Опубликовано 14 ноября, 200817 г Автор очередное обновление Firefox 2 и 3 ---------------------------------------------------------------------- TITLE: Mozilla Firefox 2 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32693 VERIFY ADVISORY: http://secunia.com/advisories/32693/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/advisories/product/12434/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. 1) An error in the processing of ".url" shortcuts can be exploited to obtain sensitive information from the local cache. For more information: SA32192 2) An error in the handling of HTTP redirect requests can be exploited to bypass the same-origin policy and access sensitive information from another domain. 3) An error exists when testing if a Flash module is dynamically unloaded. This can be exploited to dereference memory no longer mapped to the Flash module via an SWF file that dynamically unloads itself from an outside JavaScript function. 4) An error when locking a non-native object can be exploited to cause a crash via a web page assigning a specially crafted value to the "window.__proto__.__proto__" object. 5) An error in the browser engine can be exploited to cause a memory corruption. 6) Two errors in the JavaScript engine can be exploited to cause memory corruptions. Successful exploitation of vulnerabilities #3-#6 may allow execution of arbitrary code. 7) An error in the browser's restore feature can be exploited to violate the same-origin policy and run arbitrary JavaScript code in the context of another site. NOTE: The vulnerability can also be exploited to execute arbitrary JavaScript code with chrome privileges. 8) An error in the processing of the "http-index-format" MIME type can be exploited to execute arbitrary code via a specially crafted 200 header line included in an HTTP index response. 9) An error in the DOM constructing code can be exploited to dereference uninitialized memory and potentially execute arbitrary code by modifying certain properties of a file input element before the element has finished initializing. 10) An error in the implementation of the "nsXMLHttpRequest::NotifyEventListeners()" method can be exploited to execute arbitrary JavaScript code in the context of another site. 11) An error when handling the "-moz-binding" CSS property can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. 12) An error exists when parsing the default XML namespace of an E4X document. This can be exploited to inject arbitrary XML code via a specially crafted namespace containing quote characters. The vulnerabilities are reported in versions prior to 2.0.0.18. SOLUTION: Update to version 2.0.0.18. http://www.mozilla.com/en-US/firefox/all-older.html PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Liu Die Yu of TopsecTianRongXin 2) Georgi Guninski, Michal Zalewski, and Chris Evans 3) an anonymous researcher, reported via ZDI 4) Jesse Ruderman 5) Daniel Veditz 6) Bob Clary and Joachim Kuebart 7) David Bloom and moz_bug_r_a4 8) Justin Schuh of IBM X-Force 9) ling and wushi of team509, reported via ZDI 10) moz_bug_r_a4 11) Collin Jackson 12) Chris Evans ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2...fsa2008-47.html http://www.mozilla.org/security/announce/2...fsa2008-48.html http://www.mozilla.org/security/announce/2...fsa2008-49.html http://www.mozilla.org/security/announce/2...fsa2008-50.html http://www.mozilla.org/security/announce/2...fsa2008-52.html http://www.mozilla.org/security/announce/2...fsa2008-53.html http://www.mozilla.org/security/announce/2...fsa2008-54.html http://www.mozilla.org/security/announce/2...fsa2008-55.html http://www.mozilla.org/security/announce/2...fsa2008-56.html http://www.mozilla.org/security/announce/2...fsa2008-57.html http://www.mozilla.org/security/announce/2...fsa2008-58.html OTHER REFERENCES: SA32192: http://secunia.com/advisories/32192/ ---------------------------------------------------------------------- ---------------------------------------------------------------------- TITLE: Mozilla Firefox 3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32713 VERIFY ADVISORY: http://secunia.com/advisories/32713/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of system information, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Mozilla Firefox 3.x http://secunia.com/advisories/product/19089/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system. 1) An error when processing "file:" URIs can be exploited to execute arbitrary JavaScript code with chrome privileges by tricking a user into opening a malicious local file in a tab previously opened for a "chrome:" document or a privileged "about:" URI. 2) Various errors in the layout engine can be exploited to cause memory corruptions and potentially execute arbitrary code. 3) An error in the browser engine can be exploited to cause a crash. For more information see vulnerability #5 in: SA32693 4) An error in the JavaScript engine can be exploited to cause a memory corruption and potentially execute arbitrary code. 5) An error in the browser's restore feature can be exploited to violate the same-origin policy. For more information see vulnerability #7 in: SA32693 6) An error in the processing of the "http-index-format" MIME type can be exploited to execute arbitrary code. For more information see vulnerability #8 in: SA32693 7) An error in the DOM constructing code can be exploited to dereference uninitialized memory and potentially execute arbitrary code: For more information see vulnerability #9 in: SA32693 8) An error in "nsXMLHttpRequest::NotifyEventListeners()" can be exploited to bypass certain security restrictions. For more information see vulnerability #10 in: SA32693 9) An error can be exploited to manipulate signed JAR files and execute arbitrary JavaScript code in the context of another site. For more information see vulnerability #11 in: SA32693 10) An error exists when parsing E4X documents can be exploited to inject arbitrary XML code. For more information see vulnerability #12 in: SA32693 The vulnerabilities are reported in versions prior to 3.0.4. SOLUTION: Update to version 3.0.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Luke Bryan 2) Jesse Ruderman and Martijn Wargers 3) Daniel Veditz 4) Joachim Kuebart 5) David Bloom and moz_bug_r_a4 6) Justin Schuh of IBM X-Force 7) ling and wushi of team509, reported via ZDI 8) moz_bug_r_a4 9) Collin Jackson 10) Chris Evans ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2...fsa2008-51.html http://www.mozilla.org/security/announce/2...fsa2008-52.html http://www.mozilla.org/security/announce/2...fsa2008-53.html http://www.mozilla.org/security/announce/2...fsa2008-54.html http://www.mozilla.org/security/announce/2...fsa2008-55.html http://www.mozilla.org/security/announce/2...fsa2008-56.html http://www.mozilla.org/security/announce/2...fsa2008-57.html http://www.mozilla.org/security/announce/2...fsa2008-58.html OTHER REFERENCES: SA32693: http://secunia.com/advisories/32693/ ----------------------------------------------------------------------
Опубликовано 4 декабря, 200817 г Автор а вот очередная статистика от Secunia :smile3: _ttp://www.securitylab.ru/news/364079.php Датская компания Secunia опубликовала в своем блоге очередные статистические данные, собранные в ходе сканирований с помощью Personal Security Inspector (PSI) за 7 ней. Для сбора статистики использовались только новые пользователи, которые в течении 7 дней скачали PSI и просканировали свои системы. Следующие данные собраны с 20 000 различных систем: Количество небезопасных приложений Количество систем/пользователей 0 1.91% 1-5 30.27% 6-10 25.07% >11 45.76% Под небезопасными приложениями понимается, что для используемого приложения существует уязвимость и производитель выпустил исправление, которое не было установлено на системе. Таким образом, в 98 из 100 систем, подключенных к Интернет, используются уязвимые приложения, которыми сможет воспользоваться потенциальный злоумышленник для получения контроля над системой пользователя. Эксперты Secunia считают, что реальное количество уязвимых систем значительно больше, т.к. только тот факт, что пользователь установил и просканировал свою систему говорит о его осведомленности и стремлению к обеспечению безопасности.
Опубликовано 10 декабря, 200817 г Автор ну вот снова пора обновлять Windows - _ttp://www.securitylab.ru/vulnerability/364509.php _ttp://www.securitylab.ru/vulnerability/364500.php _ttp://www.securitylab.ru/vulnerability/364497.php _ttp://www.securitylab.ru/vulnerability/364496.php _ttp://www.securitylab.ru/vulnerability/364490.php плюс кое-что, от чего нет патчей - _ttp://www.securitylab.ru/vulnerability/364502.php и 0-day эксплойт для MS IE7(_ttp://isc.sans.org/diary.html?n&storyid=5458) ---------------------------------------------------------------------- TITLE: Microsoft Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31593 VERIFY ADVISORY: http://secunia.com/advisories/31593/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Microsoft Open XML File Format Converter for Mac http://secunia.com/advisories/product/20148/ Microsoft Office Excel Viewer 2007 http://secunia.com/advisories/product/19210/ Microsoft Office Excel Viewer 2003 http://secunia.com/advisories/product/7700/ Microsoft Office Excel 2007 http://secunia.com/advisories/product/14161/ Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats http://secunia.com/advisories/product/14165/ Microsoft Office 2008 for Mac http://secunia.com/advisories/product/17922/ Microsoft Office 2004 for Mac http://secunia.com/advisories/product/8713/ Microsoft Excel 2003 http://secunia.com/advisories/product/4970/ Microsoft Excel 2002 http://secunia.com/advisories/product/4043/ Microsoft Excel 2000 http://secunia.com/advisories/product/3054/ Microsoft Office 2000 http://secunia.com/advisories/product/24/ Microsoft Office 2003 Professional Edition http://secunia.com/advisories/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/advisories/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/advisories/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/advisories/product/2278/ Microsoft Office 2007 http://secunia.com/advisories/product/13228/ Microsoft Office XP http://secunia.com/advisories/product/23/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. 1) An error while validating an index value in a NAME record can be exploited to corrupt memory via a specially crafted Excel Spreadsheet (XLS) file. 2) An unspecified error in the processing of Excel records can be exploited to corrupt memory via a specially crafted XLS file. 3) An unspecified error in the processing of Excel formulas can be exploited to corrupt memory via a specially crafted XLS file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. ---------------------------------------------------------------------- TITLE: Microsoft Windows Media Products Two Vulnerabilities SECUNIA ADVISORY ID: SA33058 VERIFY ADVISORY: http://secunia.com/advisories/33058/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, System access WHERE: From remote SOFTWARE: Microsoft Windows Media Services 9.x http://secunia.com/advisories/product/16900/ Microsoft Windows Media Services 2008 http://secunia.com/advisories/product/20710/ Microsoft Windows Media Player 6.x http://secunia.com/advisories/product/539/ Microsoft Windows Media Format Runtime 9.x http://secunia.com/advisories/product/16898/ Microsoft Windows Media Format Runtime 7.x http://secunia.com/advisories/product/16897/ Microsoft Windows Media Format Runtime 11.x http://secunia.com/advisories/product/16899/ Microsoft Windows Media Services 4.x http://secunia.com/advisories/product/1773/ DESCRIPTION: Two vulnerabilities have been reported in several Microsoft Windows Media products, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system. 1) An error within the Service Principal Name (SPN) implementation when handling NTLM credentials can be exploited to gain access with the privileges of a target user via replay attacks. 2) An error when handling ISATAP URLs can be exploited to disclose NTLM credentials and gain access with the privileges of a target user via replay attacks. SOLUTION: Apply patches. ---------------------------------------------------------------------- TITLE: Microsoft Windows GDI Image Parsing Vulnerabilities SECUNIA ADVISORY ID: SA33020 VERIFY ADVISORY: http://secunia.com/advisories/33020/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Microsoft Windows Storage Server 2003 http://secunia.com/advisories/product/12399/ Microsoft Windows XP Professional http://secunia.com/advisories/product/22/ Microsoft Windows XP Home Edition http://secunia.com/advisories/product/16/ Microsoft Windows Vista http://secunia.com/advisories/product/13223/ Microsoft Windows Server 2008 http://secunia.com/advisories/product/18255/ Microsoft Windows Server 2003 Web Edition http://secunia.com/advisories/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/advisories/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/advisories/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/advisories/product/1175/ Microsoft Windows 2000 Server http://secunia.com/advisories/product/20/ Microsoft Windows 2000 Professional http://secunia.com/advisories/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/advisories/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/advisories/product/21/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) An overflow error in GDI when processing headers in Windows Metafile (WMF) files can be exploited to cause a buffer overflow via a specially crafted WMF file. 2) An error exists in the the way the GDI handles file size parameters in WMF files. This can be exploited to cause a heap-based buffer overflow via a specially crafted WMF file. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. ---------------------------------------------------------------------- TITLE: Microsoft Office Word Multiple Vulnerabilities SECUNIA ADVISORY ID: SA30285 VERIFY ADVISORY: http://secunia.com/advisories/30285/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Microsoft Office 2000 http://secunia.com/advisories/product/24/ Microsoft Office XP http://secunia.com/advisories/product/23/ Microsoft Office 2003 Professional Edition http://secunia.com/advisories/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/advisories/product/2277/ Microsoft Office 2003 Standard Edition http://secunia.com/advisories/product/2275/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/advisories/product/2278/ Microsoft Office 2007 http://secunia.com/advisories/product/13228/ Microsoft Word 2000 http://secunia.com/advisories/product/2149/ Microsoft Word 2002 http://secunia.com/advisories/product/2150/ Microsoft Word 2003 http://secunia.com/advisories/product/4908/ Microsoft Office Word 2007 http://secunia.com/advisories/product/14703/ Microsoft Outlook 2007 http://secunia.com/advisories/product/13799/ Microsoft Word Viewer 2003 http://secunia.com/advisories/product/5523/ Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats http://secunia.com/advisories/product/14165/ Microsoft Works 8.x http://secunia.com/advisories/product/7215/ Microsoft Office 2004 for Mac http://secunia.com/advisories/product/8713/ Microsoft Office 2008 for Mac http://secunia.com/advisories/product/17922/ Microsoft Open XML File Format Converter for Mac http://secunia.com/advisories/product/20148/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file. 2) An integer overflow error exists when calculating the space required for the specified number of points in a polyline or polygon. This can be exploited to cause a heap-based buffer overflow during parsing of objects in Rich Text Format (.rtf) files e.g. when a user opens a specially crafted .rtf file with Word or previews a specially crafted e-mail. 3) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file. 4) An unspecified error when parsing control words in RTF files can be exploited to corrupt memory via a specially crafted RTF file. 5) An unspecified error when parsing control words in RTF files can be exploited to corrupt memory via a specially crafted RTF file. 6) An unspecified error when parsing control words in RTF files can be exploited to corrupt memory via a specially crafted RTF file. 7) An unspecified error when parsing strings in RTF files can be exploited to corrupt memory via a specially crafted RTF file. 8) An unspecified error when parsing certain records can be exploited to corrupt memory via a specially crafted Word file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA33035 VERIFY ADVISORY: http://secunia.com/advisories/33035/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: Microsoft Internet Explorer 5.01 http://secunia.com/advisories/product/9/ Microsoft Internet Explorer 6.x http://secunia.com/advisories/product/11/ Microsoft Internet Explorer 7.x http://secunia.com/advisories/product/12366/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. 1) An error when handling parameters passed to unspecified navigation methods can be exploited to corrupt memory via a specially crafted web page. 2) An unspecified error when handling HTML objects can be exploited to dereference uninitialized memory and corrupt memory via a specially crafted web page. 3) An unspecified use-after-free error can be exploited to corrupt memory via a specially crafted web page. 4) An error when unexpected data is encountered while embedding an object into a page can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches.
Опубликовано 17 декабря, 200817 г Автор новое обновление Firefox3 _ttp://isc.sans.org/diary.html?n&storyid=5506 FireFox 3.0.5 has been released with several security fixes. Fixed in Firefox 3.0.5 MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domain data theft via script redirect error message MFSA 2008-64 XMLHttpRequest 302 response disclosure MFSA 2008-63 User tracking via XUL persist attribute MFSA 2008-60 Crashes with evidence of memory corruption (rv:1.9.0.5/1.8.1.19) Thanks to John and Roseman for bringing this to our attention.
Для публикации сообщений создайте учётную запись или авторизуйтесь