The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Windows Embedded CE

computer vulnerability CVE-2009-0901 CVE-2009-2493 CVE-2009-2495

Visual Studio: vulnerabilities of ATL

Synthesis of the vulnerability

An attacker can use an ActiveX developped with the Active Template Library, provided by Visual Studio, in order to execute code in the web browser of victims.
Impacted products: Flash Player, Acrobat, Shockwave Player, IE, Visual Studio, Windows CE, Windows (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 28/07/2009.
Identifiers: 110591, 969706, APSA09-04, APSB09-10, APSB09-11, BID-35828, BID-35830, BID-35832, CERTA-2009-AVI-300, CERTA-2009-AVI-435, CERTA-2009-AVI-440, CERTA-2009-AVI-516, CERTA-2009-AVI-538, CERTA-2010-AVI-083, cisco-sa-20090728-activex, CSCta71728, CVE-2009-0901, CVE-2009-2493, CVE-2009-2495, MS09-035, VIGILANCE-VUL-8895, VU#456745.

Description of the vulnerability

The Visual Studio development environment provides the ATL (Active Template Library) library, which is used to create ActiveX. Three vulnerabilities impact ATL. An attacker can use Internet Explorer to exploit these vulnerabilities (Visual Studio does not have to be installed to be impacted).

An attacker can call VariantClear() on a uninitialized VARIANT in order to control an error handler, which leads to code execution. [severity:3/4; BID-35832, CERTA-2009-AVI-300, CERTA-2009-AVI-440, CERTA-2009-AVI-516, CERTA-2010-AVI-083, CVE-2009-0901]

An attacker can use OleLoadFromStream() to instanciate all ActiveX (even those with the Kill Bit). [severity:3/4; BID-35828, CERTA-2009-AVI-435, CERTA-2009-AVI-538, CVE-2009-2493]

An attacker can force a read on a string not ending with '\0', in order to obtain information from memory. [severity:2/4; BID-35830, CVE-2009-2495]

An attacker can therefore invite the victim to see a HTML page containing a vulnerable ActiveX, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2008-2160

Windows CE: code execution via GIF/JPEG

Synthesis of the vulnerability

An attacker can create a malicious GIF or JPEG image in order to execute code on the computer of victims displaying it.
Impacted products: Windows CE, Windows Mobile.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/05/2008.
Identifiers: 948812, BID-29147, CVE-2008-2160, VIGILANCE-VUL-7819.

Description of the vulnerability

Two vulnerabilities impact the image handling of Windows CE.

A malicious GIF image creates a vulnerability in img_gifdecoder.lib. [severity:3/4]

A malicious JPEG image creates a vulnerability in gdi_render.lib (GDI+). [severity:3/4]

An attacker can therefore invite the victim to see a malicious image in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 6902

Windows CE 4.2: several vulnerabilities

Synthesis of the vulnerability

Several error affecting Windows CE can have an impact on security.
Impacted products: Windows CE, Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 8.
Creation date: 12/06/2007.
Identifiers: BID-24420, BID-24424, BID-24427, BID-24445, BID-24469, KB826296, KB829492, KB833270, KB837052, KB843373, KB875504, KB891786, KB908362, VIGILANCE-VUL-6902.

Description of the vulnerability

Several error affecting Windows CE can have an impact on security.

A buffer overflow can occur in GetMachineName() function. [severity:2/4; KB826296]

A buffer overflow can occur. [severity:2/4; KB843373]

When a mailbox contains over 2000 messages, the POP3 connection hangs. [severity:2/4; BID-24469, KB829492]

An integer overflow can occur in ASN.1 library. [severity:2/4; BID-24445, KB837052]

A malicious PNG image can generate several vulnerabilities. [severity:2/4; BID-24420, KB875504]

An unknown vulnerability affects TCP/IP stack of system. [severity:2/4; BID-24424, KB908362]

A buffer overflow can occur in the ASP parser of web server. [severity:2/4; BID-24427, KB833270]

An unknown vulnerability affects Passport. [severity:2/4; KB891786]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-0021

Windows CE 5, 6: several vulnerabilities

Synthesis of the vulnerability

Several error affecting Windows CE can have an impact on security.
Impacted products: Windows CE, Windows Mobile.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 10.
Creation date: 12/06/2007.
Identifiers: BID-16645, BID-24391, BID-24393, BID-24394, BID-24444, CERTA-2006-AVI-072, CVE-2006-0021, KB890061, KB918456, KB918755, KB930642, KB933434, KB933679, KB933680, KB934175, KB935825, KB936001, VIGILANCE-VUL-6900, VU#839284.

Description of the vulnerability

Several error affecting Windows CE can have an impact on security.

Several errors affect .NET 2.0. [severity:2/4; KB934175]

A remote attacker can generate a denial of service in RNDIS. [severity:2/4; BID-24391, KB933434]

An attacker can create a malicious web server generating a buffer overflow in WININET.DLL. [severity:2/4; BID-24393, KB933680]

An error can occur in MSHTML when a malicious web site is displayed. [severity:2/4; KB935825]

An attacker can create a malicious SSL web server generating a buffer overflow in WININET.DLL. [severity:2/4; BID-24394, KB936001]

An attacker can create a malicious web server generating a buffer overflow in WININET.DLL. [severity:2/4; BID-24393, KB933679]

An attacker can conduct a Cross Site Scripting attack. [severity:2/4; KB918456]

A malicious web site can corrupt system memory. [severity:2/4; KB918755]

An attacker can corrupt memory of .NET Compact Framework. [severity:2/4; BID-24444, KB890061]

An attacker can generate a denial of service via IGMP (VIGILANCE-VUL-5612). [severity:2/4; BID-16645, CERTA-2006-AVI-072, CVE-2006-0021, KB930642, VU#839284]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2007-0674 CVE-2007-0685 CVE-2007-0878

Windows Mobile: denials of service

Synthesis of the vulnerability

An attacker can create malicious documents generating denials of service on Windows Mobile.
Impacted products: Windows CE, Windows Mobile.
Severity: 2/4.
Consequences: denial of service on server.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/02/2007.
Identifiers: BID-22343, BID-22500, CVE-2007-0674, CVE-2007-0685, CVE-2007-0878, VIGILANCE-VUL-6516.

Description of the vulnerability

Two denials of service affect Windows Mobile.

A memory corruption occurs when Internet Explorer displays a malicious web site. [severity:2/4; BID-22500, CVE-2007-0685]

A denial of service occurs when Pictures and Videos reads a malicious JPEG image. [severity:2/4; CVE-2007-0674]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 4705

Pocket IE : obtention d'informations

Synthesis of the vulnerability

Un attaquant peut combiner 3 vulnérabilités de Pocket Internet Explorer pour obtenir les cookies de l'utilisateur.
Impacted products: Windows CE.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 27/01/2005.
Identifiers: V6-POCKETIE3VUL, VIGILANCE-VUL-4705.

Description of the vulnerability

Le logiciel Pocket Internet Explorer est le navigateur web fourni avec "Windows Mobile pour Pocket PC 2003" (Pocket PC 2003, basé sur Windows CE 4.2).

Ce navigateur comporte 3 vulnérabilités :
 - le nom du serveur web peut être masqué dans l'url
 - l'accès à certains types de fichiers est autorisé
 - le tag DIV peut être employé pour mener une attaque de type Cross Site Scripting

En combinant ces vulnérabilités, un attaquant peut par exemple obtenir les cookies de l'utilisateur.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 4408

Facilitation d'infection virale

Synthesis of the vulnerability

Une structure du noyau est accessible et facilite la création de virus.
Impacted products: Windows CE.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 21/09/2004.
Identifiers: BID-11218, V6-WINCEKDATASTRUCTREAD, VIGILANCE-VUL-4408.

Description of the vulnerability

Le module coredll.dll contient les principales fonctions du système. Un virus doit y accéder afin de se répliquer simplement sur les différentes versions du système.

Un processus, exécuté en mode utilisateur, peut accéder à la structure KDataStruct stockée à l'adresse mémoire 0xffffc800. Cette structure contient les informations sur tous les modules, et permet donc d'accéder indirectement à coredll.dll. Normalement, ces informations ne devraient pas être accessibles.

Un virus peut donc lire KDataStruct afin de supporter toutes les versions de Windows CE.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.