The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of GroupShield

computer vulnerability note CVE-2015-4808 CVE-2015-6013 CVE-2015-6014

Oracle Outside In Technology: multiple vulnerabilities of January 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Outside In Technology.
Impacted products: GroupShield, McAfee Security for Email Servers, Exchange, Oracle OIT.
Severity: 3/4.
Creation date: 20/01/2016.
Identifiers: cpujan2016, CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, CVE-2016-0432, VIGILANCE-VUL-18759, VU#916896.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Outside In Technology.

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4808]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-6013]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-6014]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-6015]

An attacker can use a vulnerability of Filters, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0432]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2014-0160

OpenSSL: information disclosure via Heartbeat

Synthesis of the vulnerability

An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Impacted products: Tomcat, ArubaOS, i-Suite, ProxyAV, ProxySG par Blue Coat, SGOS by Blue Coat, ARCserve Backup, ASA, Cisco Catalyst, IOS XE Cisco, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Cisco IP Phone, Cisco Unity ~ precise, XenDesktop, MIMEsweeper, Clearswift Email Gateway, Clearswift Web Gateway, Debian, ECC, PowerPath, ArcGIS ArcView, ArcGIS for Desktop, ArcGIS for Server, Black Diamond, ExtremeXOS, Summit, BIG-IP Hardware, TMOS, Fedora, FortiClient, FortiGate, FortiGate Virtual Appliance, FortiOS, FreeBSD, HP Diagnostics, LoadRunner, Performance Center, AIX, WebSphere MQ, WS_FTP Server, IVE OS, Juniper J-Series, Junos OS, Junos Pulse, Juniper Network Connect, Juniper SA, Juniper UAC, LibreOffice, MBS, McAfee Email Gateway, ePO, GroupShield, McAfee NGFW, VirusScan, McAfee Web Gateway, Windows 8, Windows RT, MySQL Enterprise, NetBSD, OpenBSD, OpenSSL, openSUSE, Opera, Solaris, pfSense, HDX, RealPresence Collaboration Server, Polycom VBP, Puppet, RHEL, RSA Authentication Manager, SIMATIC, Slackware, Sophos AV, Splunk Enterprise, Stonesoft NGFW/VPN, stunnel, ASE, OfficeScan, Ubuntu, Unix (platform) ~ not comprehensive, ESXi, VMware Player, vCenter Server, VMware vSphere, VMware vSphere Hypervisor, VMware Workstation, Websense Email Security, Websense Web Filter, Websense Web Security.
Severity: 3/4.
Creation date: 08/04/2014.
Identifiers: 1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951.

Description of the vulnerability

The Heartbeat extension of TLS (RFC 6520) provides a keep-alive feature, without performing a renegotiation. It exchanges random data in a payload.

Version 1.0.1 of OpenSSL implements Heartbeat, which is enabled by default. The [d]tls1_process_heartbeat() function manages Heartbeat messages. However, it does not check the size of random data, and continues to read after the end of the payload, and then sends the full memory area (up to 64kb) to the peer (client or server).

An attacker can therefore use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2013-0393 CVE-2013-0418

Oracle Outside In Technology: several vulnerabilities of January 2013

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are fixed by the CPU of January 2013.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 3/4.
Creation date: 16/01/2013.
Revision date: 18/01/2013.
Identifiers: 2809279, BID-57357, BID-57364, CERTA-2013-AVI-041, CERTA-2013-AVI-116, cpujan2013, CVE-2013-0393, CVE-2013-0418, MS13-012, VIGILANCE-VUL-12333, ZDI-13-001.

Description of the vulnerability

A Critical Patch Update fixes several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can create malicious Paradox data, in order to force the vspdx.dll library to read at an invalid memory address, which leads to a denial of service. [severity:2/4; BID-57357, CVE-2013-0393]

An attacker can create malicious Paradox data, in order to trigger a buffer overflow in the vspdx.dll library, which can lead to code execution. [severity:3/4; BID-57364, CVE-2013-0418]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2012-3214 CVE-2012-3217

Oracle Outside In Technology: several vulnerabilities of October 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are corrected by the CPU of October 2012.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 2/4.
Creation date: 17/10/2012.
Identifiers: 2784242, BID-55977, BID-55993, CERTA-2012-AVI-578, CERTA-2013-AVI-117, cpuoct2012, CVE-2012-3214, CVE-2012-3217, MS13-013, PRL-2012-30, VIGILANCE-VUL-12076.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can create a malicious JPG image, which generates an error in the ibjpg2.flt filter, in order to create a denial of service. [severity:2/4; BID-55977, CVE-2012-3214, PRL-2012-30]

An attacker can use a vulnerability of Outside In HTML Export SDK, in order to create a denial of service. [severity:2/4; BID-55993, CVE-2012-3217]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2012-1744 CVE-2012-1766 CVE-2012-1767

Oracle Outside In Technology: several vulnerabilities of July 2012

Synthesis of the vulnerability

Several vulnerabilities of Oracle Outside In Technology are corrected by the CPU of July 2012.
Impacted products: McAfee Email and Web Security, GroupShield, McAfee Security for Email Servers, Exchange, MOSS, Oracle OIT, Symantec Enterprise Vault.
Severity: 3/4.
Creation date: 25/07/2012.
Identifiers: 2737111, 2740358, 2742321, BID-54497, BID-54500, BID-54504, BID-54506, BID-54511, BID-54531, BID-54536, BID-54541, BID-54543, BID-54546, BID-54548, BID-54550, BID-54552, BID-54554, CERTA-2012-ALE-004, CERTA-2012-AVI-393, CERTA-2012-AVI-441, CERTA-2012-AVI-541, CERTA-2012-AVI-557, cpujul2012, CVE-2012-1744, CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110, KB75998, MS12-058, MS12-067, PRL-2012-24, PRL-2012-25, PRL-2012-26, SYM12-015, VIGILANCE-VUL-11794, VU#118913.

Description of the vulnerability

A Critical Patch Update corrects several vulnerabilities of Oracle Outside In Technology. These libraries are used by several products, which are thus also impacted by these vulnerabilities.

An attacker can use a vulnerability of the CDR format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54531, CVE-2012-1766]

An attacker can use a vulnerability of the DOC format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54536, CVE-2012-1767]

An attacker can use a vulnerability of the DPT format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54511, CVE-2012-1768]

An attacker can use a vulnerability of the JP2 format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54500, CVE-2012-1769]

An attacker can use a vulnerability of the LWP format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54541, CVE-2012-1770]

An attacker can use a vulnerability of the ODG format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54543, CVE-2012-1771]

An attacker can use a vulnerability of the PCX format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54497, CVE-2012-1772]

An attacker can use a vulnerability of the PDF format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54548, CVE-2012-1773]

An attacker can use a vulnerability of the SAM format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54546, CVE-2012-3106]

An attacker can use a vulnerability of the SXD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54504, CVE-2012-3107]

An attacker can use a vulnerability of the SXI format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54550, CVE-2012-3108]

An attacker can use a vulnerability of the VSD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54554, CVE-2012-3109]

An attacker can use a vulnerability of the WSD format, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54506, CVE-2012-3110]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-54552, CVE-2012-1744]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2012-1425 CVE-2012-1429 CVE-2012-1442

McAfee antivirus: bypassing via CAB, CHM, ELF, EXE, Office, RAR, TAR, ZIP

Synthesis of the vulnerability

An attacker can create an archive or a program containing a virus, which is not detected by McAfee antivirus.
Impacted products: GroupShield, VirusScan.
Severity: 2/4.
Creation date: 21/03/2012.
Identifiers: BID-52580, BID-52581, BID-52598, BID-52600, BID-52606, BID-52608, BID-52610, BID-52612, BID-52614, BID-52621, BID-52623, BID-52626, CVE-2012-1425, CVE-2012-1429, CVE-2012-1442, CVE-2012-1443, CVE-2012-1446, CVE-2012-1453, CVE-2012-1454, CVE-2012-1456, CVE-2012-1457, CVE-2012-1459, CVE-2012-1461, CVE-2012-1463, VIGILANCE-VUL-11475.

Description of the vulnerability

Tools extracting archives (CAB, TAR, ZIP, etc.) accept to extract archives which are slightly malformed. Systems also accept to execute programs (ELF, EXE) which are slightly malformed. However, McAfee antivirus does not detect viruses contained in these archives/programs.

A TAR archive containing "\50\4B\03\04" as its first 4 bytes bypasses the detection. [severity:1/4; BID-52580, CVE-2012-1425]

An ELF program containing "ustar" at offset 257 bypasses the detection. [severity:2/4; BID-52581, CVE-2012-1429]

An EXE program containing a large "class" field bypasses the detection. [severity:2/4; BID-52598, CVE-2012-1442]

A RAR archive containing "MZ" as its first 2 bytes bypasses the detection. [severity:1/4; BID-52612, CVE-2012-1443]

An ELF program containing a large "encoding" field bypasses the detection. [severity:2/4; BID-52600, CVE-2012-1446]

A CAB archive containing a large "coffFiles" field bypasses the detection. [severity:1/4; BID-52621, CVE-2012-1453]

An ELF program containing a large "ei_version" field bypasses the detection. [severity:2/4; BID-52606, CVE-2012-1454]

A ZIP archive starting by TAR data bypasses the detection. [severity:1/4; BID-52608, CVE-2012-1456]

A TAR archive with a large size bypasses the detection. [severity:1/4; BID-52610, CVE-2012-1457]

A TAR archive with a header containing a large value bypasses the detection. [severity:1/4; BID-52623, CVE-2012-1459]

A TAR+GZ archive containing two streams bypasses the detection. [severity:1/4; BID-52626, CVE-2012-1461]

An ELF program with a changed 5th byte bypasses the detection. [severity:2/4; BID-52614, CVE-2012-1463]

An attacker can therefore create an archive containing a virus which is not detected by the antivirus, but which is extracted by extraction tools. The virus is then detected once it has been extracted on victim's computer. An attacker can also create a program, containing a virus which is not detected by the antivirus, but which can be run by the system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2012-0110

McAfee GroupShield, Symantec Enterprise Vault: code execution via Oracle Outside In

Synthesis of the vulnerability

An attacker can send a malformed Lotus 123 file to an application using Oracle Outside In module, in order to execute code.
Impacted products: GroupShield, Symantec Enterprise Vault.
Severity: 2/4.
Creation date: 19/01/2012.
Identifiers: CVE-2012-0110, MAPG-8QKLAG, SYM12-004, TECH182366, VIGILANCE-VUL-11304, VU#738961.

Description of the vulnerability

The Oracle Outside In product offers data conversion features. The McAfee GroupShield and Symantec Enterprise Vault products use Oracle Outside In.

The vswk4.dll (libvs_wk4.so) library of Oracle Outside In decodes files in format Lotus 123 version 4. However, a malformed file corrupts the memory of vswk4.dll.

An attacker can therefore send a malformed Lotus 123 file to an application using Oracle Outside In module, in order to execute code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2011-0794 CVE-2011-0808 CVE-2011-2264

McAfee GroupShield, Symantec Enterprise Vault: three vulnerabilities of Oracle Outside In

Synthesis of the vulnerability

Three vulnerabilities of the Oracle Outside In module impact McAfee GroupShield and Symantec Enterprise Vault.
Impacted products: GroupShield, Symantec Enterprise Vault.
Severity: 3/4.
Creation date: 02/09/2011.
Revision date: 23/09/2011.
Identifiers: BID-47435, BID-47437, BID-48766, CERTA-2011-AVI-492, CERTA-2011-AVI-497, CERTA-2011-AVI-603, CERTA-2012-AVI-041, CVE-2011-0794, CVE-2011-0808, CVE-2011-2264, SYM11-011, TECH167455, VIGILANCE-VUL-10967, VU#103425, VU#520721.

Description of the vulnerability

The Oracle Outside In product offers data conversion features. The McAfee GroupShield and Symantec Enterprise Vault products use Oracle Outside In. However, three vulnerabilities were announced in the Oracle Outside In module.

An attacker can use a vulnerability of Oracle Outside In Technology, in order to obtain information, to alter information, or to create a denial of service. [severity:3/4; BID-48766, CERTA-2011-AVI-497, CERTA-2012-AVI-041, CVE-2011-2264, VU#103425]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to create a denial of service. [severity:1/4; BID-47435, CERTA-2011-AVI-492, CERTA-2011-AVI-603, CVE-2011-0794, VU#520721]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to create a denial of service. [severity:1/4; BID-47437, CVE-2011-0808, VU#520721]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2009-1348

F-Secure, McAfee, Symantec: bypassing via PDF

Synthesis of the vulnerability

An attacker can create a malicious PDF document which is not detected by F-Secure, McAfee and Symantec products.
Impacted products: F-Secure AV, GroupShield, McAfee Security for Email Servers, VirusScan, Norton Antivirus, Norton Internet Security, Symantec AV.
Severity: 2/4.
Creation date: 28/10/2009.
Identifiers: BID-36848, BID-36876, CERTA-2009-AVI-172, CVE-2009-1348, FSC-2009-3, G-SEC 47-2009, G-SEC 48-2009, G-SEC 49-2009, SB10003, VIGILANCE-VUL-9133.

Description of the vulnerability

A PDF document can be especially constructed to be read by Adobe Reader, but to be unrecognized by an antivirus software. An attacker can create such a document, and thus bypass products of three editors.

A malicious PDF document is not detected by Symantec and Norton products. [severity:2/4; G-SEC 47-2009]

A malicious PDF document is not detected by F-Secure products. [severity:2/4; BID-36876, FSC-2009-3, G-SEC 48-2009]

A malicious PDF document is not detected by McAfee products. A malicious TAR archive is also not detected by McAfee products. [severity:2/4; BID-36848, CERTA-2009-AVI-172, CVE-2009-1348, G-SEC 49-2009, SB10003]

An attacker can therefore create a malicious PDF document which is not detected by F-Secure, McAfee and Symantec products.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2005-0643 CVE-2005-0644

McAfee : buffer overflow de fichier LHA

Synthesis of the vulnerability

Un attaquant peut créer une archive LHA illicite dans le but de faire exécuter du code sur l'antivirus.
Impacted products: GroupShield, VirusScan.
Severity: 3/4.
Creation date: 18/03/2005.
Revision date: 21/03/2005.
Identifiers: 190, BID-12832, CVE-2005-0643, CVE-2005-0644, V6-MCAFEEAVLHABOF, VIGILANCE-VUL-4833, VU#361180.

Description of the vulnerability

Le moteur d'analyse des antivirus McAfee supporte les archives au format LHA.

Un attaquant peut créer une archive LHA, au format spécial, et contenant un fichier dont la taille du nom est comprise entre 304 et 359 octets. Lorsque le moteur d'analyse ouvre cette archive, un buffer overflow se produit.

Cette vulnérabilité permet ainsi à un attaquant distant de faire exécuter du code sur l'antivirus.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.