The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.
History of vulnerabilities analyzed by Vigil@nce:

computer weakness alert CVE-2008-1842

OpenView NNM: integer overflow of ovspmd

Synthesis of the vulnerability

An attacker can send malicious data to ovspmd in order to create a denial of service or to execute code.
Severity: 3/4.
Creation date: 09/04/2008.
Identifiers: BID-28689, c01466051, CVE-2008-1842, HPSBMA02338, SSRT080024, SSRT080041, VIGILANCE-VUL-7750.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ovspmd daemon, used by OpenView Network Node Manager, listens on the port 8886/tcp.

This service uses messages composed:
 - of a size stored on 4 bytes,
 - followed by "size-4" bytes of data
The maximal size which can be received is 9216 bytes. However, the size check uses a signed integer. An attacker can therefore use a size greater than 0x80000000 in order to bypass the check and to create an overflow.

An attacker can thus send long data to ovspmd in order to create a denial of service or to execute code.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2007-5399 CVE-2007-5405 CVE-2007-5406

Lotus Notes: several vulnerabilities

Synthesis of the vulnerability

An attacker can execute code with rights of victims opening a malicious file with Lotus Notes.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 09/04/2008.
Identifiers: 1298453, 2007-107, 2007-92, 2007-96, 2008-12, BID-28454, CERTA-2008-AVI-199, CVE-2007-5399, CVE-2007-5405, CVE-2007-5406, CVE-2007-6020, CVE-2008-0066, CVE-2008-1101, VIGILANCE-VUL-7749.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can execute code with rights of victims opening a malicious file with Lotus Notes. Indeed, several vulnerabilities impact supported viewers.

A buffer overflow can occur in kpagrdr.dll when a malicious Applix Presents (.ag) document is displayed. [severity:3/4; 2007-96, CVE-2007-5405]

An infinite loop can occur in kpagrdr.dll when a malicious Applix Presents (.ag) document is displayed. [severity:1/4; CERTA-2008-AVI-199, CVE-2007-5406]

A buffer overflow can occur in foliosr.dll when a malicious Folio Flat File (.fff) document is displayed. [severity:3/4; 2007-107, CVE-2007-6020]

A buffer overflow can occur in htmsr.dll (HTML Speed Reader) when a malicious HTML (.htm) document is displayed. [severity:3/4; CVE-2008-0066]

A buffer overflow can occur in kvdocve.dll (KeyView) when a malicious HTML attachment is displayed. [severity:3/4; 2008-12, CVE-2008-1101]

A buffer overflow can occur in mimesr.dll/emlsr.dll when a malicious MIME (mail) document is displayed. [severity:3/4; 2007-92, CVE-2007-5399]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2007-0071 CVE-2007-5275 CVE-2007-6019

Flash Player: several vulnerabilities

Synthesis of the vulnerability

Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 09/04/2008.
Identifiers: 238305, 6686059, APSB08-11, BA344, BID-26930, BID-26966, BID-28694, BID-28695, BID-28696, BID-28697, CERTA-2008-AVI-197, CVE-2007-0071, CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2008-1654, CVE-2008-1655, RHSA-2008:0221-01, SUSE-SA:2008:022, SUSE-SR:2008:025, TLSA-2008-16, VIGILANCE-VUL-7748, VU#159523, VU#935737, ZDI-08-021.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several Adobe Flash Player vulnerabilities can be used by an attacker to execute code.

An attacker can use malicious data in order to execute code. [severity:3/4; BID-28695, CERTA-2008-AVI-197, CVE-2007-0071, VU#159523]

An attacker can alter a "DeclareFunction2 Actionscript" object inside a SWF file in order to execute code. [severity:3/4; BA344, BID-28694, CVE-2007-6019, ZDI-08-021]

An attacker can create a HTML page calling a plugin and bypassing the DNS pinning protection included in web browsers (VIGILANCE-VUL-7238, DNS rebinding). [severity:1/4; BID-26930, CVE-2007-5275]

Another DNS rebinding attack can be used. [severity:1/4; BID-28697, CVE-2008-1655]

The Cross Domain policy is not sufficiently strict. [severity:2/4; BID-26966, CVE-2007-6243, VU#935737]

A script run from one domain can send HTTP headers to another domain. [severity:2/4; BID-28696, CVE-2008-1654]
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2008-1612

Squid: denial of service during cache update

Synthesis of the vulnerability

An attacker with a Squid account and a web server can stop the proxy.
Severity: 2/4.
Creation date: 09/04/2008.
Identifiers: BID-28693, CVE-2008-1612, DSA-1646-1, DSA-1646-2, FEDORA-2008-2740, MDVSA-2008:134, RHSA-2008:0214-01, SQUID-2007:2, SUSE-SR:2008:011, TLSA-2008-15, VIGILANCE-VUL-7747.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The vulnerability described in the VIGILANCE-VUL-7384 bulletin was only partially corrected by 2.6.STABLE17.

An attacker can therefore setup a website returning different headers, then connect to it via Squid, in order to stop the proxy.
Full Vigil@nce bulletin... (Free trial)

security vulnerability CVE-2008-1084

Windows: privilege elevation via the kernel

Synthesis of the vulnerability

An authenticated attacker can send malicious data to the kernel in order to obtain system privileges.
Severity: 2/4.
Creation date: 09/04/2008.
Revisions dates: 10/04/2008, 29/04/2008.
Identifiers: 941693, BID-28554, CERTA-2008-AVI-196, CVE-2008-1084, MS08-025, VIGILANCE-VUL-7746.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A program runs is user space and makes system calls to the kernel.

The ProbeForRead() and ProbeForWrite() functions of win32k.sys detect if a memory area belongs to user space:
  ProbeForRead(Address, Length, Alignment);
  ProbeForWrite(Address, Length, Alignment);
However, when Length is null, an exception is not returned if the memory address belongs to kernel space. This error can be used to bypass security restrictions and to access to kernel memory.

An authenticated attacker can therefore use invalid parameters to some system calls in order to obtain kernel privileges.
Full Vigil@nce bulletin... (Free trial)

threat alert CVE-2008-0623 CVE-2008-0624 CVE-2008-0625

IE: code execution via ActiveX

Synthesis of the vulnerability

A HTML page can call a ActiveX in order to execute code on victim's computer.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/04/2008.
Identifiers: 948881, 973346, BID-27578, BID-27579, BID-27590, BID-28606, CERTA-2008-AVI-194, CVE-2008-0623, CVE-2008-0624, CVE-2008-0625, CVE-2008-1086, MS08-023, MS09-032, VIGILANCE-VUL-7745, VU#101676, VU#340860.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Microsoft published a patch to disable two vulnerable ActiveX.

An attacker can generate an overflow in the Microsoft Help hxvz.dll HxTocCtrl ActiveX in order to execute code. [severity:2/4; BID-28606, CERTA-2008-AVI-194, CVE-2008-1086]

An attacker can generate an overflow in the AddBitmap(), AddButton() and AddImage() methods of Yahoo! JukeBox MediaGrid ActiveX in order to execute code. [severity:2/4; BID-27578, BID-27579, BID-27590, CVE-2008-0623, CVE-2008-0624, CVE-2008-0625, VU#101676, VU#340860]
Full Vigil@nce bulletin... (Free trial)

weakness announce CVE-2008-0087

Windows: poisoning the DNS client

Synthesis of the vulnerability

An attacker can predict DNS queries in order to poison the local DNS cache (stub resolver).
Severity: 2/4.
Creation date: 09/04/2008.
Revision date: 29/04/2008.
Identifiers: 945553, BID-28553, CERTA-2008-AVI-191, CVE-2008-0087, MS08-020, VIGILANCE-VUL-7744.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The DNS client is used by the system to resolve service names to IP addresses. This DNS client has its own DNS cache.

The DNS protocol defines a 16 bit identifier to associate an answer to its query. When attacker predicts this identifier and the UDP port number, he can send fake answers and thus poison the DNS cache.

The DNS client of Windows uses predictable values for the identifier and the port number. If attacker captures a sequence of queries, he can guess the next id and the port.

An attacker who captured DNS packets can therefore poison the cache of the computer.
Full Vigil@nce bulletin... (Free trial)

cybersecurity weakness CVE-2008-1089 CVE-2008-1090

Microsoft Visio: code execution

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious file with Microsoft Visio in order to execute code in his computer.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/04/2008.
Identifiers: 949032, BID-28555, BID-28556, CERTA-2008-AVI-190, CVE-2008-1089, CVE-2008-1090, MS08-019, VIGILANCE-VUL-7743.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities were announced in Microsoft Visio.

Headers of objects located in a Visio document are not correctly checked, which creates an allocation error leading to code execution. [severity:3/4; BID-28555, CERTA-2008-AVI-190, CVE-2008-1089]

When the victim opens a malicious DXF (AutoCAD) file, an allocation error occurs in DWGDP.DLL and leads to code execution. [severity:2/4; BID-28556, CVE-2008-1090]

An attacker can therefore invite the victim to open a malicious file with Microsoft Visio in order to execute code in his computer.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce 7742

Microsoft Project: code execution

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer.
Severity: 3/4.
Creation date: 09/04/2008.
Identifiers: 950183, BID-28607, MS08-018, VIGILANCE-VUL-7742, VU#155563.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When the victim opens a malicious Microsoft Project file, an allocation error occurs and corrupts the memory.



An attacker can thus invite the victim to open a malicious file with Microsoft Project in order to execute code in his computer.
Full Vigil@nce bulletin... (Free trial)

computer threat alert CVE-2008-1085

Internet Explorer: code execution via data stream

Synthesis of the vulnerability

An attacker can setup a web site returning malicious data in order to execute code on computer of victims seeing this site.
Severity: 4/4.
Creation date: 09/04/2008.
Identifiers: 947864, BID-28552, CERTA-2008-AVI-195, CVE-2008-1085, MS08-024, VIGILANCE-VUL-7741.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

When user browses a web site, Internet Explorer sends a request, and the server returns a data stream with a MIME type such as text/html.

However, if IE does not know the MIME type, a memory area can be used after being freed. This error corrupts the memory and leads to code execution.

An attacker can therefore setup a web site returning malicious data in order to execute code on computer of victims seeing this site.
Full Vigil@nce bulletin... (Free trial)

   

Direct access to page 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 732 733 734 735 736 737 738 739 740 742 744 745 746 747 748 749 750 751 752 761 781 801 821 841 861 881 901 921 941 961 981 1001 1021 1041 1061 1081 1101 1121 1141 1161 1181 1201 1221 1241 1261 1281 1301 1321 1341 1361 1381 1401 1421 1441 1461 1481 1501 1521 1541 1561 1581 1601 1621 1641 1661 1681 1701 1721 1741 1761 1781 1801 1821 1841 1861 1881 1901 1921 1941 1961 1981 2001 2021 2041 2061 2081 2101 2121 2141 2161 2181 2201 2221 2241 2261 2281 2301 2321 2341 2361 2381 2401 2421 2441 2461 2481 2501 2521 2541 2561 2581 2601 2621 2641 2661 2681 2701 2721 2741 2761 2781 2801 2821 2841 2861 2881 2901 2921 2926