Security Hero Rotating Header Image

Arbitrary Code

0562 (isa_server, office, office_web_components)

CVE-2009-0562 (isa_server, office, office_web_components)

The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger “system state” corruption, aka “Office…

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0562

2469 (firefox)

CVE-2009-2469 (firefox)

Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2469

VMware fixes security bugs

VMware fixes security bugs

VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based virtual machines. Another vulnerability identified by VMware could have enabled an attacker to execute arbitrary code. X CAM


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/ExodS3v11PI/

VMWare Patches Released, (Fri, May 29th)

VMWare Patches Released, (Fri, May 29th)

Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities:
1. VMWare Descheduled Time Accounting driver:
The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable versions. This driver is an optional (non-

default) part of the VMware Tools installation. However, if the following conditions are met and their tools are not upgraded, virtual machines that are migrated from vulnerable releases are still vulnerable if the following three conditions exist:
– The virtual machine is running a Windows operating system.

– The VMware Descheduled Time Accounting driver is installed

in the virtual machine.

– The VMware Descheduled Time Accounting Service is not running

in the virtual machine

2. libpng package for the ESX 2.5.5 Service Console
The libpng package is used for creating and manipulating PNG (Portable Network Graphics) image format files. A crafted PNG file loaded by an application and linked against libpng could cause the application to crash or to allow arbitrary code execution that would run with the priveleges of the user that is using the application.
Another flaw addresses PNG images that contain unknown chunks. If an application linked against libpng

attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash.

URL: http://isc.sans.org/diary.php?storyid=6487&rss

Blackberry Server Vulnerability, (Fri, May 29th)

Blackberry Server Vulnerability, (Fri, May 29th)

For all of you running around with a Blackberry, be careful of opening .pdf files. A vulnerability announced on Tuesday allows for specially crafted .pdf files when opened on your blackberry to potentially cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service. If you have not done so, please make sure your servers are patched. The versions afftected are:

BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 5.0
BlackBerry Professional Software4.1 Service Pack 4 (4.1.4)

URL: http://isc.sans.org/diary.php?storyid=6484&rss

New Windows zero-day

New Windows zero-day

Microsoft on Thursday issued a security advisory for a new vulnerability in DirectX, used on Windows to enable graphics and sound, that could enable a remote hacker to execute arbitrary code if users open specially crafted QuickTime files. Microsoft said that it was aware of active attacks using exploit code for the vulnerability. Windows 2000 (SP4), Windows XP, and Windows Server 2003 are vulnerable; all versions of Windows Vista and Windows Server 2008 are not. X CAM


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/ia20FTYLVFQ/

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Wed, 27 May 2009 20:19:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.27] helo=outgoing3.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M9Oew-0006Yj-QS for email@address; Wed, 27 May 2009 20:19:30 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP id 9BD6F236FF8; Wed, 27 May 2009 13:16:26 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 5683 invoked from network); 27 May 2009 18:37:25 -0000 arbitrary code Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, security-alerts@linuxsecurity.com Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-qKcs3BrUY+SMIGtTngxH" Message-Id: <1243449441.4200.1.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.26.2 X-IMAPbase: 1176125385 9205 Status: O X-UID: 9205 Content-Length: 3703 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code

Posted by Alex Legler on May 27

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-09
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0238.html

BlackBerry patches PDF flaws

BlackBerry patches PDF flaws

Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt memory or execute arbitrary code on the computer that hosts the BlackBerry Attachment Service, RIM said in its advisory. X AM


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/6n4qIpXhCOI/

New cscope packages fix arbitrary code execution

[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:47:31 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8dKl-0000wJ-NC for email@address; Mon, 25 May 2009 17:47:31 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id C8835144259; Mon, 25 May 2009 08:14:14 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 14511 invoked from network); 24 May 2009 08:28:08 -0000 Resent-Cc: recipient list not shown: ; Old-Return-Path: <jmm@inutil.org> X-Original-To: lists-debian-security-announce@liszt.debian.org Delivered-To: lists-debian-security-announce@liszt.debian.org X-Virus-Scanned: at lists.debian.org with policy bank moderated X-Spam-Flag: NO X-Spam-Score: -9.08 X-Spam-Level: X-Spam-Status: No, score=-9.08 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_2=1, LDO_WHITELIST=-5, MURPHY_WRONG_WORD1=0.1, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5, PHONENUMBER=1.5] autolearn=ham X-policyd-weight: using cached result; rate: -6.1 Message-ID: <20090524082751.GA24821@galadriel.inutil.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) X-SA-Exim-Connect-IP: 82.83.229.75 X-SA-Exim-Mail-From: jmm@inutil.org X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false X-Debian: PGP check passed for security officers Priority: urgent Resent-Message-ID: <h-kgsMJsh7H.A.NWB.VUQGKB@liszt> Reply-To: listadmin@securityfocus.com Mail-Followup-To: bugtraq@securityfocus.com Resent-Date: Sun, 24 May 2009 08:28:05 +0000 (UTC) Resent-From: list@liszt.debian.org (Mailing List Manager) X-IMAPbase: 1176125385 9179 Status: O X-UID: 9179 Content-Length: 5245 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

<!– Envelope-to: email@address Delivery-date: Mon, 25 May 2009 17:03:17 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8cdx-0000Fq-BQ for email@address; Mon, 25 May 2009 17:03:17 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 73F8314425B; Mon, 25 May 2009 08:14:36 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 18052 invoked from network); 24 May 2009 13:02:26 -0000 Message-ID: <4A194608.5000400@gentoo.org> User-Agent: Thunderbird 2.0.0.19 (X11/20090120) MIME-Version: 1.0 Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, security-alerts@linuxsecurity.com X-Enigmail-Version: 0.95.7 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="————enig7908179A37B0D63E2981DCF1" X-IMAPbase: 1176125385 9175 Status: O X-UID: 9175 Content-Length: 3730 X-Keywords:

User-assisted execution of arbitrary code

[ GLSA 200905-02 ] Cscope: User-assisted execution of arbitrary code

Posted by Pierre-Yves Rofes on May 24

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Gentoo Linux Security Advisory GLSA 200905-02
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

URL: http://seclists.org/fulldisclosure/2009/May/0195.html

New cscope packages fix arbitrary code execution

[SECURITY] [DSA 1806-1] New cscope packages fix arbitrary code execution

Posted by Moritz Muehlenhoff on May 24

————————————————————————
Debian Security Advisory DSA-1806-1 security_at_debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
May 24, 2009 …

URL: http://seclists.org/fulldisclosure/2009/May/0193.html

1759 (dtorrent, ctorrent)

CVE-2009-1759 (dtorrent, ctorrent)

Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1759

[security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

Bugtraq: [security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

[security bulletin] HPSBMA02348 SSRT080033 rev.2 – HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

URL: http://www.securityfocus.com/archive/1/503429