Windows Workstation Service NetrWkstaUserEnum Denial of Service

Affected OS:Microsoft Windows 2000 Advanced ServerMicrosoft Windows 2000 Datacenter ServerMicrosoft Windows 2000 ProfessionalMicrosoft Windows 2000 ServerMicrosoft Windows XP Home EditionMicrosoft Windows XP Professional h07 has discovered a weakness in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error in the Workstation service when handling NetrWkstaUserEnum RPC requests with a large value in the maxlen field. Successful exploitation causes svchost.exe to consume a large amount of memory and may result in the system becoming temporarily unresponsive. The weakness is confirmed on a fully patched Windows XP … Continue reading Windows Workstation Service NetrWkstaUserEnum Denial of Service

Microsoft Windows MessageBoxA Denial of Service Vulnerability

Microsoft Windows is prone to a local denial-of-service vulnerability because the operating system fails to handle certain API calls with unexpected parameters. A local unprivileged attacker may exploit this issue by executing a malicious application. Successful exploits will crash the operating system, denying further service to legitimate users. http://www.securityfocus.com/bid/21688/info

NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory

Affected Products: ESET NOD32 AntivirusVulnerability: Arbitrary Code Execution (remote) Risk: HIGH Vendor communication:2006/08/24 initial notification of ESET 2006/08/28 ESET Response2006/08/29 PGP keys exchange2006/08/29 PoC files sent to ESET2006/09/06 ESET initial feedback.2006/09/08 ESET confirmed the bug and fixed2006/09/08 ESET made available the updates Description:Multiple vulnerabilities have been found in the file parsing engine. In detail, the following flaw was determined: – Divide by Zero in .CHM file parsing.– Heap Overflow through Integer Overflow in .DOC File Parsing The .DOC problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerabilities.The vulnerabilities are … Continue reading NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory

CA Portal Technology Session Handling Vulnerability;CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities

Affected Software: CA BrightStor Portal 11.xCA CleverPath Aion 10.xCA CleverPath Portal 4.xCA eTrust Security Command Center 1.xCA eTrust Security Command Center 8.xCA Unicenter Asset Portfolio Management 11.xCA Unicenter Database Command Center 11.xCA Unicenter Database Management Portal 11.xCA Unicenter Enterprise Job Manager 1.xCA Unicenter Management Portal 11.xCA Unicenter Management Portal 2.xCA Unicenter Management Portal 3.xCA Unicenter Workload Control Center 1.x A vulnerability has been reported in CA’s Portal technology, which potentially can be exploited by malicious users to bypass certain security restrictions. The problem is that when multiple Portal servers share a common data source, a malicious user may be be … Continue reading CA Portal Technology Session Handling Vulnerability;CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability;Apple released security fixes

Apple Mac OS X is prone to an information-disclosure vulnerability. Attackers may exploit this issue by convincing victims into visiting a malicious website. Exploiting this issue may allow remote attackers to capture images rendered locally on screen that may contain sensitive information. Vulnerable:  Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 http://www.securityfocus.com/bid/21672/info Solution: Install Security Update 2006-008 update, see http://docs.info.apple.com/article.html?artnum=61798  

Microsoft Security Bulletin Revised: MS06-078

MS06-078 – Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)http://www.microsoft.com/technet/security/bulletin/MS06-078.mspx?pubDate=2006-12-19 Revisions: V2.0 (December 19, 2006): Bulletin updated has been revised and re-released for the Korean only package on Microsoft Windows Media Runtime Format 7.1 and 9.0 Series Runtime on Windows 2000 Service Pack 4 to address the issues identified in Microsoft Knowledge Base Article 923689. Additional clarity around file versions in the “I’ve installed the Windows Media Format Runtime security update. What version of Windows Media Format Runtime should I have installed?” in the “Frequently Asked Questions (FAQ) Related to this Security Update” section.

Mozilla Foundation Security Advisories (Dec. 19, 2006)

MFSA 2006-76 XSS using outer window’s Function objectMFSA 2006-75 RSS Feed-preview referrer leakMFSA 2006-74 Mail header processing heap overflowsMFSA 2006-73 Mozilla SVG Processing Remote Code ExecutionMFSA 2006-72 XSS by setting img.src to javascript: URIMFSA 2006-71 LiveConnect crash finalizing JS objectsMFSA 2006-70 Privilege escallation using watch pointMFSA 2006-69 CSS cursor image buffer overflow (Windows only)MFSA 2006-68 Crashes with evidence of memory corruption (rv:1.8.0.9/1.8.1.1)Details on the above advisories at:http://www.mozilla.org/security/announce/ Security Alerts & Announcements:http://www.mozilla.org/security/ Security Update (December 19, 2006): Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these udpates as soon as possible. … Continue reading Mozilla Foundation Security Advisories (Dec. 19, 2006)

Winamp Web Interface Multiple Vulnerabilities

Winamp Web Interface (Wawi) is “a nice open source plugin for Winamp which allows the remote administration of the media player through any web browser”. The Winamp Web Interface, WAWI for short, has been found to contain multiple vulnerabilities that would allow a remote attacker to overflow the internal buffers used by the product and cause it to read arbitrary file and display them. Vulnerable Systems: * Winamp Web Interface version 7.5.13 and prior http://www.securiteam.com/windowsntfocus/6Z00A2KHQG.html

Intel 2200BG W29N51.SYS Driver Beacon Frame Race Condition

Breno Silva Pinto has reported a vulnerability in Intel 2200BG drivers, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a race condition when W29N51.SYS handles multiple beacon frames. This can be exploited to overwrite certain kernel memory structures via sending multiple specially crafted beacon frames to the wireless card. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 9.0.3.9. Other versions may also be affected. Solution: Turn off the wireless card when not in use.http://secunia.com/advisories/23338/

Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service

http://www.securitytracker.com/alerts/2006/Dec/1017397.html A vulnerability was reported in Microsoft Outlook. A remote user can cause denial of service conditions. A remote user can create specially crafted HTML that, when loaded by the target user, will invoke a Microsoft Outlook ActiveX component (Outlook Recipient Control) and cause Internet Explorer to hang. shinnai reported this vulnerability. The original advisory and a demonstration exploit is available at: http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8 Impact:  A remote user can create HTML that, when loaded by the target user, will cause Internet Explorer to hang.Solution:  No solution was available at the time of this entry.