Weekly Vulnerabilities Reports > January 9 to 15, 2012

Overview

32 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 38 products from 20 vendors including HP, IBM, Adobe, Microsoft, and Cogentdatahub. Vulnerabilities are notably categorized as "Cross-site Scripting", "Permissions, Privileges, and Access Controls", "Out-of-bounds Write", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Code Injection".

  • 28 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 30 reported vulnerabilities are exploitable by an anonymous user.
  • HP has the most reported vulnerabilities, with 6 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-15 CVE-2011-1377 IBM Unspecified vulnerability in IBM Websphere Application Server

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors.

10.0
2012-01-13 CVE-2012-0697 HP Path Traversal vulnerability in HP Storageworks P2000 G3 MSA

HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788.

10.0
2012-01-13 CVE-2011-4789 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Diagnostics

Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet.

10.0
2012-01-12 CVE-2012-0695 Google
Acer
Samsung
Remote Security vulnerability in Chrome Os

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

10.0
2012-01-10 CVE-2011-5059 Finaldraft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Finaldraft 8/8.01

Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002.

10.0
2012-01-10 CVE-2011-4371 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.8
2012-01-10 CVE-2011-4370 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.

9.8
2012-01-15 CVE-2012-0267 Ntrglobal Improper Input Validation vulnerability in Ntrglobal NTR Activex Control

The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.

9.3
2012-01-15 CVE-2012-0266 Ntrglobal Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ntrglobal NTR Activex Control

Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.

9.3
2012-01-12 CVE-2011-4787 HP Code Injection vulnerability in HP Easy Printer Care Software

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.

9.3
2012-01-12 CVE-2011-4786 HP Code Injection vulnerability in HP Easy Printer Care Software

A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.

9.3
2012-01-10 CVE-2012-0009 Microsoft Remote Code Execution vulnerability in Microsoft Windows Server 2003 and Windows XP

Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-002 'The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

9.3

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-13 CVE-2011-4788 HP Path Traversal vulnerability in HP products

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI.

7.8
2012-01-10 CVE-2011-4785 HP Information Exposure vulnerability in HP Hp-Chaisoe 1.0

Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on the HP LaserJet P3015 printer with firmware before 07.080.3, LaserJet 4650 printer with firmware 07.006.0, and LaserJet 2430 printer with firmware 08.113.0_I35128 allows remote attackers to read arbitrary files via unspecified vectors, a different vulnerability than CVE-2008-4419.

7.8
2012-01-14 CVE-2011-5061 Whmcs Code Injection vulnerability in Whmcs Whmcompletesolution

functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x allows remote attackers to trigger arbitrary code execution in the Smarty templating system by submitting a crafted ticket, related to improper handling of characters in the subject field.

7.5
2012-01-13 CVE-2011-3597 Gisle AAS Improper Input Validation vulnerability in Gisle AAS Digest

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

7.5
2012-01-10 CVE-2011-4373 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.

7.5
2012-01-10 CVE-2011-4372 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.

7.5

12 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-10 CVE-2011-5058 3Ssoftware Permissions, Privileges, and Access Controls vulnerability in 3Ssoftware Codesys 3.4

The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.

6.4
2012-01-15 CVE-2011-4868 ISC Resource Management Errors vulnerability in ISC Dhcp

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

6.1
2012-01-13 CVE-2012-0310 Cogentdatahub Code Injection vulnerability in Cogentdatahub Cascade Datahub, Cogent Datahub and OPC Datahub

CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

5.8
2012-01-13 CVE-2011-4057 Wibu Resource Management Errors vulnerability in Wibu Codemeter Runtime 4.10B/4.20A/4.30C

Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.

5.0
2012-01-13 CVE-2012-0030 Openstack Permissions, Privileges, and Access Controls vulnerability in Openstack Essex and Nova

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.

4.9
2012-01-13 CVE-2011-4925 Cluster Resources
Clusterresources
Permissions, Privileges, and Access Controls vulnerability in multiple products

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors.

4.9
2012-01-13 CVE-2011-2776 Robert Luberda Buffer Errors vulnerability in Robert Luberda Super 3.30.0

Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging.

4.4
2012-01-15 CVE-2011-5065 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 allows remote attackers to inject arbitrary web script or HTML via vectors related to web messaging.

4.3
2012-01-15 CVE-2011-1362 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 and 7.0 before 7.0.0.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-13 CVE-2012-0696 IBM Cross-Site Scripting vulnerability in IBM Cognos Executive Viewer and Cognos TM1

Multiple cross-site scripting (XSS) vulnerabilities in the Executive Viewer (EV) in IBM Cognos TM1 before 9.5 FP1 allow remote attackers to inject arbitrary web script or HTML via unspecified requests to (1) aspnet_client or (2) evserver/createcontrol.js.

4.3
2012-01-13 CVE-2012-0309 Cogentdatahub Cross-Site Scripting vulnerability in Cogentdatahub Cascade Datahub, Cogent Datahub and OPC Datahub

Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2012-01-10 CVE-2012-0007 Microsoft Cross-Site Scripting vulnerability in Microsoft Anti-Cross Site Scripting Library 3.1/4.0

The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."

4.3

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-13 CVE-2011-5060 Roderich Schupp Permissions, Privileges, and Access Controls vulnerability in Roderich Schupp Par-Packer Module

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.

3.3
2012-01-15 CVE-2011-5066 IBM Information Exposure vulnerability in IBM Websphere Application Server

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus (SIB) dump operation involving the First Failure Data Capture (FFDC) introspection code, which allows local users to obtain sensitive information by reading the FFDC log file.

2.1