileges of users who log in later, and open Office.
Severity: 2/4.
Creation date: 10/07/2012.
Identifiers: 2721015, BID-54361, CERTA-2012-AVI-383, CVE-2012-1894, MS12-051, VIGILANCE-VUL-11760.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

During the installation of Microsoft Office for Mac, the following directories are created:
  /Library/Internet\ Plug-Ins/SharePointWebKitPlugin.webplugin/
  /Library/Internet\ Plug-Ins/SharePointBrowserPlugin.plugin/
  /Library/Fonts/Microsoft/
  /Library/Automator/
  /Applications/Microsoft\ Office\ 2011/

However, some of these directories or sub-directories are publicly writable by all local users (Unix permission other:write).

Permissions on some directories of Microsoft Office for Mac therefore allow a local attacker to store a Trojan Horse, in order to execute code with privileges of users who log in later, and open Office.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2012-1858 CVE-2012-1859 CVE-2012-1860

Microsoft SharePoint, InfoPath: six vulnerabilities

Synthesis of the vulnerability

An attacker can use six vulnerabilities of Microsoft SharePoint and InfoPath, where the most severe leads to the execution of administrative commands.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 10/07/2012.
Identifiers: 2695502, BID-53833, BID-53842, BID-54312, BID-54313, BID-54314, BID-54315, BID-54316, CERTA-2012-AVI-382, CVE-2012-1858, CVE-2012-1859, CVE-2012-1860, CVE-2012-1861, CVE-2012-1862, CVE-2012-1863, MS12-050, VIGILANCE-VUL-11759.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Six vulnerabilities were announced in Microsoft SharePoint and InfoPath.

An attacker can use malformed HTML strings, in order to bypass toStaticHTML, and then to create a Cross Site Scripting. [severity:2/4; BID-53833, BID-53842, CVE-2012-1858]

An attacker can generate a Cross Site Scripting via scriptresx.ashx, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-54312, CVE-2012-1859]

An attacker can obtain information on searches done by other users. [severity:1/4; BID-54314, CVE-2012-1860]

An attacker can generate a Cross Site Scripting via a username, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-54313, CVE-2012-1861]

An attacker can redirect the victim to another web site, in order to deceive him. [severity:2/4; BID-54315, CVE-2012-1862]

An attacker can generate a Cross Site Scripting via a list of parameters, in order to execute administrative JavaScript code in the context of the web site. [severity:3/4; BID-54316, CVE-2012-1863]
Full Vigil@nce bulletin... (Free trial)

security note CVE-2012-0175

Windows: command injection via a filename

Synthesis of the vulnerability

An attacker can invite the victim to open a file or a directory with a malicious name, in order to inject a command, which is executed with victim's privileges.
Severity: 3/4.
Creation date: 10/07/2012.
Identifiers: 2691442, BID-54307, CERTA-2012-AVI-380, CVE-2012-0175, MS12-048, VIGILANCE-VUL-11758.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Windows Shell processes files and directories.

When a user opens a file or a directory, the Windows Shell operates on this filename. However, if this filename is build in a special way, its commands are injected in the victim's session.

An attacker can therefore invite the victim to open a file or a directory with a malicious name, in order to inject a command, which is executed with victim's privileges.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2012-1890 CVE-2012-1893

Windows: privilege elevation via win32k.sys

Synthesis of the vulnerability

A local attacker can use two vulnerabilities of the kernel driver, in order to execute code with system privileges.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/07/2012.
Identifiers: 2718523, BID-54285, BID-54302, CERTA-2012-AVI-379, CORE-2011-1123, CVE-2012-1890, CVE-2012-1893, MS12-047, VIGILANCE-VUL-11757.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities were announced in the Windows kernel win32k.sys driver.

An attacker can use a malicious keyboard layout file, in order to execute privileged code. [severity:2/4; BID-54285, CORE-2011-1123, CVE-2012-1890]

An attacker can send data with a malicious type to win32k.sys, in order to elevate his privileges. [severity:2/4; BID-54302, CVE-2012-1893]
Full Vigil@nce bulletin... (Free trial)

computer threat announce CVE-2012-1854

Microsoft Office: code execution via DLL Preload

Synthesis of the vulnerability

An attacker can create a malicious DLL and invite the victim to open an Office document in the same directory, in order to execute code.
Severity: 3/4.
Creation date: 10/07/2012.
Identifiers: 2707960, BID-54303, CERTA-2012-AVI-376, CVE-2012-1854, MS12-046, VIGILANCE-VUL-11756.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Microsoft Office product loads the VBE6.DLL (Microsoft Visual Basic for Applications) library to open ".docx" files for example.

However, the library is loaded insecurely. An attacker can thus use the VIGILANCE-VUL-9879 vulnerability to execute code.

An attacker can therefore create a malicious DLL and invite the victim to open an Office document in the same directory, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-1891

Windows, IE: code execution via MDAC

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious site with Internet Explorer calling a MDAC/WDAC ActiveX, in order to execute code on his computer.
Severity: 4/4.
Creation date: 10/07/2012.
Identifiers: 2698365, BID-54308, CERTA-2012-AVI-378, CVE-2012-1891, MS12-045, VIGILANCE-VUL-11755, ZDI-12-158.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The MDAC (Microsoft Data Access Components) and WDAC (Windows DAC) components offer database features.

The ActiveX Data Object (ADO), which can be called from Internet Explorer, does not correctly process memory areas storing data (CacheSize property). An attacker can then directly access to the memory.

An attacker can therefore invite the victim to display a malicious site with Internet Explorer calling a MDAC/WDAC ActiveX, in order to execute code on his compute
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2012-1522 CVE-2012-1524

Internet Explorer 9: two vulnerabilities

Synthesis of the vulnerability

An attacker can invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/07/2012.
Identifiers: 2719177, BID-54293, BID-54294, CERTA-2012-AVI-377, CVE-2012-1522, CVE-2012-1524, MS12-044, VIGILANCE-VUL-11754.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities were announced in Internet Explorer 9.

An attacker can create an HTML page using a cached object, in order to corrupt the memory. [severity:4/4; BID-54293, CVE-2012-1522]

An attacker can create an HTML page removing the attribute of an object, in order to corrupt the memory. [severity:4/4; BID-54294, CVE-2012-1524]

An attacker can therefore invite the victim to display a malicious site with Internet Explorer, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin 11753

SAP: vulnerability 1723641

Synthesis of the vulnerability

An unknown vulnerability was announced in SAP products.
Severity: 2/4.
Creation date: 10/07/2012.
Revision date: 08/10/2012.
Identifiers: 1723641, DOC-8218, VIGILANCE-VUL-11753.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An unknown vulnerability was announced in SAP products.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2012-2745

Linux kernel: denial of service via KEYCTL_SESSION_TO_PARENT

Synthesis of the vulnerability

A local attacker can copy his cryptographic keys with KEYCTL_SESSION_TO_PARENT, in order to stop the kernel.
Severity: 1/4.
Creation date: 10/07/2012.
Identifiers: 833428, BID-54365, CVE-2012-2745, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0927-1, RHSA-2012:1064-01, SUSE-SU-2012:1350-1, VIGILANCE-VUL-11752.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The keyctl KEYCTL_SESSION_TO_PARENT is used by a process to copy its cryptographic keys to his parent process.

However, if a new process is created during this copy, this process obtains invalid keys. The kernel then uses an invalid memory area and stops.

A local attacker can therefore copy his cryptographic keys with KEYCTL_SESSION_TO_PARENT, in order to stop the kernel.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-2744

Linux kernel: denial of service via nf_ct_frag6_reasm

Synthesis of the vulnerability

When the firewall uses the nf_conntrack_ipv6 module, a remote attacker can send fragmented packets, in order to stop the kernel.
Severity: 2/4.
Creation date: 10/07/2012.
Identifiers: BID-54367, CVE-2012-2744, RHSA-2012:1064-01, RHSA-2012:1129-01, RHSA-2012:1148-01, SUSE-SU-2012:1391-1, VIGILANCE-VUL-11751.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ip6tables nf_conntrack_ipv6 module is used to track IPv6/TCP sessions.

When a router sends the message ICMPV6_PKT_TOOBIG, with a MTU inferior to 1280, the following packets are fragmented, and nf_conntrack_ipv6 reassembles them.

However, if the following packet is fragment as only one fragment, the kernel nf_ct_frag6_reasm() function tries to access to the second fragment, and dereferences a NULL pointer.

When the firewall uses the nf_conntrack_ipv6 module, a remote attacker can therefore send fragmented packets, in order to stop the kernel.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1111 1112 1113 1114 1115 1116 1117 1118 1119 1121 1123 1124 1125 1126 1127 1128 1129 1130 1131 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2924