VARIoT IoT vulnerabilities database

VAR-200707-0278 | CVE-2007-3786 | esoft of instagate ex2 utm Vulnerability in |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable software, stating that it was a custom build for a former customer. esoft of instagate ex2 utm Exists in unspecified vulnerabilities.None. A remote attacker can perform privileged operations like an administrator.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
eSoft InstaGate Cross-Site Request Forgery Vulnerability
SECUNIA ADVISORY ID:
SA26005
VERIFY ADVISORY:
http://secunia.com/advisories/26005/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
OPERATING SYSTEM:
eSoft InstaGate
http://secunia.com/product/14790/
DESCRIPTION:
Daniel Weber has reported a vulnerability in eSoft InstaGate, which
can be exploited by malicious people to conduct cross-site request
forgery attacks. This can be
exploited e.g. to change certain settings or to change the
administrator's password by enticing a logged-in administrator to
visit a malicious site.
The vulnerability is reported in eSoft InstaGate EX2. Other versions
may also be affected.
SOLUTION:
Update to firmware version 3.1.20070615 or later.
PROVIDED AND/OR DISCOVERED BY:
Daniel Weber, Calyptix Security
ORIGINAL ADVISORY:
http://labs.calyptix.com/CX-2007-05.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0241 | CVE-2007-3823 | IPSwitch WS_FTP of Logsrv.exe Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows remote attackers to cause a denial of service (daemon crash) by sending a crafted packet containing a long string to port 5151/udp. WS_FTP is prone to a denial-of-service vulnerability.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Ipswitch WS_FTP Server FTP Log Server Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA26040
VERIFY ADVISORY:
http://secunia.com/advisories/26040/
CRITICAL:
Moderately critical
IMPACT:
DoS
WHERE:
>From remote
SOFTWARE:
WS_FTP Server 6.x
http://secunia.com/product/14782/
DESCRIPTION:
Justin Seitz has discovered a vulnerability in Ipswitch WS_FTP
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
The vulnerability is caused due to an error within the FTP Log Server
(ftplogsrv.exe) when handling certain messages.
The vulnerability is confirmed in FTP Log Server (ftplogsrv.exe)
version 7.5.29.0 included in WS_FTP Server 6. Other versions may also
be affected.
SOLUTION:
Restrict network access to the affected service.
PROVIDED AND/OR DISCOVERED BY:
Justin Seitz, VDA Labs
ORIGINAL ADVISORY:
http://www.vdalabs.com/tools/ipswitch.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0285 | CVE-2007-3793 | JP1/NETM/DM Manager SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Multiple Hitachi JP1/NETM/DM Manager products are prone to an SQL-injection vulnerability because the applications fail to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Hitachi JP1/NETM/DM Manager SQL Injection Vulnerability
SECUNIA ADVISORY ID:
SA26052
VERIFY ADVISORY:
http://secunia.com/advisories/26052/
CRITICAL:
Less critical
IMPACT:
Manipulation of data
WHERE:
>From remote
SOFTWARE:
Hitachi JP1/NETM/DM Manager
http://secunia.com/product/14788/
DESCRIPTION:
A vulnerability has been reported in Hitachi JP1/NETM/DM Manager,
which can be exploited by malicious users to conduct SQL injection
attacks.
Unspecified input is not properly sanitised before being used in an
SQL query. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code.
SOLUTION:
Update to the latest version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS07-019_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0286 | CVE-2007-3794 | Multiple Hitachi Products GIF Image Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application. Multiple Hitachi products are prone to a buffer-overflow vulnerability because the applications fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Given the nature of this issue, successful exploits may lead to remote code execution, but this has not been confirmed.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerability is caused due to an boundary error within the
handling of GIF files and can be exploited to cause a buffer
overflow. No further information is currently available.
Please see vendor advisory for affected products and versions.
SOLUTION:
Update to the latest versions (please see vendor advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0276 | CVE-2007-3784 | Belkin G Plus Router DHCP Client List HTML Injection Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. The Belkin G Plus Router is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to execute HTML and script code in the context of the device, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.
Firmware version 4.05.03 is vulnerable; other versions may also be affected.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
Input passed via the hostname when listing DHCP clients is not
properly sanitised before being used. This can be exploited to
execute arbitrary HTML and script code in an administrator's browser
session in context of an affected interface.
SOLUTION:
List DHCP clients in a trusted network environment only.
PROVIDED AND/OR DISCOVERED BY:
Nico Leidecker, Portcullis Computer Security Ltd.
ORIGINAL ADVISORY:
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0033.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0291 | CVE-2007-3906 | Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in Kaspersky Anti-Virus for Check Point FireWall-1 before Critical Fix 1 (5.5.161.0) might allow attackers to cause a denial of service (kernel hang) via unspecified vectors. NOTE: it is not clear whether there is an attacker role. Kaspersky Anti-Virus 5.5 for Check Point Firewall-1 is prone to a denial-of-service vulnerability. Further details are currently unavailable.
This issue affects Kaspersky Anti-Virus 5.5 for Check Point Firewall-1.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
SOLUTION:
Apply Critical Fix-1 (Build 5.5.161.0).
http://www.kaspersky.com/productupdates?chapter=146274607
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://support.kaspersky.com/checkpoint?qid=208279464
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200710-0500 | CVE-2007-3699 | Symantec Product Decomposer Service disruption in components (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. This vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability.The specific flaw resides in a forged PACK_SIZE field of a RAR file header. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability. Symantec AntiVirus is a very popular antivirus solution.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Symantec Products CAB and RAR Archive Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA26053
VERIFY ADVISORY:
http://secunia.com/advisories/26053/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 5400 Series 2.x
http://secunia.com/product/6633/
Symantec Gateway Security 5000 Series 3.x
http://secunia.com/product/6648/
SOFTWARE:
Symantec Web Security 3.x
http://secunia.com/product/2813/
Symantec Scan Engine 5.x
http://secunia.com/product/6651/
Symantec Mail Security for SMTP 5.x
http://secunia.com/product/13591/
Symantec Mail Security for Microsoft Exchange 6.x
http://secunia.com/product/14765/
Symantec Mail Security for Microsoft Exchange 5.x
http://secunia.com/product/6650/
Symantec Mail Security for Exchange 4.x
http://secunia.com/product/2820/
Symantec Mail Security for Domino 5.x
http://secunia.com/product/11179/
Symantec Mail Security for Domino 4.x
http://secunia.com/product/4624/
Symantec Client Security 3.x
http://secunia.com/product/6649/
Symantec Client Security 2.x
http://secunia.com/product/3478/
Symantec Brightmail AntiSpam 6.x
http://secunia.com/product/3656/
Symantec Brightmail AntiSpam 5.x
http://secunia.com/product/4628/
Symantec Brightmail AntiSpam 4.x
http://secunia.com/product/4627/
Symantec AntiVirus/Filtering for Domino 3.x
http://secunia.com/product/2029/
Symantec AntiVirus Scan Engine 4.x
http://secunia.com/product/3040/
Symantec AntiVirus for Network Attached Storage 4.x
http://secunia.com/product/4625/
Symantec AntiVirus for Macintosh 10.x
http://secunia.com/product/14768/
Symantec AntiVirus Corporate Edition for Linux
http://secunia.com/product/14767/
Symantec AntiVirus Corporate Edition 9.x
http://secunia.com/product/3549/
Symantec AntiVirus Corporate Edition 10.x
http://secunia.com/product/5555/
Symantec Norton AntiVirus 2004
http://secunia.com/product/2800/
Symantec Norton AntiVirus 2005
http://secunia.com/product/4009/
Symantec Norton AntiVirus 2006
http://secunia.com/product/6634/
Symantec Norton Internet Security 2004
http://secunia.com/product/2441/
Symantec Norton Internet Security 2004 Professional
http://secunia.com/product/2442/
Symantec Norton Internet Security 2005
http://secunia.com/product/4848/
Symantec Norton Internet Security 2006
http://secunia.com/product/6635/
Symantec Norton SystemWorks 2004
http://secunia.com/product/2796/
Symantec Norton SystemWorks 2005
http://secunia.com/product/4847/
Symantec Norton SystemWorks 2006
http://secunia.com/product/6636/
Symantec Norton Personal Firewall 2006
http://secunia.com/product/6638/
Symantec Norton AntiVirus for Macintosh 9.x
http://secunia.com/product/5948/
Symantec Norton AntiVirus for Macintosh 10.x
http://secunia.com/product/5949/
Symantec Norton Internet Security for Macintosh 3.x
http://secunia.com/product/5951/
Symantec Norton SystemWorks for Macintosh 3.x
http://secunia.com/product/5952/
DESCRIPTION:
Two vulnerabilities have been reported in various Symantec products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
The vulnerabilities are reported in the following products and
versions:
* Symantec Mail Security 8200 (all builds)
* Symantec Mail Security for Microsoft Exchange versions 4.6.3 and
prior, 5.0.0.204, and 6.0.0 (all builds)
* Symantec Mail Security for Domino NT versions 4.1.4 and prior and
5.0.0.47 (all builds)
* Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris)
versions 3.0.12 and prior (all builds)
* Symantec Scan Engine version 5.0.1 and prior (all builds)
* Symantec AntiVirus Scan Engine versions 4.1.8 and prior and 4.3.12
and prior (all builds)
* Symantec AntiVirus Scan Engine for MS ISA versions 4.3.12 and prior
(all builds)
* Symantec AntiVirus Scan Engine for MS Sharepoint versions 4.3.12
and prior (all builds)
* Symantec AntiVirus Scan Engine for Messaging versions 4.3.12 and
prior (all builds)
* Symantec AntiVirus for Network Attached Storage versions 4.3.12 and
prior (all builds)
* Symantec AntiVirus Scan Engine for Clearswift versions 4.3.12 and
prior (all builds)
* Symantec AntiVirus Scan Engine for Caching versions 4.3.12 and
prior (all builds)
* Symantec Client Security versions 3.0, 3.x, and 2.x (all builds)
* Symantec Web Security versions 3.0.1.76 and prior (all builds)
* Symantec Gateway Security 5000 Series version 3.01 (all builds)
* Symantec Gateway Security 5400 Series version 2.0.1 (all builds)
* Symantec Brightmail AntiSpam versions 6.0.x, 5.5, and 4.x (all
builds)
* Symantec AntiVirus Corporate Edition versions 10.1, 10.0, and 9.0
(10.1.5.5000 and prior and 9.0.6.1000 and prior)
* Symantec AntiVirus Corperate Edition for Linux
* Symantec AntiVirus for Macintosh version 10.x (all builds)
* Symantec Web Security for Microsoft ISA 2004 version 5.0 (all
builds)
* Symantec Mail Security for SMTP version 5.0.0
(Windows/Linux/Solaris) and 5.0.1 (all builds)
* Norton AntiVirus 2004/2005/2006
* Norton Internet Security 2004/2005/2005.5 AntiSpyware Edition/2006
* Norton SystemWorks 2004/2005/2006
* Norton Personal Firewall 2006
* Norton AntiVirus for Macintosh versions 9.x and 10.x
* Norton Internet Security for Macintosh version 3.x
* Norton SystemWorks for Macintosh version 3.x
SOLUTION:
Apply updates or run LiveUpdate. Please see the vendor's advisory for
details.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-039.html
July 12, 2007
-- CVE ID:
CVE-2007-3699
-- Affected Vendor:
Symantec
-- Affected Products:
Symantec AntiVirus Engine
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since November 20, 2006 by Digital Vaccine protection
filter ID 4695,4824. Authentication is not required to exploit this
vulnerability.
-- Vendor Response:
Symantec has issued an update to correct this vulnerability. More
details can be found at:
http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
-- Disclosure Timeline:
2006.11.01 - Vulnerability reported to vendor
2006.11.20 - Digital Vaccine released to TippingPoint customers
2007.07.12 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product.
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
VAR-200710-0007 | CVE-2007-0447 | Symantec Product Decomposer Component heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. User interaction is not required to exploit this vulnerability.The specific flaw exists during the process of scanning multiple maliciously formatted CAB archives. The parsing routine implicitly trusts certain user-supplied values that can result in an exploitable heap corruption. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability. Symantec AntiVirus is a very popular antivirus solution.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Symantec Products CAB and RAR Archive Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA26053
VERIFY ADVISORY:
http://secunia.com/advisories/26053/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
>From remote
OPERATING SYSTEM:
Symantec Gateway Security 5400 Series 2.x
http://secunia.com/product/6633/
Symantec Gateway Security 5000 Series 3.x
http://secunia.com/product/6648/
SOFTWARE:
Symantec Web Security 3.x
http://secunia.com/product/2813/
Symantec Scan Engine 5.x
http://secunia.com/product/6651/
Symantec Mail Security for SMTP 5.x
http://secunia.com/product/13591/
Symantec Mail Security for Microsoft Exchange 6.x
http://secunia.com/product/14765/
Symantec Mail Security for Microsoft Exchange 5.x
http://secunia.com/product/6650/
Symantec Mail Security for Exchange 4.x
http://secunia.com/product/2820/
Symantec Mail Security for Domino 5.x
http://secunia.com/product/11179/
Symantec Mail Security for Domino 4.x
http://secunia.com/product/4624/
Symantec Client Security 3.x
http://secunia.com/product/6649/
Symantec Client Security 2.x
http://secunia.com/product/3478/
Symantec Brightmail AntiSpam 6.x
http://secunia.com/product/3656/
Symantec Brightmail AntiSpam 5.x
http://secunia.com/product/4628/
Symantec Brightmail AntiSpam 4.x
http://secunia.com/product/4627/
Symantec AntiVirus/Filtering for Domino 3.x
http://secunia.com/product/2029/
Symantec AntiVirus Scan Engine 4.x
http://secunia.com/product/3040/
Symantec AntiVirus for Network Attached Storage 4.x
http://secunia.com/product/4625/
Symantec AntiVirus for Macintosh 10.x
http://secunia.com/product/14768/
Symantec AntiVirus Corporate Edition for Linux
http://secunia.com/product/14767/
Symantec AntiVirus Corporate Edition 9.x
http://secunia.com/product/3549/
Symantec AntiVirus Corporate Edition 10.x
http://secunia.com/product/5555/
Symantec Norton AntiVirus 2004
http://secunia.com/product/2800/
Symantec Norton AntiVirus 2005
http://secunia.com/product/4009/
Symantec Norton AntiVirus 2006
http://secunia.com/product/6634/
Symantec Norton Internet Security 2004
http://secunia.com/product/2441/
Symantec Norton Internet Security 2004 Professional
http://secunia.com/product/2442/
Symantec Norton Internet Security 2005
http://secunia.com/product/4848/
Symantec Norton Internet Security 2006
http://secunia.com/product/6635/
Symantec Norton SystemWorks 2004
http://secunia.com/product/2796/
Symantec Norton SystemWorks 2005
http://secunia.com/product/4847/
Symantec Norton SystemWorks 2006
http://secunia.com/product/6636/
Symantec Norton Personal Firewall 2006
http://secunia.com/product/6638/
Symantec Norton AntiVirus for Macintosh 9.x
http://secunia.com/product/5948/
Symantec Norton AntiVirus for Macintosh 10.x
http://secunia.com/product/5949/
Symantec Norton Internet Security for Macintosh 3.x
http://secunia.com/product/5951/
Symantec Norton SystemWorks for Macintosh 3.x
http://secunia.com/product/5952/
DESCRIPTION:
Two vulnerabilities have been reported in various Symantec products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
The vulnerabilities are reported in the following products and
versions:
* Symantec Mail Security 8200 (all builds)
* Symantec Mail Security for Microsoft Exchange versions 4.6.3 and
prior, 5.0.0.204, and 6.0.0 (all builds)
* Symantec Mail Security for Domino NT versions 4.1.4 and prior and
5.0.0.47 (all builds)
* Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris)
versions 3.0.12 and prior (all builds)
* Symantec Scan Engine version 5.0.1 and prior (all builds)
* Symantec AntiVirus Scan Engine versions 4.1.8 and prior and 4.3.12
and prior (all builds)
* Symantec AntiVirus Scan Engine for MS ISA versions 4.3.12 and prior
(all builds)
* Symantec AntiVirus Scan Engine for MS Sharepoint versions 4.3.12
and prior (all builds)
* Symantec AntiVirus Scan Engine for Messaging versions 4.3.12 and
prior (all builds)
* Symantec AntiVirus for Network Attached Storage versions 4.3.12 and
prior (all builds)
* Symantec AntiVirus Scan Engine for Clearswift versions 4.3.12 and
prior (all builds)
* Symantec AntiVirus Scan Engine for Caching versions 4.3.12 and
prior (all builds)
* Symantec Client Security versions 3.0, 3.x, and 2.x (all builds)
* Symantec Web Security versions 3.0.1.76 and prior (all builds)
* Symantec Gateway Security 5000 Series version 3.01 (all builds)
* Symantec Gateway Security 5400 Series version 2.0.1 (all builds)
* Symantec Brightmail AntiSpam versions 6.0.x, 5.5, and 4.x (all
builds)
* Symantec AntiVirus Corporate Edition versions 10.1, 10.0, and 9.0
(10.1.5.5000 and prior and 9.0.6.1000 and prior)
* Symantec AntiVirus Corperate Edition for Linux
* Symantec AntiVirus for Macintosh version 10.x (all builds)
* Symantec Web Security for Microsoft ISA 2004 version 5.0 (all
builds)
* Symantec Mail Security for SMTP version 5.0.0
(Windows/Linux/Solaris) and 5.0.1 (all builds)
* Norton AntiVirus 2004/2005/2006
* Norton Internet Security 2004/2005/2005.5 AntiSpyware Edition/2006
* Norton SystemWorks 2004/2005/2006
* Norton Personal Firewall 2006
* Norton AntiVirus for Macintosh versions 9.x and 10.x
* Norton Internet Security for Macintosh version 3.x
* Norton SystemWorks for Macintosh version 3.x
SOLUTION:
Apply updates or run LiveUpdate. Please see the vendor's advisory for
details.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-040.html
July 12, 2007
-- CVE ID:
CVE-2007-0447
-- Affected Vendor:
Symantec
-- Affected Products:
Symantec AntiVirus Engine
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since November 30, 2006 by Digital Vaccine protection
filter ID 4875.
-- Vendor Response:
Symantec has issued an update to correct this vulnerability. More
details can be found at:
http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
-- Disclosure Timeline:
2006.11.09 - Vulnerability reported to vendor
2006.11.30 - Digital Vaccine released to TippingPoint customers
2007.07.12 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by an anonymous researcher.
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, a division of 3Com, The Zero Day Initiative
(ZDI) represents a best-of-breed model for rewarding security
researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used.
3Com does not re-sell the vulnerability details or any exploit code.
Instead, upon notifying the affected product vendor, 3Com provides its
customers with zero day protection through its intrusion prevention
technology. Explicit details regarding the specifics of the
vulnerability are not exposed to any parties until an official vendor
patch is publicly available. Furthermore, with the altruistic aim of
helping to secure a broader user base, 3Com provides this vulnerability
information confidentially to security vendors (including competitors)
who have a vulnerability protection or mitigation product.
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is being sent by 3Com for the sole use of the intended recipient(s) and
may contain confidential, proprietary and/or privileged information.
Any unauthorized review, use, disclosure and/or distribution by any
recipient is prohibited. If you are not the intended recipient, please
delete and/or destroy all copies of this message regardless of form and
any included attachments and notify 3Com immediately by contacting the
sender via reply e-mail or forwarding to 3Com at postmaster@3com.com
VAR-200707-0218 | CVE-2007-3800 | Symantec AntiVirus Corporate Edition and Client Security of RTVScan Vulnerability gained privileges in components |
CVSS V2: 6.0 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
A local attacker can exploit this issue to elevate privileges to the SYSTEM level. This could facilitate a complete compromise of the affected computer. Symantec AntiVirus is a very popular antivirus solution. There is a loophole in Symantec AntiVirus processing log display. If this feature is enabled, local non-privileged users can use this window to gain system and privileges and execute arbitrary commands in the system.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerability is caused due to an error in the Real-Time scanner
(RTVScan) component when displaying a notification window containing
information on threats found on a system. This can be exploited to
execute arbitrary code with SYSTEM privileges.
http://www.symantec.com/enterprise/support/all_products.jsp
Symantec AntiVirus Corporate Edition 9.0:
SAV 9.0.6 MR6 MP1- build 1100 or later
Symantec AntiVirus Corporate Edition 10.0/10.1:
10.1.4 MR4 MP1- build 4010 or later
Symantec Client Security 2.0:
SCS 2.0.6 MR6 MP1 - build 1100 or later
Symantec Client Security 3.0/3.1:
SCS 3.1.4 MR4 MP1 - build 4010 or later
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Ali Rhabar, Sysdream.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0339 | CVE-2006-5278 | CUCM of RIS Data Collector Service integer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Two Vulnerabilities
SECUNIA ADVISORY ID:
SA26043
VERIFY ADVISORY:
http://secunia.com/advisories/26043/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
Cisco Unified CallManager 5.x
http://secunia.com/product/12535/
Cisco Unified CallManager 4.x
http://secunia.com/product/12534/
Cisco Unified CallManager 3.x
http://secunia.com/product/2805/
Cisco Unified Communications Manager 5.x
http://secunia.com/product/11019/
Cisco Unified Communications Manager 4.x
http://secunia.com/product/5363/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Unified
Communications Manager (CUCM), which can be exploited by malicious
people to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system.
1) An off-by-one error in the Certificate Trust List Provider service
(CTLProvider.exe) can be exploited to cause a heap-based buffer
overflow by sending specially crafted packets to the vulnerable
service (default port 2444/TCP).
Note: This vulnerability does not affect CUCM 3.x.
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Apply updated versions:
Vulnerability #1 is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2,
4.3(1)SR1 and 5.1(2).
Vulnerability #2 is corrected in CUCM versions 3.3(5)SR2b, 4.1(3)SR5,
4.2(3)SR2, 4.3(1)SR1 and 5.1(2).
See vendor advisory for a detailed patch matrix.
PROVIDED AND/OR DISCOVERED BY:
IBM Internet Security Systems X-Force
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
IBM Internet Security Systems:
1) http://www.iss.net/threats/270.html
2) http://www.iss.net/threats/271.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0297 | CVE-2007-3771 | Symantec AntiVirus Corporate Edition and Client Security Vulnerable to stack-based buffer overflow |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error. This issue occurs because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to cause denial-of-service conditions.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerability is caused due to an error within the Internet Email
Auto-Protect feature when scanning outgoing email messages. This can
be exploited to cause a stack overflow via an email message
containing an overly long (greater than 951 characters) string in the
"To:", "From:", or "Subject" fields.
Successful exploitation crashes the Internet E-mail real-time
protection service and results in subsequent outgoing SMTP email
messages not being scanned.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0301 | CVE-2007-3775 | CUCM Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985.
To exploit this issue, an attacker must have administrative access.
Attackers may exploit these issues to gain access to sensitive information or to cause denial-of-service conditions.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerabilities are caused due to unspecified errors and can be
exploited by an unauthorized administrator to e.g. activate and
terminate system services or to view SNMP configuration information
in a CUCM/CUPS cluster environment.
CUCM 5.0/5.1:
Update to CUCM 5.1(2a) -
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2
CUPS 1.0:
Upgrade to CUPS 6.0(1) -
http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2
Version 1.0 is reportedly discontinued. The vendor recommends users
to upgrade to version 6.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0302 | CVE-2007-3776 | CUCM Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
To exploit this issue, an attacker must have administrative access.
Attackers may exploit these issues to gain access to sensitive information or to cause denial-of-service conditions.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerabilities are caused due to unspecified errors and can be
exploited by an unauthorized administrator to e.g. activate and
terminate system services or to view SNMP configuration information
in a CUCM/CUPS cluster environment.
CUCM 5.0/5.1:
Update to CUCM 5.1(2a) -
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2
CUPS 1.0:
Upgrade to CUPS 6.0(1) -
http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2
Version 1.0 is reportedly discontinued. The vendor recommends users
to upgrade to version 6.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0338 | CVE-2006-5277 | CUCM of CTL Provider Vulnerability in arbitrary code execution in service |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. Cisco Unified Communications Manager is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions. A single-byte overflow vulnerability exists in the CTLProvider.exe and RisDC.exe service components of CUCM, which could be exploited by a remote attacker to render the device unusable or take control of the affected system.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Two Vulnerabilities
SECUNIA ADVISORY ID:
SA26043
VERIFY ADVISORY:
http://secunia.com/advisories/26043/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
Cisco Unified CallManager 5.x
http://secunia.com/product/12535/
Cisco Unified CallManager 4.x
http://secunia.com/product/12534/
Cisco Unified CallManager 3.x
http://secunia.com/product/2805/
Cisco Unified Communications Manager 5.x
http://secunia.com/product/11019/
Cisco Unified Communications Manager 4.x
http://secunia.com/product/5363/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Unified
Communications Manager (CUCM), which can be exploited by malicious
people to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system.
Note: This vulnerability does not affect CUCM 3.x.
2) An integer overflow error in the Real-Time Information Server
(RIS) Data Collector service (RisDC.exe) can be exploited to cause a
heap-based buffer overflow by sending specially crafted packets to
the vulnerable service (default port 2556/TCP).
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Apply updated versions:
Vulnerability #1 is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2,
4.3(1)SR1 and 5.1(2).
Vulnerability #2 is corrected in CUCM versions 3.3(5)SR2b, 4.1(3)SR5,
4.2(3)SR2, 4.3(1)SR1 and 5.1(2).
See vendor advisory for a detailed patch matrix.
PROVIDED AND/OR DISCOVERED BY:
IBM Internet Security Systems X-Force
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
IBM Internet Security Systems:
1) http://www.iss.net/threats/270.html
2) http://www.iss.net/threats/271.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0450 | CVE-2007-3673 | Symantec AntiVirus Corporate Edition Etc. Symantec symtdi.sys Vulnerability gained in |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. Applications running the SYMTDI.SYS device driver are prone to a privilege-escalation vulnerability because the driver fails to adequately sanitize user-supplied input.
Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will completely compromise affected computers. Failed exploit attempts will likely cause the computer to crash. Symantec AntiVirus is a very popular antivirus solution. instruction. Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability
iDefense Security Advisory 07.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 11, 2007
I. BACKGROUND
Symantec has a wide range of Anti-Virus and Internet Security products
that are designed to protect users from viruses and other harmful
software. More information can be found on the Symantec site at the
following URL.
http://www.symantec.com/
II.
The vulnerability specifically exists due to improper address space
validation when the \\symTDI\ device driver processes IOCTL 0x83022323.
An attacker can overwrite an arbitrary address, including code segments,
with a constant double word value by supplying a specially crafted Irp
to the IOCTL handler function.
III. ANALYSIS
Exploitation allows an attacker to obtain elevated privileges by
exploiting a kernel-mode driver. This could allow the attacker to gain
complete control of the affected system.
Note that since the attacker can only overwrite with a constant
double-word value, exploitation is not completely straight forward.
However, this does not significantly impact the difficulty of
exploitation since code segments can be overwritten within the kernel.
IV. DETECTION
iDefense confirmed this vulnerability in version 5.5.1.6 of Symantec's
symtdi.sys device driver as included with version 10 of Symantec
AntiVirus Corporate Edition. Previous versions and related products
that contain the affected driver are suspected vulnerable.
V. WORKAROUND
iDefense is currently unaware of any effective workaround for this
issue.
VI. VENDOR RESPONSE
Symantec has addressed this vulnerability by releasing updated versions
of the SymTDI.sys device driver. The updated driver has been made
available via LiveUpdate. For more information consult Symantec's
advisory at the following URL.
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-3673 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
01/10/2007 Initial vendor notification
01/11/2007 Initial vendor response
07/11/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Zohiartze Herce.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright © 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications. Please see the vendor's advisory for
details.
PROVIDED AND/OR DISCOVERED BY:
Zohiartze Herce, reported via iDefense Labs.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0545 | CVE-2007-2392 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
5) A design error exists in QuickTime for Java, which can be
exploited to disable security checks and execute arbitrary code when
a user visits a web site containing a specially crafted Java applet.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory. This can be exploited to execute arbitrary
code when a user visits a web site containing a specially crafted
Java applet.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0549 | CVE-2007-2397 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0548 | CVE-2007-2396 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime of JDirect Is invalid due to a lack of interface.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0550 | CVE-2007-2402 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
5) A design error exists in QuickTime for Java, which can be
exploited to disable security checks and execute arbitrary code when
a user visits a web site containing a specially crafted Java applet.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory. This can be exploited to execute arbitrary
code when a user visits a web site containing a specially crafted
Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0546 | CVE-2007-2393 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet. This can be exploited to execute arbitrary
code when a user visits a web site containing a specially crafted
Java applet.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----