The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability bulletin CVE-2007-3899

Word: code execution

Synthesis of the vulnerability

An attacker can create a malicious Word document leading to code execution when it is opened.
Severity: 3/4.
Creation date: 10/10/2007.
Revision date: 18/10/2007.
Identifiers: 942695, CERTA-2007-AVI-430, CVE-2007-3899, MS07-060, VIGILANCE-VUL-7223.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can create a malicious Word document leading to code execution when it is opened.

This vulnerability is related to a memory corruption.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2007-2581

SharePoint: Cross Site Scripting

Synthesis of the vulnerability

An attacker can create a Cross Site Scripting in order to execute script with privileges of user connected to the SharePoint service.
Severity: 2/4.
Creation date: 10/10/2007.
Identifiers: 942017, BID-23832, CERTA-2007-AVI-429, CVE-2007-2581, MS07-059, VIGILANCE-VUL-7222.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Recent versions of SharePoint (Windows SharePoint Services 3.0 and Office SharePoint Server 2007) implement a filter on urls.

However, this filter does not correctly handle quote characters encoded with %22. These characters then permit to inject Javascript code in urls.

This vulnerability therefore permits an attacker to create a Cross Site Scripting attack. Attacker can execute Javascript code in the context of user connected to the SharePoint site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-2228

Windows: denial of service of RPC via NTLM SSP

Synthesis of the vulnerability

An attacker can use an invalid NTLM authentication in order to stop the RPCSS service and force the system to reboot.
Severity: 1/4.
Creation date: 10/10/2007.
Revision date: 11/10/2007.
Identifiers: 933729, BID-25974, CERTA-2007-AVI-428, CVE-2007-2228, MS07-058, VIGILANCE-VUL-7220, ZDI-07-055.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

RPC services are notably reachable via 135, 139, 445 and 593/tcp ports. Access to RPC services supports several authentication methods:
 - RPC_C_AUTHN_GSS_KERBEROS : Kerberos
 - RPC_C_AUTHN_WINNT : NT LAN Manager Security Support Provider (NTLM SSP or NTLMSSP)
 - etc.

When the rpcrt4.dll library handles a RPC query with a NTLMSSP authentication, but without a NTLM signature, the RPCSS process stops and the system reboots.

An attacker allowed to connect to a port where RPC is available can therefore create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-1091 CVE-2007-3826 CVE-2007-3892

Internet Explorer: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Internet Explorer lead to code execution and to address bar spoofing.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 4.
Creation date: 10/10/2007.
Identifiers: 939653, BID-22680, BID-24911, BID-25915, BID-25916, CERTA-2007-AVI-427, CVE-2007-1091, CVE-2007-3826, CVE-2007-3892, CVE-2007-3893, MS07-057, VIGILANCE-VUL-7219.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Internet Explorer.

The content of a web page can be different form the url indicated in the address bar. Attacker can use this vulnerability to intercept sensitive data. [severity:4/4; BID-25915, CVE-2007-3892]

When several downloads are started simultaneously, a freed object is reused, which corrupts memory and can lead to code execution. [severity:4/4; BID-25916, CVE-2007-3893]

An attacker can create a HTML page using the onUnload event in order to entrap victim in a website, and then to create a spoofed content (VIGILANCE-VUL-6581). [severity:4/4; BID-22680, CERTA-2007-AVI-427, CVE-2007-1091]

An attacker can create a website forcing victim to stay on the site, whereas the address bar changes (VIGILANCE-VUL-7008). [severity:4/4; BID-24911, CVE-2007-3826]
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2007-3897

Outlook Express, Windows Mail: buffer overflow via NNTP

Synthesis of the vulnerability

An attacker can setup a malicious NNTP server in order to execute code on computer of victims who connect to this server.
Severity: 4/4.
Creation date: 10/10/2007.
Revision date: 16/10/2007.
Identifiers: 941202, BID-25908, CERTA-2007-AVI-431, CVE-2007-3897, MS07-056, VIGILANCE-VUL-7218.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Outlook Express and Windows Mail messaging clients implement the NNTP (Network News Transfer Protocol) protocol. When user clicks on a "nntp:", "news:" or "snews:" uri, the messaging client is launched. This client can also be called when a HTML page with an image with a such uri is displayed.

The NNTP protocol uses an exchange of queries and responses. For example:
  response : 200 serveur
  query : GROUP g.g.g
  response : 211 1 1003 1265 g.g.g
  query : XHDR subject 1003-1265
  response: subject of requested range
  etc.
This exchange occurs when client connects to server, without having to wait for user to enter a login for example.

However, when size of XHDR response is too long, a buffer overflow occurs in Outlook Express or Windows Mail. This overflow leads to code execution.

An attacker can therefore invite victim to connect to a NNTP server or to display a malicious HTML page in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2007-2217

Windows: memory corruption via a Kodak image

Synthesis of the vulnerability

An attacker can create a malicious Kodak/TIFF image in order to execute code when it is displayed in the web browser or in an email.
Severity: 4/4.
Creation date: 10/10/2007.
Revisions dates: 16/10/2007, 18/10/2007.
Identifiers: 923810, BID-25909, CERTA-2007-AVI-432, CVE-2007-2217, MS07-055, VIGILANCE-VUL-7217, VU#180345.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Kodak Imaging program, which handles fax and images, is provided with Windows. Some type of images, such as images with the TIFF extension, are associated to this program. It notably uses the oieng400.dll library.

The BitsPerSample structure of an IFD entry in a TIFF image contains an offset indicating location of data. One of the exported functions of the oieng400.dll library does not check this offset before using it, which corrupts memory.

An attacker can therefore create a malicious TIFF image in order to execute code when it is displayed in the web browser or in an email.
Full Vigil@nce bulletin... (Free trial)

weakness announce 7216

Solaris: denial of service of the system console

Synthesis of the vulnerability

A local attacker without privileges can render the console unusable for all users.
Severity: 2/4.
Creation date: 09/10/2007.
Revision date: 10/10/2007.
Identifiers: 103065, 114154-02, 117419-03, 127751-01, 6575427, BID-25971, VIGILANCE-VUL-7216.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The module group vuidmice(7M) is used to convert mouse input into standard events stored in the vuid (virtual user input device) structure. This group is composed by the following modules :
 - vuidm3p: 2 buttons mouse connected to serial port
 - vuidm4p: 3 buttons mouse connected to serial port
 - vuidm5p: Microsoft/Logitech mouse with a wheel
 - vuid2ps2: 2 buttons mouse connected to PS/2 port
 - vuid3ps2: 3 buttons mouse connected to PS/2 port

A vulnerability in these modules permits an user accessing the console to render it unusable.



A local attacker can thus create a denial of service of the console.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2007-4924

Opal: denial of service via a SIP packet

Synthesis of the vulnerability

A remote attacker can create a denial of service of an application using the Opal library by sending a malicious SIP packet.
Severity: 2/4.
Creation date: 08/10/2007.
Revision date: 12/10/2007.
Identifiers: 296371, BID-25955, CVE-2007-4924, MDKSA-2007:205, RHSA-2007:0957-01, S21SEC-037-en, SUSE-SR:2007:021, VIGILANCE-VUL-7215.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The opal library normalize different telephony protocols into a single call model.

The SIP_PDU::Read() method located in the /opal/src/sip/sippdu.cxx file read information located in SIP packets received by the client.

The control made on the "Content-Length" parameter are insufficient. A SIP packet can thus be construct with a negative "Content-Length" in order to cause a crash of the application using the opal library.

A remote attacker can thus create a denial of service of an application using the opal library.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2007-4897

PWLib: memory corruption via vsprintf

Synthesis of the vulnerability

An memory management error in the vsprintf() function can lead to a memory corruption of application using the PWLib library.
Severity: 2/4.
Creation date: 08/10/2007.
Identifiers: 292831, CERTA-2007-AVI-478, CVE-2007-4897, MDKSA-2007:206, RHSA-2007:0932-01, S21SEC-036-en, VIGILANCE-VUL-7214.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The multi-platform library PWLib implements basic classes (arrays, lists, strings).

The PString::vsprintf() method located in the /pwlib/src/ptlib/common/contain.cxx file is used to write a formatted string using syntax of printf() family functions. This method allocates memory by blocs of 1000 octets and use this reallocated memory space in order to stock result of the vsnprintf() function.

However, when data size is greater than 1000 octets, the parameter limiting the size in vsnprintf() become negative, which lead to a memory corruption.

A remote attacker can thus create a denial of service or run code in the context of applications using PWLib.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2007-3918

Gforge: Cross Site Scripting in verify.php

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting attack in the verify.php script of Gforge.
Severity: 2/4.
Creation date: 05/10/2007.
Identifiers: BID-25923, CVE-2007-3918, DSA-1383-1, VIGILANCE-VUL-7213.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Gforge tool provides a workspace for developers.

The www/account/verify.php script is used to validate users subscriptions on the Gforge environment. The confirm_hash parameter contains a random sent by mail to the user.

However, verify.php does not filter special characters in confirm_hash.

An attacker can therefore generate a Cross Site Scripting attack.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 683 684 685 686 687 688 689 690 691 693 695 696 697 698 699 700 701 702 703 721 741 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926