Weekly Vulnerabilities Reports > May 25 to 31, 2009
Overview
57 new vulnerabilities reported during this period, including 17 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 59 products from 42 vendors including Collector, Aten, Sangoma, Nullsoft, and SUN. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "SQL Injection", "Cross-site Scripting", "Improper Authentication", and "Cryptographic Issues".
- 53 reported vulnerabilities are remotely exploitables.
- 33 reported vulnerabilities have public exploit available.
- 23 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 52 reported vulnerabilities are exploitable by an anonymous user.
- Collector has the most reported vulnerabilities, with 6 reported vulnerabilities.
- Nullsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
17 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-29 | CVE-2009-1830 | Slsknet | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Slsknet Soulseek 156/157Ns Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query. | 10.0 |
2009-05-28 | CVE-2008-6816 | Eaton | Improper Authentication vulnerability in Eaton Network Shutdown Module Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | 10.0 |
2009-05-27 | CVE-2009-1477 | Aten | Cryptographic Issues vulnerability in Aten products The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer. | 10.0 |
2009-05-27 | CVE-2009-1473 | Aten | Cryptographic Issues vulnerability in Aten Kh1516I IP KVM Switch and Kn9116 IP KVM Switch The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations." | 10.0 |
2009-05-27 | CVE-2009-1472 | Aten | Cryptographic Issues vulnerability in Aten Kh1516I IP KVM Switch and Kn9116 IP KVM Switch The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java code, or (2) gain access to machines connected to the switch, by hijacking a session. | 10.0 |
2009-05-26 | CVE-2008-3870 | SUN | Numeric Errors vulnerability in SUN Solaris 8.0/9.0 Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | 10.0 |
2009-05-26 | CVE-2008-3869 | SUN | Buffer Errors vulnerability in SUN Solaris 8.0/9.0 Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. | 10.0 |
2009-05-26 | CVE-2009-1636 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Groupwise Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command. | 10.0 |
2009-05-29 | CVE-2009-1831 | Nullsoft | Numeric Errors vulnerability in Nullsoft Winamp The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow. | 9.3 |
2009-05-29 | CVE-2009-1792 | Stonetrip | OS Command Injection vulnerability in Stonetrip S3Dplayer Standalone and S3Dplayer web The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | 9.3 |
2009-05-29 | CVE-2009-1537 | Microsoft | Remote Code Execution vulnerability in Microsoft DirectX DirectShow QuickTime Video Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." Per: http://www.microsoft.com/technet/security/advisory/971778.mspx "Microsoft is aware of limited, active attacks that use this exploit code. | 9.3 |
2009-05-29 | CVE-2009-1817 | Digimode10 | Buffer Errors vulnerability in Digimode10 Maya 1.0.2 Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file. | 9.3 |
2009-05-29 | CVE-2009-1815 | Sonicspot | Buffer Errors vulnerability in Sonicspot Audioactive Player 1.93B Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file. | 9.3 |
2009-05-28 | CVE-2009-1807 | Baofeng | Unspecified vulnerability in Baofeng Storm Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. | 9.3 |
2009-05-28 | CVE-2009-1806 | IBM | Unspecified vulnerability in IBM Hardware Management Console 7.3.4.0 Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. | 9.3 |
2009-05-26 | CVE-2009-1791 | Mega Nerd Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value. | 9.3 |
2009-05-26 | CVE-2009-1788 | Mega Nerd Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value. | 9.3 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-27 | CVE-2009-1474 | Aten | Cryptographic Issues vulnerability in Aten Kh1516I IP KVM Switch and Kn9116 IP KVM Switch The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not (1) encrypt mouse events, which makes it easier for man-in-the-middle attackers to perform mouse operations on machines connected to the switch by injecting network traffic; and do not (2) set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 7.6 |
2009-05-29 | CVE-2009-1822 | Joomla Gonzalo Maser | Code Injection vulnerability in Gonzalo Maser COM Artforms 2.1B7 Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php. | 7.5 |
2009-05-29 | CVE-2009-1819 | 2Daybiz | SQL Injection vulnerability in 2Daybiz Custom T-Shirt Design Script SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-05-29 | CVE-2009-1818 | Maxcms | SQL Injection vulnerability in Maxcms 2.0 SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action. | 7.5 |
2009-05-29 | CVE-2009-1816 | Mygamescript | SQL Injection vulnerability in Mygamescript MY Game Script 2.0 SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). | 7.5 |
2009-05-29 | CVE-2009-1814 | Jevontech | SQL Injection vulnerability in Jevontech PHPenpals SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2009-05-29 | CVE-2009-1813 | Submitterscript | SQL Injection vulnerability in Submitterscript 2 Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field). | 7.5 |
2009-05-28 | CVE-2009-1804 | Videoscript | SQL Injection vulnerability in Videoscript Youtube Video Script Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
2009-05-28 | CVE-2009-1800 | Chinagames | Buffer Errors vulnerability in Chinagames Igame 2009 Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. | 7.5 |
2009-05-26 | CVE-2009-1787 | Phpdirsubmit | SQL Injection vulnerability in PHPdirsubmit PHP DIR Submit Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters. | 7.5 |
2009-05-26 | CVE-2009-1634 | Novell | Multiple Security vulnerability in Novell GroupWise WebAccess The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 does not properly implement session management mechanisms, which allows remote attackers to gain access to user accounts via unspecified vectors. | 7.5 |
2009-05-29 | CVE-2009-1824 | Arcabit | Improper Input Validation vulnerability in Arcabit products The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs. | 7.2 |
2009-05-26 | CVE-2009-1476 | Darren Reed | Buffer Errors vulnerability in Darren Reed Ipfilter 4.1.31 Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL. | 7.2 |
26 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-26 | CVE-2009-1786 | IBM | Race Condition vulnerability in IBM AIX 5.3/6.1 The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | 6.9 |
2009-05-28 | CVE-2009-1802 | Freepbx Sangoma | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact. | 6.8 |
2009-05-28 | CVE-2009-1799 | Sebastian Thiele | SQL Injection vulnerability in Sebastian-Thiele St-Gallery 0.1Alpha Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php. | 6.8 |
2009-05-28 | CVE-2008-6814 | JAN DE Graaff Mambo | Improper Input Validation vulnerability in JAN DE Graaff COM Simpleboard Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. | 6.8 |
2009-05-29 | CVE-2009-1826 | Collector | Improper Authentication vulnerability in Collector Mygesuad 0.9.14 modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | 6.5 |
2009-05-27 | CVE-2009-0588 | Redhat | Unspecified vulnerability in Redhat Certificate System and Dogtag Certificate System agent/request/op.cgi in the Registration Authority (RA) component in Red Hat Certificate System (RHCS) 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field. | 6.5 |
2009-05-29 | CVE-2009-1812 | Collector | SQL Injection vulnerability in Collector Mygesuad 0.9.14 Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php. | 6.0 |
2009-05-29 | CVE-2009-1810 | Collector | SQL Injection vulnerability in Collector Mycolex 1.4.2 Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | 6.0 |
2009-05-29 | CVE-2009-1829 | Wireshark | Denial of Service vulnerability in Wireshark PCNFSD Dissector Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets. | 5.0 |
2009-05-29 | CVE-2009-1828 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. | 5.0 |
2009-05-29 | CVE-2009-1827 | Mozilla | Resource Management Errors vulnerability in Mozilla Firefox 3.0.4 The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop." | 5.0 |
2009-05-29 | CVE-2009-1821 | Dmxready | Permissions, Privileges, and Access Controls vulnerability in Dmxready Registration Manager 1.1 DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb. | 5.0 |
2009-05-28 | CVE-2009-1384 | Redhat Eyrie | Improper Authentication vulnerability in Eyrie Pam-Krb5 2.2.14/2.3/2.3.4 pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | 5.0 |
2009-05-28 | CVE-2009-1803 | Freepbx Sangoma | Information Exposure vulnerability in multiple products FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | 5.0 |
2009-05-28 | CVE-2008-6815 | Myktools | Improper Authentication vulnerability in Myktools 2.4 mykdownload.php in MyKtools 2.4 does not require administrative authentication, which allows remote attackers to read a database backup by making a direct request, and then sending an unspecified request to the download page for the backup. | 5.0 |
2009-05-26 | CVE-2009-1375 | Pidgin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. | 5.0 |
2009-05-26 | CVE-2009-1374 | Pidgin | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pidgin Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. | 5.0 |
2009-05-28 | CVE-2009-1808 | Microsoft | Denial-Of-Service vulnerability in Windows XP Professional Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call. | 4.9 |
2009-05-29 | CVE-2009-1820 | 2Daybiz | Cross-Site Scripting vulnerability in 2Daybiz Custom T-Shirt Design Script Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
2009-05-29 | CVE-2009-1811 | Collector | Cross-Site Scripting vulnerability in Collector Mygesuad 0.9.14 Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php. | 4.3 |
2009-05-29 | CVE-2009-1809 | Collector | Cross-Site Scripting vulnerability in Collector Mycolex 1.4.2 Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php. | 4.3 |
2009-05-28 | CVE-2009-1801 | Freepbx Sangoma | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. | 4.3 |
2009-05-26 | CVE-2009-1796 | SUN | Cross-Site Scripting vulnerability in SUN Java System Portal Server 6.3.1/7.1/7.2 Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. | 4.3 |
2009-05-26 | CVE-2009-1790 | CGI Rescue | Cross-Site Scripting vulnerability in CGI Rescue Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2009-05-26 | CVE-2009-1789 | Eggheads Philip Moore | Remote Denial Of Service vulnerability in Eggdrop 'ctcpbuf' mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. | 4.3 |
2009-05-29 | CVE-2009-1825 | Collector | Improper Authentication vulnerability in Collector Mycolex 1.4.2 modules/admuser.php in myColex 1.4.2 does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action. | 4.0 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2009-05-29 | CVE-2009-1823 | Drupal | Cross-Site Scripting vulnerability in Drupal Print Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575. | 2.6 |