ID

VAR-201202-0137


CVE

CVE-2011-3026


TITLE

Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers

Trust: 0.8

sources: CERT/CC: VU#849841

DESCRIPTION

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. Autonomy Keyview IDOL contains multiple vulnerabilities in file parsers. These vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Micro Focus Autonomy KeyView IDOL is a library from Micro Focus UK that can decode more than 1000 different file formats. A security vulnerability exists in Micro Focus Autonomy KeyView IDOL versions prior to 10.16. The following products and versions are affected: Symantec Mail Security for Microsoft Exchange prior to 6.5.8; Symantec Mail Security for Domino prior to 8.1.1; Symantec Messaging Gateway prior to 10.0.1; Symantec Data Loss Prevention (DLP) prior to 11.6.1 Versions; IBM Notes 8.5.x versions; IBM Lotus Domino 8.5.x versions prior to 8.5.3 FP4 and others. Google Chrome is an open source web browser released by Google. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2410-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff February 15, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libpng Vulnerability : integer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2011-3026 Jueri Aedla discovered an integer overflow in the libpng PNG library, which could lead to the execution of arbitrary code if a malformed image is processed. For the stable distribution (squeeze), this problem has been fixed in version 1.2.44-1+squeeze2. For the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your libpng packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ============================================================================ Ubuntu Security Notice USN-1369-1 February 17, 2012 thunderbird vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: Nicolas Gregoire and Aki Helin discovered that when processing a malformed embedded XSLT stylesheet, Thunderbird can crash due to memory corruption. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0449) It was discovered that memory corruption could occur during the decoding of Ogg Vorbis files. If the user were tricked into opening a specially crafted file, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0444) Tim Abraldes discovered that when encoding certain image types the resulting data was always a fixed size. There is the possibility of sensitive data from uninitialized memory being appended to these images. (CVE-2012-0447) It was discovered that Thunderbird did not properly perform XPConnect security checks. An attacker could exploit this to conduct cross-site scripting (XSS) attacks through web pages and Thunderbird extensions. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2012-0446) It was discovered that Thunderbird did not properly handle node removal in the DOM. If the user were tricked into opening a specially crafted page, an attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2011-3659) Alex Dvorov discovered that Thunderbird did not properly handle sub-frames in form submissions. An attacker could exploit this to conduct phishing attacks using HTML5 frames. (CVE-2012-0445) Ben Hawkes, Christian Holler, Honza Bombas, Jason Orendorff, Jesse Ruderman, Jan Odvarko, Peter Van Der Beken, Bob Clary, and Bill McCloskey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0442, CVE-2012-0443) Andrew McCreight and Olli Pettay discovered a use-after-free vulnerability in the XBL bindings. An attacker could exploit this to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. (CVE-2012-0452) Jueri Aedla discovered that libpng, which is in Thunderbird, did not properly verify the size used when allocating memory during chunk decompression. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. (CVE-2011-3026) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: thunderbird 10.0.2+build1-0ubuntu0.11.10.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1369-1 CVE-2011-3659, CVE-2012-0442, CVE-2012-0443, CVE-2012-0444, CVE-2012-0445, CVE-2012-0446, CVE-2012-0447, CVE-2012-0449, CVE-2012-0452, https://launchpad.net/bugs/923372, https://launchpad.net/bugs/929964, https://launchpad.net/bugs/933382 Package Information: https://launchpad.net/ubuntu/+source/thunderbird/10.0.2+build1-0ubuntu0.11.10.1 . ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Autonomy KeyView File Processing Vulnerabilities SECUNIA ADVISORY ID: SA51362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 RELEASE DATE: 2012-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/51362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to errors when processing unspecified file formats and can be exploited to corrupt memory. The vulnerabilities are reported in versions prior to 10.16. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC ORIGINAL ADVISORY: US-CERT VU#849841: http://www.kb.cert.org/vuls/id/849841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . This issue does not affect OS X Mountain Lion systems. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libpng: Multiple vulnerabilities Date: June 22, 2012 Bugs: #373967, #386185, #401987, #404197, #410153 ID: 201206-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in libpng might allow remote attackers to execute arbitrary code or cause a Denial of Service condition. Background ========== libpng is a standard library used to process PNG (Portable Network Graphics) images. It is used by several programs, including web browsers and potentially server processes. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libpng < 1.5.10 >= 1.5.10 *>= 1.2.49 Description =========== Multiple vulnerabilities have been discovered in libpng: * The "embedded_profile_len()" function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). * The "png_format_buffer()" function in pngerror.c contains an off-by-one error (CVE-2011-2501). * The "png_rgb_to_gray()" function in pngrtran.c contains an integer overflow error (CVE-2011-2690). * The "png_err()" function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). * The "png_handle_sCAL()" function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). * The "png_decompress_chunk()" function in pngrutil.c contains an integer overflow error (CVE-2011-3026). * The "png_inflate()" function in pngrutil.c contains and out of bounds error (CVE-2011-3045). * The "png_set_text_2()" function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). * The "png_formatted_warning()" function in pngerror.c contains an off-by-one error (CVE-2011-3464). Workaround ========== There is no known workaround at this time. Resolution ========== All libpng 1.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.5.10" All libpng 1.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libpng-1.2.49" Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========== [ 1 ] CVE-2009-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5063 [ 2 ] CVE-2011-2501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2501 [ 3 ] CVE-2011-2690 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2690 [ 4 ] CVE-2011-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2691 [ 5 ] CVE-2011-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2692 [ 6 ] CVE-2011-3026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3026 [ 7 ] CVE-2011-3045 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3045 [ 8 ] CVE-2011-3048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3048 [ 9 ] CVE-2011-3464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3464 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201206-15.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . Software Description: - xulrunner-1.9.2: Mozilla Gecko runtime environment Details: USN-1367-1 fixed vulnerabilities in libpng. ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-09-19-1 iOS 6 iOS 6 is now available and addresses the following: CFNetwork Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of sensitive information Description: An issue existed in CFNetwork's handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling. CVE-ID CVE-2012-3724 : Erling Ellingsen of Facebook CoreGraphics Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/ CVE-ID CVE-2012-1126 CVE-2012-1127 CVE-2012-1128 CVE-2012-1129 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1133 CVE-2012-1134 CVE-2012-1135 CVE-2012-1136 CVE-2012-1137 CVE-2012-1138 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144 CoreMedia Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3722 : Will Dormann of the CERT/CC DHCP Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2012-3725 : Mark Wuergler of Immunity, Inc. ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in libtiff's handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5. CVE-ID CVE-2011-1167 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libpng's handling of PNG images. These issues were addressed through improved validation of PNG images. CVE-ID CVE-2011-3026 : Juri Aedla CVE-2011-3048 CVE-2011-3328 ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A double free issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved memory management. CVE-ID CVE-2012-3726 : Phil of PKJE Consulting ImageIO Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in libTIFF's handling of TIFF images. This issue was addressed through improved validation of TIFF images. CVE-ID CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day Initiative International Components for Unicode Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution Description: A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking. CVE-ID CVE-2011-4599 IPSec Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Loading a maliciously crafted racoon configuration file may lead to arbitrary code execution Description: A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3727 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: An invalid pointer dereference issue existed in the kernel's handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling. CVE-ID CVE-2012-3728 : iOS Jailbreak Dream Team Kernel Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A local user may be able to determine kernel memory layout Description: An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3729 : Dan Rosenberg libxml Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches. CVE-ID CVE-2011-1944 : Chris Evans of Google Chrome Security Team CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences CVE-2011-3919 : Juri Aedla Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Mail may present the wrong attachment in a message Description: A logic issue existed in Mail's handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments. CVE-ID CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security Team Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Email attachments may be read without user's passcode Description: A logic issue existed in Mail's use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments. CVE-ID CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich Stuntebeck of AirWatch Mail Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker may spoof the sender of a S/MIME signed message Description: S/MIME signed messages displayed the untrusted 'From' address, instead of the name associated with the message signer's identity. This issue was addressed by displaying the address associated with the message signer's identity when it is available. CVE-ID CVE-2012-3732 : An anonymous researcher Messages Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may unintentionally disclose the existence of their email addresses Description: When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user's account. This issue was addressed by always replying from the email address the original message was sent to. CVE-ID CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC Office Viewer Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Unencrypted document data may be written to a temporary file Description: An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user's files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents. CVE-ID CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies OpenGL Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Applications that use OS X's OpenGL implementation may be vulnerable to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders. CVE-ID CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and Marc Schoenefeld of the Red Hat Security Response Team Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device could briefly view the last used third-party app on a locked device Description: A logic issue existed with the display of the "Slide to Power Off" slider on the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3735 : Chris Lawrence DBB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3736 : Ian Vitek of 2Secure AB Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: All photos may be accessible at the lock screen Description: A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked. CVE-ID CVE-2012-3737 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to a locked device may perform FaceTime calls Description: A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user's contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen. CVE-ID CVE-2012-3738 : Ade Barkah of BlueWax Inc. Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal Computing Centre (BRZ) Passcode Lock Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management. CVE-ID CVE-2012-3740 : Ian Vitek of 2Secure AB Restrictions Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A user may be able to make purchases without entering Apple ID credentials Description: After disabling Restrictions, iOS may not ask for the user's password during a transaction. This issue was addressed by additional enforcement of purchase authorization. CVE-ID CVE-2012-3741 : Kevin Makens of Redwood High School Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Websites may use characters with an appearance similar to the lock icon in their titles Description: Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles. CVE-ID CVE-2012-3742 : Boku Kihara of Lepidum Safari Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Passwords may autocomplete even when the site specifies that autocomplete should be disabled Description: Password input elements with the autocomplete attribute set to "off" were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute. CVE-ID CVE-2012-0680 : Dan Poltawski of Moodle System Logs Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Sandboxed apps may obtain system log content Description: Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory. CVE-ID CVE-2012-3743 Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may appear to have been sent by an arbitrary user Description: Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address. CVE-ID CVE-2012-3744 : pod2g Telephony Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An SMS message may disrupt cellular connectivity Description: An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking. CVE-ID CVE-2012-3745 : pod2g UIKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: An attacker that gains access to a device's filesystem may be able to read files that were being displayed in a UIWebView Description: Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection. CVE-ID CVE-2012-3746 : Ben Smith of Box WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2011-3016 : miaubiz CVE-2011-3021 : Arthur Gerkis CVE-2011-3027 : miaubiz CVE-2011-3032 : Arthur Gerkis CVE-2011-3034 : Arthur Gerkis CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur Gerkis CVE-2011-3036 : miaubiz CVE-2011-3037 : miaubiz CVE-2011-3038 : miaubiz CVE-2011-3039 : miaubiz CVE-2011-3040 : miaubiz CVE-2011-3041 : miaubiz CVE-2011-3042 : miaubiz CVE-2011-3043 : miaubiz CVE-2011-3044 : Arthur Gerkis CVE-2011-3050 : miaubiz CVE-2011-3053 : miaubiz CVE-2011-3059 : Arthur Gerkis CVE-2011-3060 : miaubiz CVE-2011-3064 : Atte Kettunen of OUSPG CVE-2011-3068 : miaubiz CVE-2011-3069 : miaubiz CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative CVE-2011-3073 : Arthur Gerkis CVE-2011-3074 : Slawomir Blazek CVE-2011-3075 : miaubiz CVE-2011-3076 : miaubiz CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team CVE-2011-3081 : miaubiz CVE-2011-3086 : Arthur Gerkis CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz CVE-2011-3090 : Arthur Gerkis CVE-2011-3105 : miaubiz CVE-2011-3913 : Arthur Gerkis CVE-2011-3924 : Arthur Gerkis CVE-2011-3926 : Arthur Gerkis CVE-2011-3958 : miaubiz CVE-2011-3966 : Aki Helin of OUSPG CVE-2011-3968 : Arthur Gerkis CVE-2011-3969 : Arthur Gerkis CVE-2011-3971 : Arthur Gerkis CVE-2012-0682 : Apple Product Security CVE-2012-0683 : Dave Mandelin of Mozilla CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP CVE-2012-2818 : miaubiz CVE-2012-3589 : Dave Mandelin of Mozilla CVE-2012-3590 : Apple Product Security CVE-2012-3591 : Apple Product Security CVE-2012-3592 : Apple Product Security CVE-2012-3593 : Apple Product Security CVE-2012-3594 : miaubiz CVE-2012-3595 : Martin Barbella of Google Chrome Security CVE-2012-3596 : Skylined of the Google Chrome Security Team CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3598 : Apple Product Security CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3600 : David Levin of the Chromium development community CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team using AddressSanitizer CVE-2012-3602 : miaubiz CVE-2012-3603 : Apple Product Security CVE-2012-3604 : Skylined of the Google Chrome Security Team CVE-2012-3605 : Cris Neckar of the Google Chrome Security team CVE-2012-3608 : Skylined of the Google Chrome Security Team CVE-2012-3609 : Skylined of the Google Chrome Security Team CVE-2012-3610 : Skylined of the Google Chrome Security Team CVE-2012-3611 : Apple Product Security CVE-2012-3612 : Skylined of the Google Chrome Security Team CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3614 : Yong Li of Research In Motion, Inc. CVE-2012-3615 : Stephen Chenney of the Chromium development community CVE-2012-3617 : Apple Product Security CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3624 : Skylined of the Google Chrome Security Team CVE-2012-3625 : Skylined of Google Chrome Security Team CVE-2012-3626 : Apple Product Security CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome Security team CVE-2012-3628 : Apple Product Security CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3640 : miaubiz CVE-2012-3641 : Slawomir Blazek CVE-2012-3642 : miaubiz CVE-2012-3644 : miaubiz CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3646 : Julien Chaffraix of the Chromium development community, Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3647 : Skylined of the Google Chrome Security Team CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the Google Chrome Security Team CVE-2012-3652 : Martin Barbella of Google Chrome Security Team CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3655 : Skylined of the Google Chrome Security Team CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3658 : Apple CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3661 : Apple Product Security CVE-2012-3663 : Skylined of Google Chrome Security Team CVE-2012-3664 : Thomas Sepez of the Chromium development community CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using AddressSanitizer CVE-2012-3666 : Apple CVE-2012-3667 : Trevor Squires of propaneapp.com CVE-2012-3668 : Apple Product Security CVE-2012-3669 : Apple Product Security CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security Team, Arthur Gerkis CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome Security Team CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security Team CVE-2012-3674 : Skylined of Google Chrome Security Team CVE-2012-3676 : Julien Chaffraix of the Chromium development community CVE-2012-3677 : Apple CVE-2012-3678 : Apple Product Security CVE-2012-3679 : Chris Leary of Mozilla CVE-2012-3680 : Skylined of Google Chrome Security Team CVE-2012-3681 : Apple CVE-2012-3682 : Adam Barth of the Google Chrome Security Team CVE-2012-3683 : wushi of team509 working with iDefense VCP CVE-2012-3684 : kuzzcc CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing) CVE-2012-3703 : Apple Product Security CVE-2012-3704 : Skylined of the Google Chrome Security Team CVE-2012-3706 : Apple Product Security CVE-2012-3708 : Apple CVE-2012-3710 : James Robinson of Google CVE-2012-3747 : David Bloom of Cue WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-3691 : Apple WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: A malicious website may be able to replace the contents of an iframe on another site Description: A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking. CVE-ID CVE-2011-3067 : Sergey Glazunov WebKit Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 Impact: Visiting a maliciously crafted website may lead to a cross- site disclosure of information Description: A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking. CVE-ID CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt, and Dan Boneh of the Stanford University Security Laboratory WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Look-alike characters in a URL could be used to masquerade a website Description: The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit's list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar. CVE-ID CVE-2012-3693 : Matt Cooley of Symantec WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs. CVE-ID CVE-2012-3695 : Masato Kinugawa WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to HTTP request splitting Description: An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization. CVE-ID CVE-2012-3696 : David Belcher of the BlackBerry Security Incident Response Team WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: A maliciously crafted website may be able to spoof the value in the URL bar Description: A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking. CVE-ID CVE-2011-2845 : Jordi Chancel WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to the disclosure of the disclosure of memory contents Description: An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization. CVE-ID CVE-2012-3650 : Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "6.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo 3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5 TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0 8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9 n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP XtT4lS60xKz63YSg79dd =LvMt -----END PGP SIGNATURE----- . The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3026 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: c4855b723b25b62a8e80f27db90c15a3 2010.1/i586/libpng3-1.2.43-1.3mdv2010.2.i586.rpm 0485c0180727805f96ae132a888827a3 2010.1/i586/libpng-devel-1.2.43-1.3mdv2010.2.i586.rpm 26f1bff42f385116d55b1685feda0a1e 2010.1/i586/libpng-source-1.2.43-1.3mdv2010.2.i586.rpm f01bdae23b93da1536aed6c3131e8f85 2010.1/i586/libpng-static-devel-1.2.43-1.3mdv2010.2.i586.rpm 17738e1f426097875b5682cba8f16415 2010.1/SRPMS/libpng-1.2.43-1.3mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0c8d9cd9c9e6f57ae72e442419a803df 2010.1/x86_64/lib64png3-1.2.43-1.3mdv2010.2.x86_64.rpm eed384ae359919c39c1ca442d0c303ba 2010.1/x86_64/lib64png-devel-1.2.43-1.3mdv2010.2.x86_64.rpm d10fafba157200fb9ddbade65ecc8d6d 2010.1/x86_64/lib64png-static-devel-1.2.43-1.3mdv2010.2.x86_64.rpm 40f7967c617dc26e3e9e9cf6963ebcd0 2010.1/x86_64/libpng-source-1.2.43-1.3mdv2010.2.x86_64.rpm 17738e1f426097875b5682cba8f16415 2010.1/SRPMS/libpng-1.2.43-1.3mdv2010.2.src.rpm Mandriva Linux 2011: bd9413334a6960530e994f48d515b5e2 2011/i586/libpng3-1.2.46-1.1-mdv2011.0.i586.rpm 08624bc6f3f185c91c20a5c11a37f7b5 2011/i586/libpng-devel-1.2.46-1.1-mdv2011.0.i586.rpm 367296b0f78af677e2b8ca3e97a10375 2011/i586/libpng-source-1.2.46-1.1-mdv2011.0.i586.rpm ba795279eb1e7d3d1c7d6733ac1613f0 2011/i586/libpng-static-devel-1.2.46-1.1-mdv2011.0.i586.rpm d9d76f9711fe8c91808550398c6fadb3 2011/SRPMS/libpng-1.2.46-1.1.src.rpm Mandriva Linux 2011/X86_64: 48f1307f1927a8136765c2b1c93e5e84 2011/x86_64/lib64png3-1.2.46-1.1-mdv2011.0.x86_64.rpm 60da8adfff64b0b0c505eacc211b8c7c 2011/x86_64/lib64png-devel-1.2.46-1.1-mdv2011.0.x86_64.rpm 9cf527b249680266e28d7fad6cb9840f 2011/x86_64/lib64png-static-devel-1.2.46-1.1-mdv2011.0.x86_64.rpm dc3b6304233dcd785178f26e6cae0916 2011/x86_64/libpng-source-1.2.46-1.1-mdv2011.0.x86_64.rpm d9d76f9711fe8c91808550398c6fadb3 2011/SRPMS/libpng-1.2.46-1.1.src.rpm Mandriva Enterprise Server 5: bd2f9ef883d4c7c650092136604c93d6 mes5/i586/libpng3-1.2.31-2.5mdvmes5.2.i586.rpm 03a50f86d3bec91252f194851ce97d37 mes5/i586/libpng-devel-1.2.31-2.5mdvmes5.2.i586.rpm f7dab6addec1e0961fd09ac145923b4d mes5/i586/libpng-source-1.2.31-2.5mdvmes5.2.i586.rpm 170753445a4511900ea260a65a27fc21 mes5/i586/libpng-static-devel-1.2.31-2.5mdvmes5.2.i586.rpm fe12ec7437628c735fb4e52a814d79b7 mes5/SRPMS/libpng-1.2.31-2.5mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 5c696961a091bcf67bc6715c96a14459 mes5/x86_64/lib64png3-1.2.31-2.5mdvmes5.2.x86_64.rpm 88eea8de1c1e4e43498dbffabfedf96a mes5/x86_64/lib64png-devel-1.2.31-2.5mdvmes5.2.x86_64.rpm 011fcf8505018f3aa3cd4a08289b80ff mes5/x86_64/lib64png-static-devel-1.2.31-2.5mdvmes5.2.x86_64.rpm 1ba894529af1775bf39e41f1b7726dc4 mes5/x86_64/libpng-source-1.2.31-2.5mdvmes5.2.x86_64.rpm fe12ec7437628c735fb4e52a814d79b7 mes5/SRPMS/libpng-1.2.31-2.5mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. This issue only affected Ubuntu 8.04 LTS

Trust: 2.7

sources: NVD: CVE-2011-3026 // CERT/CC: VU#849841 // VULHUB: VHN-59558 // VULHUB: VHN-50971 // PACKETSTORM: 109791 // PACKETSTORM: 109899 // PACKETSTORM: 118283 // PACKETSTORM: 116836 // PACKETSTORM: 114070 // PACKETSTORM: 109900 // PACKETSTORM: 109889 // PACKETSTORM: 116791 // PACKETSTORM: 110096 // PACKETSTORM: 109839

AFFECTED PRODUCTS

vendor:susemodel:linux enterprise serverscope:eqversion:11

Trust: 2.0

vendor:applemodel:mac os xscope:ltversion:10.7.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.7.0

Trust: 1.0

vendor:googlemodel:chromescope:ltversion:17.0.963.56

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:ltversion:10.7.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:gteversion:10.7.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.8

Trust: 1.0

vendor:opensusemodel:opensusescope:eqversion:11.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.8

Trust: 1.0

vendor:autonomymodel: - scope: - version: -

Trust: 0.8

vendor:camodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:emcmodel: - scope: - version: -

Trust: 0.8

vendor:hewlett packardmodel: - scope: - version: -

Trust: 0.8

vendor:hylandmodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:lotusmodel: - scope: - version: -

Trust: 0.8

vendor:mcafeemodel: - scope: - version: -

Trust: 0.8

vendor:nuancemodel: - scope: - version: -

Trust: 0.8

vendor:oraclemodel: - scope: - version: -

Trust: 0.8

vendor:palisademodel: - scope: - version: -

Trust: 0.8

vendor:proofpointmodel: - scope: - version: -

Trust: 0.8

vendor:symantecmodel: - scope: - version: -

Trust: 0.8

vendor:trend micromodel: - scope: - version: -

Trust: 0.8

vendor:trustwavemodel: - scope: - version: -

Trust: 0.8

vendor:vmwaremodel: - scope: - version: -

Trust: 0.8

vendor:verdasysmodel: - scope: - version: -

Trust: 0.8

vendor:websensemodel: - scope: - version: -

Trust: 0.8

vendor:googlemodel:chromescope:eqversion:10.0.648.12

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.23

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.13

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.122

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.11

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.32

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.28

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.26

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.10

Trust: 0.6

vendor:googlemodel:chromescope:eqversion:10.0.648.18

Trust: 0.6

sources: CERT/CC: VU#849841 // CNNVD: CNNVD-201202-339 // NVD: CVE-2011-3026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3026
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-6277
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201202-339
value: HIGH

Trust: 0.6

VULHUB: VHN-59558
value: HIGH

Trust: 0.1

VULHUB: VHN-50971
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3026
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2012-6277
severity: HIGH
baseScore: 10.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-59558
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-50971
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#849841 // VULHUB: VHN-59558 // VULHUB: VHN-50971 // CNNVD: CNNVD-201202-339 // NVD: CVE-2011-3026

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.1

problemtype:CWE-189

Trust: 0.1

sources: VULHUB: VHN-50971 // NVD: CVE-2011-3026

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 114070 // PACKETSTORM: 110096 // CNNVD: CNNVD-201202-339

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201202-339

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50971

PATCH

title:Google Chrome ‘libpng’ Fixes for integer overflow vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115290

Trust: 0.6

sources: CNNVD: CNNVD-201202-339

EXTERNAL IDS

db:NVDid:CVE-2011-3026

Trust: 2.8

db:SECUNIAid:49660

Trust: 1.7

db:SECUNIAid:48110

Trust: 1.7

db:SECUNIAid:48016

Trust: 1.7

db:SECUNIAid:51362

Trust: 1.0

db:CERT/CCid:VU#849841

Trust: 1.0

db:BIDid:56610

Trust: 0.9

db:SECTRACKid:1027799

Trust: 0.8

db:OSVDBid:87619

Trust: 0.8

db:CNNVDid:CNNVD-201202-339

Trust: 0.7

db:PACKETSTORMid:110263

Trust: 0.2

db:PACKETSTORMid:109900

Trust: 0.2

db:PACKETSTORMid:109791

Trust: 0.2

db:PACKETSTORMid:110096

Trust: 0.2

db:SECUNIAid:48089

Trust: 0.2

db:CNNVDid:CNNVD-201211-461

Trust: 0.1

db:VULHUBid:VHN-59558

Trust: 0.1

db:PACKETSTORMid:116792

Trust: 0.1

db:PACKETSTORMid:109836

Trust: 0.1

db:PACKETSTORMid:109898

Trust: 0.1

db:PACKETSTORMid:109833

Trust: 0.1

db:PACKETSTORMid:109838

Trust: 0.1

db:PACKETSTORMid:109835

Trust: 0.1

db:PACKETSTORMid:109897

Trust: 0.1

db:PACKETSTORMid:109967

Trust: 0.1

db:BIDid:52049

Trust: 0.1

db:VULHUBid:VHN-50971

Trust: 0.1

db:PACKETSTORMid:109899

Trust: 0.1

db:PACKETSTORMid:118283

Trust: 0.1

db:PACKETSTORMid:116836

Trust: 0.1

db:PACKETSTORMid:114070

Trust: 0.1

db:PACKETSTORMid:109889

Trust: 0.1

db:PACKETSTORMid:116791

Trust: 0.1

db:PACKETSTORMid:109839

Trust: 0.1

sources: CERT/CC: VU#849841 // VULHUB: VHN-59558 // VULHUB: VHN-50971 // PACKETSTORM: 109791 // PACKETSTORM: 109899 // PACKETSTORM: 118283 // PACKETSTORM: 116836 // PACKETSTORM: 110263 // PACKETSTORM: 114070 // PACKETSTORM: 109900 // PACKETSTORM: 109889 // PACKETSTORM: 116791 // PACKETSTORM: 110096 // PACKETSTORM: 109839 // CNNVD: CNNVD-201202-339 // NVD: CVE-2011-3026

REFERENCES

url:http://security.gentoo.org/glsa/glsa-201206-15.xml

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2012/sep/msg00003.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html

Trust: 1.7

url:http://code.google.com/p/chromium/issues/detail?id=112822

Trust: 1.7

url:http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

Trust: 1.7

url:http://support.apple.com/kb/ht5501

Trust: 1.7

url:http://support.apple.com/kb/ht5503

Trust: 1.7

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15032

Trust: 1.7

url:http://secunia.com/advisories/48016

Trust: 1.7

url:http://secunia.com/advisories/48110

Trust: 1.7

url:http://secunia.com/advisories/49660

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html

Trust: 1.7

url:http://www.securityfocus.com/bid/56610

Trust: 0.9

url:https://nvd.nist.gov/vuln/detail/cve-2011-3026

Trust: 0.9

url:http://www.autonomy.com/content/products/idol-modules-connectors/index.en.html

Trust: 0.8

url:http://www.autonomy.com/content/technology/idol-functionality-information-connectivity/index.en.html

Trust: 0.8

url:https://customers.autonomy.com

Trust: 0.8

url:http://support.microsoft.com/kb/2458544

Trust: 0.8

url:http://www.youtube.com/watch?v=28_lus_g0u4

Trust: 0.8

url:http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx

Trust: 0.8

url:http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx

Trust: 0.8

url:http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx

Trust: 0.8

url:http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121120_00

Trust: 0.8

url:http://securitytracker.com/id/1027799

Trust: 0.8

url:http://www.osvdb.org/show/osvdb/87619

Trust: 0.8

url:http://secunia.com/advisories/51362

Trust: 0.8

url:http://www.autonomy.com/content/news/releases/2004/0803a.en.html

Trust: 0.8

url:http://www.autonomy.com/content/news/releases/2008/0701.en.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2011-3048

Trust: 0.3

url:http://secunia.com/

Trust: 0.2

url:http://lists.grok.org.uk/full-disclosure-charter.html

Trust: 0.2

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1167

Trust: 0.2

url:http://support.apple.com/kb/ht1222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2834

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-1944

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:http://gpgtools.org

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-2821

Trust: 0.2

url:http://www.mandriva.com/security/

Trust: 0.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3026

Trust: 0.2

url:https://www.mozilla.org/security/announce/2012/mfsa2012-11.html

Trust: 0.2

url:http://www.mandriva.com/security/advisories

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2009-5063

Trust: 0.2

url:http://www.ubuntu.com/usn/usn-1367-1

Trust: 0.2

url:https://support.symantec.com/us/en/article.symsa1262.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=27482

Trust: 0.1

url:https://vulmon.com/vulnerabilitydetails?qid=cve-2012-6277

Trust: 0.1

url:https://www.energy.gov/cio/articles/v-118-ibm-lotus-domino-multiple-vulnerabilities

Trust: 0.1

url:https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-addressed-in-ibm-notes-9-0-cve-2011-3026-cve-2012-6349-cve-2012-6277/

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/849841/

Trust: 0.1

url:https://www.tenable.com/plugins/nessus/67192

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0452

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0445

Trust: 0.1

url:https://launchpad.net/bugs/923372,

Trust: 0.1

url:https://launchpad.net/bugs/933382

Trust: 0.1

url:https://launchpad.net/bugs/929964,

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0443

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1369-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0447

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0442

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/thunderbird/10.0.2+build1-0ubuntu0.11.10.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3659

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0449

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0444

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0446

Trust: 0.1

url:http://secunia.com/advisories/51362/

Trust: 0.1

url:http://www.kb.cert.org/vuls/id/849841

Trust: 0.1

url:http://secunia.com/advisories/51362/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=51362

Trust: 0.1

url:http://secunia.com/blog/325/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3591

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0682

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3919

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1173

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0683

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4599

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3726

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3722

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3590

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3592

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3725

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-3589

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3328

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3045

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3045

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3048

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2501

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2692

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2690

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2501

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3026

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-5063

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2690

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3464

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2691

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1367-4

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/xulrunner-1.9.2/1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1

Trust: 0.1

url:https://launchpad.net/bugs/934073

Trust: 0.1

url:http://secunia.com/advisories/48089/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48089

Trust: 0.1

url:http://www.rsaconference.com/events/2012/usa/index.htm

Trust: 0.1

url:http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/

Trust: 0.1

url:http://secunia.com/advisories/48089/

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3059

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3067

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3035

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3027

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3050

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3016

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3060

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3038

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2845

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3064

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3043

Trust: 0.1

url:http://www.freetype.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3041

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3032

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3040

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3044

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3037

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3053

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3034

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3042

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3039

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.15~beta5-3ubuntu0.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.42-1ubuntu2.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu0.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.46-3ubuntu1.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/libpng/1.2.44-1ubuntu3.2

Trust: 0.1

sources: CERT/CC: VU#849841 // VULHUB: VHN-59558 // VULHUB: VHN-50971 // PACKETSTORM: 109791 // PACKETSTORM: 109899 // PACKETSTORM: 118283 // PACKETSTORM: 116836 // PACKETSTORM: 110263 // PACKETSTORM: 114070 // PACKETSTORM: 109900 // PACKETSTORM: 109889 // PACKETSTORM: 116791 // PACKETSTORM: 110096 // PACKETSTORM: 109839 // CNNVD: CNNVD-201202-339 // NVD: CVE-2011-3026

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 109899 // PACKETSTORM: 109900 // PACKETSTORM: 109839

SOURCES

db:CERT/CCid:VU#849841
db:VULHUBid:VHN-59558
db:VULHUBid:VHN-50971
db:PACKETSTORMid:109791
db:PACKETSTORMid:109899
db:PACKETSTORMid:118283
db:PACKETSTORMid:116836
db:PACKETSTORMid:110263
db:PACKETSTORMid:114070
db:PACKETSTORMid:109900
db:PACKETSTORMid:109889
db:PACKETSTORMid:116791
db:PACKETSTORMid:110096
db:PACKETSTORMid:109839
db:CNNVDid:CNNVD-201202-339
db:NVDid:CVE-2011-3026

LAST UPDATE DATE

2024-12-22T20:19:26.026000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#849841date:2014-01-28T00:00:00
db:VULHUBid:VHN-59558date:2020-03-04T00:00:00
db:VULHUBid:VHN-50971date:2020-04-16T00:00:00
db:CNNVDid:CNNVD-201202-339date:2020-04-17T00:00:00
db:NVDid:CVE-2011-3026date:2024-11-21T01:29:31.643

SOURCES RELEASE DATE

db:CERT/CCid:VU#849841date:2012-11-20T00:00:00
db:VULHUBid:VHN-59558date:2020-02-21T00:00:00
db:VULHUBid:VHN-50971date:2012-02-16T00:00:00
db:PACKETSTORMid:109791date:2012-02-15T22:46:15
db:PACKETSTORMid:109899date:2012-02-18T03:05:45
db:PACKETSTORMid:118283date:2012-11-23T08:19:25
db:PACKETSTORMid:116836date:2012-09-25T06:55:46
db:PACKETSTORMid:110263date:2012-02-28T15:31:05
db:PACKETSTORMid:114070date:2012-06-22T20:23:59
db:PACKETSTORMid:109900date:2012-02-18T03:06:01
db:PACKETSTORMid:109889date:2012-02-17T06:43:10
db:PACKETSTORMid:116791date:2012-09-22T06:24:25
db:PACKETSTORMid:110096date:2012-02-23T05:06:20
db:PACKETSTORMid:109839date:2012-02-17T02:35:37
db:CNNVDid:CNNVD-201202-339date:2012-02-17T00:00:00
db:NVDid:CVE-2011-3026date:2012-02-16T20:55:04.083