The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

vulnerability CVE-2008-0083

Windows: code execution via VBScript/JScript

Synthesis of the vulnerability

An attacker can create a HTML page containing a VBScript/JScript script encoded in a malicious way in order to execute code on victim's computer.
Impacted products: Windows 2000, Windows 2003, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 09/04/2008.
Identifiers: 944338, BID-28551, CERTA-2008-AVI-193, CVE-2008-0083, MS08-022, VIGILANCE-VUL-7740.

Description of the vulnerability

VBScript and JScript scripts can be encoded to ensure that users cannot copy the code by looking at the source of the HTML page. Encoded scripts are decoded by VBScript.dll and JScript.dll.

However, when malformed data is decoded, a memory corruption can occur. This corruption leads to code execution.

An attacker can therefore create a HTML page containing a VBScript/JScript script encoded in a malicious way in order to execute code on victim's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-1083 CVE-2008-1087

Windows: code execution via GDI EMF/WMF

Synthesis of the vulnerability

An attacker can create a malicious EMF/WMF image in order to execute code when it is displayed.
Impacted products: Windows 2000, Windows 2003, Windows 2008 R0, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/04/2008.
Revision date: 15/04/2008.
Identifiers: 948590, BID-28570, BID-28571, CERTA-2008-AVI-192, CVE-2008-1083, CVE-2008-1087, MS08-021, VIGILANCE-VUL-7739, VU#632963, ZDI-08-020.

Description of the vulnerability

The GDI interface (Graphics Device Interface) is used by applications to display and print text and graphics. Two vulnerabilities of GDI can be exploited via WMF (Windows Metafile) or EMF (Enhanced Metafile) images.

A malicious WMF or EMF image creates an integer overflow in CreateDIBPatternBrushPt(), which leads to a heap overflow. [severity:4/4; BID-28570, CERTA-2008-AVI-192, CVE-2008-1083, VU#632963, ZDI-08-020]

A malicious EMF file creates a stack overflow. [severity:4/4; BID-28571, CVE-2008-1087]

An attacker can therefore create a malicious EMF/WMF image in order to corrupt the memory and to execute code when the image is displayed.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2008-1515

OTRS: access via SOAP

Synthesis of the vulnerability

An attacker can access to OTRS via SOAP without authenticating.
Impacted products: Fedora, openSUSE, OTRS Help Desk.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: intranet client.
Creation date: 08/04/2008.
Identifiers: BID-28647, CVE-2008-1515, FEDORA-2008-3100, OSA-2008-01, SUSE-SR:2008:08, VIGILANCE-VUL-7738.

Description of the vulnerability

The OTRS (Open Ticket Request System) product provides an environment to handle incident tickets.

It has a SOAP interface which can be used by applications to directly interact with the tool. However, an authentication check is missing.

A network attacker can therefore connect and change tickets via SOAP without authenticating.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-3544

OpenView NNM: several vulnerabilities of ovalarmsrv

Synthesis of the vulnerability

An attacker can use several vulnerabilities of the OVALARMSRV service of Openview NNM in order to create a denial of service or to execute code.
Impacted products: HPE NMC, OpenView, OpenView NNM, HP-UX.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 08/04/2008.
Revisions dates: 09/04/2008, 15/04/2008.
Identifiers: BID-28668, c01537275, CVE-2008-3544, HPSBMA02362, SSRT080044, SSRT080045, VIGILANCE-VUL-7737.

Description of the vulnerability

The Openview NNM (Network Node Manager) product manages a network of computers. The OVALARMSRV service, which listens on ports 2953/tcp and 2954/tcp, handles alarms. It has three vulnerabilities.

An attacker can send a message containing format characters to the 2953/tcp port in order to generate a format string attack leading to code execution. [severity:3/4]

An attacker can send a query longer than 512 bytes to the 2954/tcp port in order to create a buffer overflow leading to code execution. [severity:3/4]

An attacker can send malformed queries to 2953/tcp and 2954/tcp ports in order to create a denial of service. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2008-1687 CVE-2008-1688

m4: code execution

Synthesis of the vulnerability

Two vulnerabilities of m4 can be used by an attacker to execute macros or code.
Impacted products: Slackware, Unix (platform) ~ not comprehensive.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/04/2008.
Identifiers: BID-28688, CVE-2008-1687, CVE-2008-1688, SSA:2008-098-01, VIGILANCE-VUL-7736.

Description of the vulnerability

The m4 program interprets text files in order to generate a result. This interpreter has two vulnerabilities.

The maketemp and mkstemp macros generate random filenames. It is possible, but unlikely, that the generated name is the name of a macro. When these names are used, they thus have to be handled as a string between quote characters. However, this is not the case, thus the associated macro can be executed. [severity:1/4; CVE-2008-1687]

The "-F" option introduced in version 1.4 can be used to save the internal state in a ".m4f" file. When it is used with file names containing format characters, a format attack can occur and lead to code execution. [severity:1/4; CVE-2008-1688]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2008-1531

lighttpd: denial of service of SSL

Synthesis of the vulnerability

An attacker can prematurely close his SSL session in order to stop all SSL sessions.
Impacted products: Debian, Fedora, lighttpd, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 08/04/2008.
Identifiers: BID-28489, CERTA-2008-AVI-177, CVE-2008-1531, DSA-1540-3, FEDORA-2008-4119, SUSE-SR:2008:011, VIGILANCE-VUL-7735.

Description of the vulnerability

The lighttpd program is a web server implementing SSL/https.

When several SSL sessions are open, and when one of them is prematurely closed, the error stack is not correctly handled, and an error can propagate to other sessions, which stops them.

An attacker can thus interrupt all active SSL sessions.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2007-4620

CA Alert Notification Server: code execution

Synthesis of the vulnerability

An authenticated attacker can use overflows of the CA Alert Notification Server service in order to elevate his privileges.
Impacted products: CA Antivirus, e-Trust Antivirus.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 04/04/2008.
Identifiers: BID-28605, CERTA-2008-AVI-184, CVE-2007-4620, VIGILANCE-VUL-7734.

Description of the vulnerability

The CA Alert Notification Server service is installed by several Computer Associates (CA) products.

This service does not check parameters provided by clients, which lead to buffer overflows.

An authenticated attacker can use these overflows in order to elevate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2008-1761 CVE-2008-1762 CVE-2008-1764

Opera: code execution

Synthesis of the vulnerability

Two vulnerabilities of Opera can be used by an attacker to execute code.
Impacted products: Opera.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/04/2008.
Identifiers: BID-28585, CVE-2008-1761, CVE-2008-1762, CVE-2008-1764, VIGILANCE-VUL-7733.

Description of the vulnerability

Two vulnerabilities of Opera can lead to code execution.

An attacker can create a web site proposing a malicious newsfeed in order to corrupt the memory, when victim sees the HTML page containing this feed. [severity:3/4; CVE-2008-1761]

An attacker can create a HTML page resizing an image in order to corrupt the memory. [severity:3/4; CVE-2008-1762]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2008-1797

Webwasher: denial of service

Synthesis of the vulnerability

An attacker can use a malicious url in order to create a denial of service of Webwasher when it is installed under Linux.
Impacted products: Webwasher.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet server.
Creation date: 04/04/2008.
Identifiers: BID-28600, CVE-2008-1797, VIGILANCE-VUL-7732.

Description of the vulnerability

The Webwasher product is available as:
 - an appliance based on a Linux system
 - a software to be installed on Linux
 - a software to be installed on Windows
A vulnerability impacts versions installed on Linux.

Indeed, the url parsing incorrectly uses a Linux feature, which blocks the program.

An attacker located on the internal network can thus use a malicious url in order to create the denial of service. An external attacker can also invite an internal user to visit a malicious url.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-1013 CVE-2008-1014 CVE-2008-1015

QuickTime: several vulnerabilities

Synthesis of the vulnerability

Several QuickTime vulnerabilities can lead to code execution.
Impacted products: QuickTime.
Severity: 3/4.
Consequences: user access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 03/04/2008.
Revisions dates: 04/04/2008, 11/09/2008.
Identifiers: BID-28583, CERTA-2008-AVI-179, CVE-2008-1013, CVE-2008-1014, CVE-2008-1015, CVE-2008-1016, CVE-2008-1017, CVE-2008-1018, CVE-2008-1019, CVE-2008-1020, CVE-2008-1021, CVE-2008-1022, CVE-2008-1023, CVE-2008-1739, VIGILANCE-VUL-7731, ZDI-08-014, ZDI-08-015, ZDI-08-016, ZDI-08-017, ZDI-08-018, ZDI-08-019.

Description of the vulnerability

Several QuickTime vulnerabilities can lead to code execution.

A malicious Java applet can deserialize a QTJava object in order to execute code. [severity:3/4; CERTA-2008-AVI-179, CVE-2008-1013]

A video can open an external url in order to obtain information. [severity:1/4; CVE-2008-1014]

A malicious video can create a buffer overflow leading to code execution. [severity:3/4; CVE-2008-1015]

A video can contain a malicious track corrupting the memory in order to execute code. [severity:3/4; CVE-2008-1016]

A video can contain a malicious "crgn" field generating an overflow in order to execute code. [severity:3/4; CVE-2008-1017, ZDI-08-015]

A video can contain a malicious "chan" field generating an overflow in order to execute code. [severity:3/4; CVE-2008-1018, ZDI-08-016]

A malicious PICT image generates an overflow in order to execute code. [severity:3/4; CVE-2008-1019, ZDI-08-014]

A malicious PICT image generates a heap overflow in order to execute code. [severity:3/4; CVE-2008-1020, ZDI-08-017]

A video can contain a malicious animation generating an overflow in order to execute code. [severity:3/4; CVE-2008-1021, ZDI-08-018]

A video can contain a malicious "obji" field generating an overflow in order to execute code. [severity:3/4; CVE-2008-1022, ZDI-08-019]

A malicious PICT image generates a heap overflow in order to execute code. [severity:3/4; CVE-2008-1023]

A video can contain a malicious "ftyp" field generating an overflow in order to execute code. [severity:1/4; CVE-2008-1739]
Full Vigil@nce bulletin... (Free trial)

Previous page   Next page

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2819