Weekly Vulnerabilities Reports > June 8 to 14, 2009

Overview

10 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 13 vendors including Debian, Canonical, Apple, Opensuse, and Microsoft. Vulnerabilities are notably categorized as "Use of Uninitialized Resource", "Use After Free", "Out-of-bounds Write", "Missing Authentication for Critical Function", and "XXE".

  • 4 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 7 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

9 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-10 CVE-2009-1123 Microsoft Unspecified vulnerability in Microsoft products

The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."

7.8
2009-06-10 CVE-2009-0557 Microsoft Code Injection vulnerability in Microsoft products

Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."

7.8
2009-06-10 CVE-2009-0563 Microsoft Out-of-bounds Write vulnerability in Microsoft products

Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."

7.8
2009-06-08 CVE-2008-6828 Symantec Cleartext Storage of Sensitive Information vulnerability in Symantec Altiris Deployment Solution

Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the Application Identity Account password in memory in cleartext, which allows local users to gain privileges and modify clients of the Deployment Solution Server.

7.8
2009-06-08 CVE-2008-6827 Symantec Missing Authentication for Critical Function vulnerability in Symantec Altiris Deployment Solution

The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function.

7.8
2009-06-12 CVE-2009-1837 Mozilla
Debian
Fedoraproject
Redhat
Use After Free vulnerability in multiple products

Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.

7.5
2009-06-10 CVE-2009-1699 Apple
Canonical
Opensuse
XXE vulnerability in multiple products

The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."

7.5
2009-06-09 CVE-2009-0949 Apple
Canonical
Debian
Opensuse
Suse
Use of Uninitialized Resource vulnerability in multiple products

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.

7.5
2009-06-08 CVE-2009-1955 Apache
Apple
Suse
Debian
Canonical
Fedoraproject
Oracle
XML Entity Expansion vulnerability in multiple products

The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.

7.5

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-06-08 CVE-2009-1961 Linux
Debian
Canonical
Opensuse
Suse
Improper Locking vulnerability in multiple products

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

4.7

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS