SecurityFocus News
SecurityFocus Newsletter #504 Jun 11 2009 11:17PM
sfa securityfocus com
SecurityFocus Newsletter #504
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510119;37701656;z

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. BUGTRAQ SUMMARY
1. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
2. WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
3. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
4. libxml XML Entity Name Heap Buffer Overflow Vulnerability
5. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
6. Linux Kernel 'do_splice_from()' Local Security Bypass Vulnerability
7. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
8. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
9. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
10. Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
11. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
12. Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
13. Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
14. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
15. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
16. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
17. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
18. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
19. Linux Kernel 'splice(2)' Double Lock Local Denial of Service Vulnerability
20. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
21. Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
22. Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
23. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
24. Apple iPhone and iPod touch Prior to Version 2.2 Multiple Vulnerabilities
25. OpenSSL Multiple Vulnerabilities
26. Sun Solaris Kerberos Credential Management Security Bypass Vulnerability
27. Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
28. Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
29. Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
30. Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
31. Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
32. Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability
33. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability
34. WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35. WebKit 'document.implementation' Cross Domain Scripting Vulnerability
36. Adobe Reader and Acrobat FlateDecode Filter Integer Overflow Vulnerability
37. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
38. WebKit Subframe Click Jacking Vulnerability
39. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
40. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
41. Adobe Reader and Acrobat TrueType Font Handling Memory Corruption Vulnerability
42. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
43. WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
44. WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
45. WebKit XSLT Redirects Remote Information Disclosure Vulnerability
46. WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
47. WebKit 'Document()' Function Remote Information Disclosure Vulnerability
48. WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
49. Opera Web Browser 9.26 Multiple Security Vulnerabilities
50. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
51. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
52. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
53. Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
54. Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities
55. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
56. Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
57. Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
58. Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
59. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
60. Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
61. Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
62. Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
63. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
64. Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow Vulnerability
65. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
66. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
67. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
68. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
69. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
70. Sun OpenSolaris 'smbfs(7FS)' Local Information Disclosure Vulnerability
71. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
72. CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
73. CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
74. Yogurt Cross-Site Scripting and SQL Injection Vulnerabilities
75. ModSecurity SQL Injection Rule Security Bypass Vulnerability
76. phpWebThings 'module' Parameter Local File Include Vulnerability
77. F5 Networks FirePass SSL VPN Unspecified Cross-Site Scripting Vulnerability
78. 'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
79. Mozilla Firefox Large GIF File Background Denial of Service Vulnerability
80. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
81. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
82. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
83. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability
84. Microsoft Windows Search Script Injection Vulnerability
85. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability
86. Microgaming FlashXControl Object ActiveX Control Unspecified Security Vulnerability
87. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
88. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability
89. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability
90. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
91. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
92. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
93. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
94. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
95. libxml2 Denial of Service Vulnerability
96. Libpng Library Unknown Chunk Handler Vulnerability
97. libxml2 Recursive Entity Remote Denial of Service Vulnerability
98. LightNEasy Multiple Input Validation Vulnerabilities
99. Libpng Library 'png_push_read_zTXt()' Off-By-One Denial of Service Vulnerability
100. Libpng Library Multiple Remote Denial of Service Vulnerabilities
III. SECURITYFOCUS NEWS
1. FTC persuades court to shutter rogue ISP
2. Obama launches cybersecurity initiative
3. Browsers bashed first in hacking contest
4. Experts: U.S. needs to defend its "cyber turf"
IV. SECURITY JOBS LIST SUMMARY
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents.
http://www.securityfocus.com/columnists/501

II. BUGTRAQ SUMMARY
--------------------
1. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35188
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35188
Summary:
Microsoft Word is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

2. WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
BugTraq ID: 35325
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35325
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

3. libxml2 'xmlSAX2Characters()' Integer Overflow Vulnerability
BugTraq ID: 32326
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/32326
Summary:
The 'libxml2' library is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data when handling XML files.

Successful exploits of this vulnerability allow remote attackers to execute arbitrary machine code in the context of an affected application. Failed exploits may crash the application.

This issue affects libxml2-2.7.2; other versions may also be affected.

4. libxml XML Entity Name Heap Buffer Overflow Vulnerability
BugTraq ID: 31126
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/31126
Summary:
The 'libxml' library is prone to a heap-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary within the context of an application using the affected library. Failed exploit attempts will result in a denial-of-service vulnerability.

5. Linux Kernel Cloned Process 'CLONE_PARENT' Local Origin Validation Weakness
BugTraq ID: 33906
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33906
Summary:
The Linux kernel is prone to an origin-validation weakness when dealing with signal handling.

This weakness occurs when a privileged process calls attacker-supplied processes as children. Attackers may exploit this to send arbitrary signals to the privileged parent process.

A local attacker may exploit this issue to kill vulnerable processes, resulting in a denial-of-service condition. In some cases, other attacks may also be possible.

Linux kernel 2.6.28 is vulnerable; other versions may also be affected.

6. Linux Kernel 'do_splice_from()' Local Security Bypass Vulnerability
BugTraq ID: 31903
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/31903
Summary:
The Linux kernel is prone to a local security-bypass vulnerability because the 'do_splice_from()' function fails to correctly reject file descriptors when performing certain file operations.

Attackers can exploit this issue to bypass restrictions on append mode when updating files to update arbitrary locations in the file.

Versions prior to Linux kernel 2.6.27 are vulnerable.

7. Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability
BugTraq ID: 33113
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33113
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.28; other versions may also be vulnerable.

8. Linux Kernel 'ib700wdt.c' Buffer Underflow Vulnerability
BugTraq ID: 33003
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33003
Summary:
The Linux kernel is prone to a buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges or crash the affected computer, denying service to legitimate users.

Versions prior to Linux kernel 2.6.28-rc1 are vulnerable.

9. Linux Kernel 'dell_rbu' Local Denial of Service Vulnerabilities
BugTraq ID: 33428
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33428
Summary:
Linux Kernel is prone to two denial-of-service vulnerabilities.

A local unprivileged attacker can exploit these issues to cause a vulnerable system to crash, resulting in denial-of-service conditions.

These issues affect versions prior to Linux Kernel 2.6.27.13 and 2.6.28.2.

10. Linux Kernel '/ipc/shm.c' Local Denial of Service Vulnerability
BugTraq ID: 34020
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34020
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause the Linux kernel to lock up, resulting in a denial-of-service condition.

Versions prior to Linux kernel 2.6.28.5 are vulnerable.

11. Linux Kernel Audit System 'audit_syscall_entry()' System Call Security Bypass Vulnerability
BugTraq ID: 33951
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33951
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass audit mechanisms imposed on system calls. This may allow malicious behavior to escape notice.

12. Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability
BugTraq ID: 34934
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34934
Summary:
The Linux Kernel is prone to an security-bypass vulnerability that affects the NFS (Network File System) implementation.

An attacker can exploit this issue to perform privileged operations on a vulnerable computer, which may aid in further attacks.

13. Linux Kernel Frame Size Integer Overflow Remote Information Disclosure Vulnerability
BugTraq ID: 34654
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34654
Summary:
The Linux Kernel is prone to a remote information-disclosure vulnerability.

Remote attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to Linux Kernel 2.6.30-rc1 are vulnerable.

14. Linux Kernel 'seccomp' System Call Security Bypass Vulnerability
BugTraq ID: 33948
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33948
Summary:
The Linux kernel is prone to a local security-bypass vulnerability.

A local attacker may be able to exploit this issue to bypass access control and make restricted system calls, which may result in an elevation of privileges.

15. Linux Kernel 'exit_notify()' CAP_KILL Verification Local Privilege Escalation Vulnerability
BugTraq ID: 34405
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34405
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges, resulting in a complete compromise of the affected computer.

Versions prior to Linux kernel 2.6.29-git14 are vulnerable.

16. Linux Kernel CIFS Remote Buffer Overflow Vulnerability
BugTraq ID: 34453
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34453
Summary:
The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

The issue affects Linux Kernel 2.6.29; other versions may also be vulnerable.

17. Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability
BugTraq ID: 33846
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33846
Summary:
The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation.

Successful exploits will allow attackers to view portions of kernel memory. Information harvested may be used in further attacks.

Versions prior to Linux Kernel 2.6.28.8 are vulnerable.

18. Linux Kernel nfsd 'CAP_MKNOD' Unauthorized Access Vulnerability
BugTraq ID: 34205
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34205
Summary:
The Linux Kernel is prone to an unauthorized-access vulnerability that can occur when users with certain capabilities connect to the 'nfsd' service.

An attacker with authenticated access to the affected application can exploit this issue to perform privileged operations on a vulnerable computer; this may aid in further attacks.

19. Linux Kernel 'splice(2)' Double Lock Local Denial of Service Vulnerability
BugTraq ID: 35143
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35143
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to cause an affected process to hang, denying service to legitimate users. Other denial-of-service attacks are also possible.

This issue was introduced in Linux Kernel 2.6.19. The following versions have been fixed:

Linux Kernel 2.6.30-rc3
Linux Kernel 2.6.27.24
Linux Kernel 2.6.29.4

20. Linux Kernel 'EFER_LME' Local Denial of Service Vulnerability
BugTraq ID: 34331
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34331
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to trigger a kernel oops, resulting in a denial-of-service condition.

This issue affects Linux kernel 2.6.19 through 2.6.29.

21. Linux Kernel 'inet6_hashtables.c' NULL Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 34602
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34602
Summary:
The Linux kernel is prone to a local denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected kernel, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code, but this has not been confirmed.

This issue was introduced in Linux kernel 2.6.27 and fixed in 2.6.29.

22. Linux Kernel 'readlink' Local Privilege Escalation Vulnerability
BugTraq ID: 33412
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/33412
Summary:
The Linux kernel is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with superuser privileges or crash the affected kernel, denying service to legitimate users.

Versions prior to Linux kernel 2.6.29.1 are vulnerable.

23. Linux Kernel 'drivers/char/agp/generic.c' Local Information Disclosure Vulnerability
BugTraq ID: 34673
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34673
Summary:
The Linux kernel is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

Versions prior to the Linux kernel 2.6.30-rc3 are vulnerable.

24. Apple iPhone and iPod touch Prior to Version 2.2 Multiple Vulnerabilities
BugTraq ID: 32394
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/32394
Summary:
Apple iPhone and iPod touch are prone to multiple vulnerabilities:

1. A denial-of-service vulnerability in the ImageIO module.
2. A weakness in Networking.
3. Two security-bypass vulnerabilities in the Passcode Lock functionality.
4. An information-disclosure vulnerability in the Passcode Lock functionality.
5. A memory-corruption vulnerability in Safari.
6. A spoofing vulnerability in Safari.
7. A security-bypass vulnerability in Safari.

Successfully exploiting these issues may allow attackers to execute arbitrary code, bypass security restrictions, obtain sensitive information, perform spoofing attacks, or cause denial-of-service conditions.

These issues affect the following:

iPhone OS 1.0 through 2.1
iPhone OS for iPod touch 1.1 through 2.1

25. OpenSSL Multiple Vulnerabilities
BugTraq ID: 34256
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/34256
Summary:
OpenSSL is prone to multiple vulnerabilities that may allow attackers to trigger denial-of-service conditions or bypass certain security checks.

Versions prior to OpenSSL 0.9.8k are vulnerable.

26. Sun Solaris Kerberos Credential Management Security Bypass Vulnerability
BugTraq ID: 35205
Remote: No
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35205
Summary:
Solaris Kerberos is prone to a security-bypass vulnerability that affects the Kerberos credential cache management.

An attacker can exploit this issue to perform unauthorized actions, which may aid in further attacks.

27. Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
BugTraq ID: 35251
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35251
Summary:
Apache 'APR-util' is prone to an off-by-one vulnerability that may allow attackers to obtain sensitive information or trigger a denial-of-service condition.

Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of an application that uses the affected library, but this has not been confirmed.

Versions prior to 'APR-util' 1.3.5 on big-endian platforms are vulnerable.

28. Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
BugTraq ID: 35253
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35253
Summary:
Apache 'APR-util' is prone to a vulnerability that may allow attackers to cause an affected application to consume memory, resulting in a denial-of-service condition.

Versions prior to 'APR-util' 1.3.7 are vulnerable.

29. Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
BugTraq ID: 35221
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35221
Summary:
Apache 'APR-util' is prone to an integer-underflow vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of an affected application. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

Versions prior to 'APR-util' 1.3.5 are vulnerable.

30. Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability
BugTraq ID: 34938
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/34938
Summary:
Apple Mac OS X is prone to an integer-overflow vulnerability when handling PICT image files.

An attacker can exploit this issue to execute arbitrary code in the context of the victim.

NOTE: This issue was previously covered in BID 34926 (Apple Mac OS X 2009-002 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

31. Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities
BugTraq ID: 30488
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/30488
Summary:
Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the CoreGraphics component.

Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.

The following versions are affected:

Mac OS X v10.4.11 and prior
Mac OS X Server v10.4.11 and prior
Mac OS X v10.5.4 and prior
Mac OS X Server v10.5.4 and prior

NOTE: These issues were previously covered in BID 30483 (Apple Mac OS X 2008-005 Multiple Security Vulnerabilities), but have been given their own record to better document them.

32. Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability
BugTraq ID: 35303
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35303
Summary:
Adobe Reader and Acrobat are prone to a memory corruption vulnerability.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

33. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35206
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35206
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the Windows Print Spooler.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges. Failed exploit attempts will likely cause denial-of-service conditions.

34. WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
BugTraq ID: 35322
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35322
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

35. WebKit 'document.implementation' Cross Domain Scripting Vulnerability
BugTraq ID: 35319
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35319
Summary:
WebKit is prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

36. Adobe Reader and Acrobat FlateDecode Filter Integer Overflow Vulnerability
BugTraq ID: 35294
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35294
Summary:
Adobe Reader and Acrobat are prone to an integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

37. WebKit DOM Event Handler Remote Memory Corruption Vulnerability
BugTraq ID: 35271
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35271
Summary:
WebKit is prone to a remote memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

38. WebKit Subframe Click Jacking Vulnerability
BugTraq ID: 35317
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35317
Summary:
WebKit is prone to a click-jacking vulnerability.

Attackers may exploit this issue to execute arbitrary code, launch cross-site scripting attacks, elevate privileges, or obtain sensitive information. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

39. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
BugTraq ID: 35245
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35245
Summary:
Microsoft Excel is prone to an integer-overflow vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

40. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 35226
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35226
Summary:
Microsoft Active Directory is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful exploits will completely compromise the affected computer. Failed attacks will cause denial-of-service conditions.

41. Adobe Reader and Acrobat TrueType Font Handling Memory Corruption Vulnerability
BugTraq ID: 35296
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35296
Summary:
Adobe Reader and Acrobat are prone to a memory-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code. Failed exploit attempts will likely cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

42. WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
BugTraq ID: 35318
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35318
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

43. WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
BugTraq ID: 35315
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35315
Summary:
WebKit is prone to a cross-domain scripting vulnerability because it fails to properly restrict the access of JavaScript code when loading new webpages.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain potentially sensitive information or to launch spoofing attacks against other sites. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

44. WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
BugTraq ID: 35310
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35310
Summary:
WebKit is prone to a remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

45. WebKit XSLT Redirects Remote Information Disclosure Vulnerability
BugTraq ID: 35283
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35283
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

46. WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
BugTraq ID: 35311
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35311
Summary:
WebKit is prone to a remote code-execution vulnerability because it fails to adequately handle JavaScript exceptions.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

47. WebKit 'Document()' Function Remote Information Disclosure Vulnerability
BugTraq ID: 35284
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35284
Summary:
WebKit is prone to a remote information-disclosure vulnerability.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

48. WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
BugTraq ID: 35309
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35309
Summary:
WebKit is prone to a memory-corruption vulnerability.

Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed attack attempts will result in a denial-of-service condition.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

49. Opera Web Browser 9.26 Multiple Security Vulnerabilities
BugTraq ID: 28585
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/28585
Summary:
Opera Web Browser is prone to multiple security vulnerabilities that may allow remote attackers to execute code.

These issues lead to memory corruption and may result in remote unauthorized access and denial-of-service attacks.

Versions prior to Opera 9.27 are vulnerable.

50. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
BugTraq ID: 35308
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35308
Summary:
Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to adequately handle TrueType fonts.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to Safari 4.0 running on Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it.

51. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
BugTraq ID: 35260
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35260
Summary:
Apple Safari is prone to multiple security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code, launch cross-site scripting attacks, elevate privileges, or obtain sensitive information. Other attacks are also possible.

These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Microsoft Windows XP, and Windows Vista.

52. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability
BugTraq ID: 34438
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/34438
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.

53. Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
BugTraq ID: 35302
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35302
Summary:
Adobe Reader and Acrobat are prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

54. Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities
BugTraq ID: 35274
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35274
Summary:
Adobe Reader and Acrobat are prone to multiple remote vulnerabilities.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

The following individual records have been created to better document some of these issues:

35298 Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
35295 Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
35294 Adobe Reader and Acrobat 9.1.1 and Prior Integer Overflow Vulnerability
35296 Adobe Reader and Acrobat 9.1.1 and Prior Unspecified Memory Corruption Vulnerability
35289 Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
35293 Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
35291 Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow Vulnerability
35282 Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
35299 Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
35300 Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
35301 Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
35302 Adobe Reader and Acrobat Huffman-encoded JBIG2 Text Heap Overflow Vulnerability
35303 Adobe Reader and Acrobat JBIG Segments 'Text Region' Memory Corruption Vulnerability

The vendor reports other unspecified security issues have also been addressed. Information regarding these issues is currently not available. We will update this BID as more information emerges.

55. SHA-0/SHA-1 Reduced Operation Digest Collision Weakness
BugTraq ID: 12577
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/12577
Summary:
Researchers Xiaoyun Wang, Yiqun Lisa Yin, and Hongbo Yu have allegedly devised attacks that will reduce the number of operations required to compute an input that generates a collision in SHA-0/SHA-1 digests. This weakness may threaten the integrity of digital signatures that are generated using these algorithms, as it may be possible to create identical signatures using different input data.

The research paper describing these attacks is not publicly available at this time, and the results have not been vetted by others in the field. This BID will be updated as more information is made available.

UPDATE (June 11, 2009): Further investigation by other researchers (Cameron McDonald Philip Hawkes and Josef Pieprzyk) has reduced SHA-1 collisions to 2**52 hash operations.

56. Adobe Reader and Acrobat JBIG 'Pattern Dictionary' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35299
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35299
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

57. Adobe Reader and Acrobat U3D Model Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35282
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35282
Summary:
Adobe Reader and Acrobat are prone to a remote stack-based buffer-overflow vulnerability because they fail to adequately bounds-check user-supplied data.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

58. Adobe Reader & Acrobat JBIG Pattern Dictionary Allocation Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35300
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35300
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

59. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35301
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35301
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

60. Adobe Reader and Acrobat JBIG2 Filter Unspecified Memory Corruption Vulnerability
BugTraq ID: 35298
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35298
Summary:
Adobe Reader and Acrobat are prone to an unspecified memory-corruption vulnerability.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

61. Adobe Reader and Acrobat Multiple Unspecified Remote Heap Buffer Overflow Vulnerabilities
BugTraq ID: 35295
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35295
Summary:
Adobe Reader and Acrobat are prone to multiple remote heap-based buffer-overflow vulnerabilities because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit these issues by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: These issues were previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned their own record to better document the issues.

62. Adobe Reader and Acrobat Unspecified Memory Corruption Vulnerability
BugTraq ID: 35289
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35289
Summary:
Adobe Reader and Acrobat are prone to an unspecified memory-corruption vulnerability.

Exploiting this issue will allow remote attackers to execute arbitrary code within the context of the affected application or crash the application.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

63. Adobe Reader and Acrobat JBIG 'Halftone Region' Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35293
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35293
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

64. Adobe Reader and Acrobat JBIG Halftone Region Grid Area Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35291
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35291
Summary:
Adobe Reader and Acrobat are prone to a remote heap-based buffer-overflow vulnerability because they fail to sufficiently sanitize user-supplied input.

An attacker can exploit this issue by tricking a victim into opening a malicious file to execute arbitrary code and to cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 35274 (Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities), but has been assigned its own record to better document it.

65. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
BugTraq ID: 35225
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35225
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

66. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
BugTraq ID: 35232
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35232
Summary:
Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability because it fails to properly enforce access restrictions on certain requests to a site that requires authentication.

An attacker can exploit this issue to gain unauthorized access to protected resources, which may lead to other attacks.

This issue affects IIS 5.0.

67. Microsoft IIS Unicode Requests to WebDAV Multiple Authentication Bypass Vulnerabilities
BugTraq ID: 34993
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/34993
Summary:
Microsoft Internet Information Service (IIS) is prone to multiple authentication-bypass vulnerabilities because the application fails to properly enforce access restrictions on certain requests to password-protected WebDAV folders.

An attacker can exploit these issues to gain unauthorized access to protected WebDAV resources, which may lead to other attacks.

This issue affects IIS 5.0, 5.1, and 6.0.

68. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
BugTraq ID: 35209
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35209
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service.

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers.

69. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
BugTraq ID: 35208
Remote: No
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35208
Summary:
Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects the Print Spooler service.

Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in further attacks.

70. Sun OpenSolaris 'smbfs(7FS)' Local Information Disclosure Vulnerability
BugTraq ID: 35306
Remote: No
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35306
Summary:
Sun OpenSolaris is prone to a local information-disclosure vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

The issue affects OpenSolaris based on builds snv_84 through snv_110.

71. GnuTLS X.509 Certificate Chain Security Bypass Vulnerability
BugTraq ID: 32232
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/32232
Summary:
GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users may be under a false sense of security that can aid attackers in launching further attacks.

Versions prior to GnuTLS 2.6.1 are vulnerable.

72. CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
BugTraq ID: 31688
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/31688
Summary:
CUPS is prone to a remote code-execution vulnerability caused by an error in the 'HP-GL/2 filter.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local users may also exploit this vulnerability to elevate privileges.

Successful remote exploits may require printer sharing to be enabled on the vulnerable system.

The issue affects versions prior to CUPS 1.3.9.

NOTE: This issue was previously discussed in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities), but has been assigned its own record to better document the vulnerability.

73. CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 31690
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/31690
Summary:
CUPS is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before using it to allocate memory buffers.

Remote attackers can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Note that local attackers may also exploit these vulnerabilities to elevate privileges.

Successful remote exploits may require printer sharing to be enabled on the vulnerable system.

These issues affect versions prior to CUPS 1.3.9.

74. Yogurt Cross-Site Scripting and SQL Injection Vulnerabilities
BugTraq ID: 35324
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35324
Summary:
Yogurt is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Yogurt 0.3 is vulnerable; other versions may also be affected.

75. ModSecurity SQL Injection Rule Security Bypass Vulnerability
BugTraq ID: 35323
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35323
Summary:
ModSecurity is prone to a security-bypass vulnerability because it fails to sufficiently validate user-supplied input.

An attacker can exploit this issue to bypass certain security restrictions and perform various web-application attacks.

ModSecurity 2.5.9 and prior versions are vulnerable.

76. phpWebThings 'module' Parameter Local File Include Vulnerability
BugTraq ID: 35313
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35313
Summary:
phpWebThings is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process, which may aid in further attacks.

phpWebThings 1.5.2 is vulnerable; other versions may also be affected.

77. F5 Networks FirePass SSL VPN Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 35312
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35312
Summary:
F5 Networks FirePass SSL VPN is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.

78. 'Compress::Raw::Zlib' Perl Module Remote Code Execution Vulnerability
BugTraq ID: 35307
Remote: Yes
Last Updated: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35307
Summary:
The 'Compress::Raw::Zlib' Perl module is prone to a remote code-execution vulnerability.

Successful exploits may allow remote attackers to execute arbitrary code or cause denial-of-service conditions in applications that use the vulnerable module.

'Compress::Raw::Zlib' versions prior to 2.017 are affected.

79. Mozilla Firefox Large GIF File Background Denial of Service Vulnerability
BugTraq ID: 35280
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35280
Summary:
Mozilla Firefox is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 3.0.10 is affected; other versions mat also be vulnerable.

80. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
BugTraq ID: 35235
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35235
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

81. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35246
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35246
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel ('.xls') file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

82. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
BugTraq ID: 35200
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35200
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks.

83. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability
BugTraq ID: 35234
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35234
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

84. Microsoft Windows Search Script Injection Vulnerability
BugTraq ID: 35220
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35220
Summary:
Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when previewing search results.

Successful exploits will cause malicious script code to run in the local context, allowing attackers to steal potentially sensitive information or perform other attacks.

The issue affects Windows Search installed on all supported editions of Windows XP and Windows Server 2003. Note that Windows Vista and Windows Server 2008 are not affected.

85. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35224
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35224
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

86. Microgaming FlashXControl Object ActiveX Control Unspecified Security Vulnerability
BugTraq ID: 35247
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35247
Summary:
Microgaming FlashXControl Object ActiveX control is prone to an unspecified security vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

The impact of this issue is currently unknown. We will update this BID as soon as more information becomes available.

87. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35275
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35275
Summary:
Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Freelance file.

Successful exploits can allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

88. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35222
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35222
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

89. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35223
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35223
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions.

90. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35198
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35198
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

91. Linux Kernel RTL8169 NIC Remote Denial of Service Vulnerability
BugTraq ID: 35281
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35281
Summary:
The Linux Kernel is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the system, denying service to legitimate users.
Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Versions prior to Linux Kernel 2.6.30 are vulnerable.

92. Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
BugTraq ID: 35263
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35263
Summary:
Apache Tomcat is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

The following versions of Apache Tomcat are vulnerable:

6.0.0-6.0.18
5.5.0-5.5.27
4.1.0-4.1.39

93. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
BugTraq ID: 35239
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35239
Summary:
XM Easy Personal FTP Server is prone to multiple remote buffer-overflow vulnerabilities because the application fails to sufficiently sanitize user-supplied arguments to multiple FTP commands.

An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

XM Easy Personal FTP Server 5.7.0 is vulnerable; other versions may also be affected.

94. libxml2 'xmlBufferResize()' Remote Denial of Service Vulnerability
BugTraq ID: 32331
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/32331
Summary:
The 'libxml2' library is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to cause the affected application using the library to fall into an infinite loop, denying service to legitimate users.

This issue affects libxml2-2.7.2; other versions may also be affected.

95. libxml2 Denial of Service Vulnerability
BugTraq ID: 31555
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/31555
Summary:
The libxml2 library is prone to a denial-of-service vulnerability caused by an error when handling files using entities in entity definitions.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

The issue affects libxml2 2.7 prior to 2.7.2.

96. Libpng Library Unknown Chunk Handler Vulnerability
BugTraq ID: 28770
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/28770
Summary:
The 'libpng' library is prone to a vulnerability that causes denial-of-service conditions or may allow code to run. The issue occurs because the software fails to properly handle unexpected chunk data in PNG files.

Successfully exploiting this issue allows remote attackers to trigger denial-of-service conditions or to possibly execute arbitrary machine code in the context of applications that use the library.

The following versions are affected:

libpng 1.0.6 through 1.0.32
libpng 1.2.0 through 1.2.26
libpng 1.4.0beta01 through 1.4.0beta19

97. libxml2 Recursive Entity Remote Denial of Service Vulnerability
BugTraq ID: 30783
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/30783
Summary:
The libxml2 library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the library to consume an excessive amount of memory, denying service to legitimate users.

98. LightNEasy Multiple Input Validation Vulnerabilities
BugTraq ID: 28801
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/28801
Summary:
LightNEasy is prone to multiple vulnerabilities, including SQL-injection, security-bypass, and information-disclosure issues, because it fails to sufficiently sanitize user-supplied data.

Successful exploits of these vulnerabilities may allow attackers to:

- compromise the application
- access or modify data
- exploit latent vulnerabilities in the underlying database
- view files and execute local scripts in the context of the webserver process
- execute arbitrary PHP script code in the context of the webserver process

These issues affect LightNEasy 1.2.2 and prior versions.

99. Libpng Library 'png_push_read_zTXt()' Off-By-One Denial of Service Vulnerability
BugTraq ID: 31049
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/31049
Summary:
The 'libpng' library is prone to a remote denial-of-service vulnerability because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

This issue affects 'libpng' 1.2.30beta04 and 1.2.31; other versions may also be affected.

100. Libpng Library Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 25956
Remote: Yes
Last Updated: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/25956
Summary:
The 'libpng' library is prone to multiple remote denial-of-service vulnerabilities because the library fails to handle malicious PNG files.

Successful exploits may allow remote attackers to cause denial-of-service conditions on computers running the affected library.

These issues affect 'libpng' 1.2.20 and prior versions.

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. FTC persuades court to shutter rogue ISP
By: Robert Lemos
A federal district court shuts down Triple Fiber Network, after the Federal Trade Commission documents the Internet service provider's cooperation with online criminals and child pornographers.
http://www.securityfocus.com/news/11552

2. Obama launches cybersecurity initiative
By: Robert Lemos
The U.S. president announces that the nation's networks will be considered a "strategic national asset" and creates a top position in the White House to formulate a better cybersecurity policy.
http://www.securityfocus.com/news/11551

3. Browsers bashed first in hacking contest
By: Robert Lemos
A security researcher keeps a vulnerability on ice for an entire year, before using it at the Pwn2Own contest to exploit Apple's browser. Microsoft's Internet Explorer 8 falls soon after.
http://www.securityfocus.com/news/11549

4. Experts: U.S. needs to defend its "cyber turf"
By: Robert Lemos
The United States must develop a Monroe Doctrine for the Internet, defining what constitutes its cyberspace and pledging to defend its virtual borders, security experts told Congress.
http://www.securityfocus.com/news/11548

IV. SECURITY JOBS LIST SUMMARY
-------------------------------
V. INCIDENTS LIST SUMMARY
---------------------------
VI. VULN-DEV RESEARCH LIST SUMMARY
-----------------------------------
VII. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
VIII. SUN FOCUS LIST SUMMARY
----------------------------
IX. LINUX FOCUS LIST SUMMARY
----------------------------
X. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to sf-news-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

XI. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510119;37701656;z

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus