Weekly Vulnerabilities Reports > March 26 to April 1, 2012

Overview

48 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 37 products from 19 vendors including Cisco, Google, Opera, Apple, and Atmail. Vulnerabilities are notably categorized as "Resource Management Errors", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 44 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 4 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 47 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Adobe has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-31 CVE-2012-0127 HP Unspecified vulnerability in HP Performance Manager 9.00

Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2012-03-28 CVE-2012-0773 Adobe
Apple
Linux
Microsoft
SUN
Google
Buffer Errors vulnerability in Adobe AIR and Flash Player

The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2012-03-28 CVE-2012-0772 Adobe
Microsoft
Buffer Errors vulnerability in Adobe AIR and Flash Player

An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors.

10.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-29 CVE-2012-0384 Cisco Improper Privilege Management vulnerability in Cisco IOS XE

Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106.

8.5
2012-03-29 CVE-2012-1315 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in the SIP inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit SIP traffic, aka Bug ID CSCti46171.

7.8
2012-03-29 CVE-2012-1314 Cisco Resource Management Errors vulnerability in Cisco IOS 15.1/15.2

The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit traffic, aka Bug ID CSCtt45381.

7.8
2012-03-29 CVE-2012-1311 Cisco Resource Management Errors vulnerability in Cisco IOS and IOS XE

The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643.

7.8
2012-03-29 CVE-2012-1310 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536.

7.8
2012-03-29 CVE-2012-0388 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in the H.323 inspection feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed transit H.323 traffic, aka Bug ID CSCtq45553.

7.8
2012-03-29 CVE-2012-0387 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in the HTTP Inspection Engine feature in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted transit HTTP traffic, aka Bug ID CSCtq36153.

7.8
2012-03-29 CVE-2012-0386 Cisco Cryptographic Issues vulnerability in Cisco IOS and IOS XE

The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 and IOS XE 2.3.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S allows remote attackers to cause a denial of service (device reload) via a crafted username in a reverse SSH login attempt, aka Bug ID CSCtr49064.

7.8
2012-03-29 CVE-2012-0385 Cisco Improper Input Validation vulnerability in Cisco IOS

The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (device reload) by sending a malformed Smart Install message over TCP, aka Bug ID CSCtt16051.

7.8
2012-03-29 CVE-2012-0383 Cisco Resource Management Errors vulnerability in Cisco IOS 12.4/15.0/15.1

Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (memory consumption, and device hang or reload) via SIP packets that require translation, related to a "memory starvation vulnerability," aka Bug ID CSCti35326.

7.8
2012-03-29 CVE-2012-0382 Cisco Resource Exhaustion vulnerability in Cisco IOS XE

The Multicast Source Discovery Protocol (MSDP) implementation in Cisco IOS 12.0, 12.2 through 12.4, and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.1S and 3.1.xSG and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) via encapsulated IGMP data in an MSDP packet, aka Bug ID CSCtr28857.

7.8
2012-03-29 CVE-2012-0381 Cisco Cryptographic Issues vulnerability in Cisco IOS XE

The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429.

7.8
2012-03-30 CVE-2011-3064 Google
Apple
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

7.5
2012-03-27 CVE-2012-1916 Atmail Remote Security vulnerability in Atmail Open

@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/.

7.5
2012-03-29 CVE-2012-1312 Cisco Resource Management Errors vulnerability in Cisco IOS 15.1/15.2

The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to cause a denial of service (device reload) via crafted transit traffic, aka Bug IDs CSCtq64987 and CSCtu57226.

7.1

29 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-30 CVE-2011-3065 Google Integer Overflow OR Wraparound vulnerability in Google Chrome

Skia, as used in Google Chrome before 18.0.1025.142, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

6.8
2012-03-30 CVE-2011-3062 Google
Mozilla
Incorrect Calculation vulnerability in Google Chrome

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

6.8
2012-03-30 CVE-2011-3060 Google
Apple
Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8
2012-03-30 CVE-2011-3059 Google
Apple
Out-Of-Bounds Read vulnerability in Google Chrome

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8
2012-03-28 CVE-2007-6752 Drupal Cross-Site Request Forgery (CSRF) vulnerability in Drupal

** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in Drupal 7.12 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that end a session via the user/logout URI.

6.8
2012-03-28 CVE-2012-1925 Opera Unspecified vulnerability in Opera Browser

Opera before 11.62 does not ensure that a dialog window is placed on top of content windows, which makes it easier for user-assisted remote attackers to trick users into downloading and executing arbitrary files via a download dialog located under other windows.

6.8
2012-03-28 CVE-2012-1924 Opera Code Injection vulnerability in Opera Browser

Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.

6.8
2012-03-28 CVE-2012-1929 Opera
Apple
Improper Input Validation vulnerability in Opera Browser

Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.

6.4
2012-03-28 CVE-2012-1928 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.62 allows remote attackers to spoof the address field by triggering a page reload followed by a redirect to a different domain.

6.4
2012-03-28 CVE-2012-1927 Opera Improper Input Validation vulnerability in Opera Browser

Opera before 11.62 allows remote attackers to spoof the address field by triggering the launch of a dialog window associated with a different domain.

6.4
2012-03-27 CVE-2012-1919 Atmail Code Injection vulnerability in Atmail Open

CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to conduct directory traversal attacks and read arbitrary files via a %0A sequence followed by a ..

6.4
2012-03-28 CVE-2007-6753 Microsoft Unspecified vulnerability in Microsoft products

Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.

6.2
2012-03-30 CVE-2011-3061 Google Improper Certificate Validation vulnerability in Google Chrome

Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

5.8
2012-03-28 CVE-2012-0126 HP Remote Unauthorized Access vulnerability in HP Hp-Ux 11.11/11.23

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 and 11.23 allows remote attackers to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0125.

5.8
2012-03-31 CVE-2012-1670 Phpgradebook Information Exposure vulnerability in PHPgradebook PHP Grade Book 1.9.3

admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action.

5.0
2012-03-28 CVE-2012-1926 Opera Information Exposure vulnerability in Opera Browser

Opera before 11.62 allows remote attackers to bypass the Same Origin Policy via the (1) history.pushState and (2) history.replaceState functions in conjunction with cross-domain frames, leading to unintended read access to history.state information.

5.0
2012-03-27 CVE-2012-1920 Atmail Information Exposure vulnerability in Atmail Open

@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function.

5.0
2012-03-27 CVE-2012-1918 Atmail Path Traversal vulnerability in Atmail Open

Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allow remote attackers to read arbitrary files via a ..

5.0
2012-03-27 CVE-2012-1917 Atmail Path Traversal vulnerability in Atmail Open

compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences in the unique parameter, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ..././ (dot dot dot slash dot slash) sequence.

5.0
2012-03-26 CVE-2012-1573 GNU Cryptographic Issues vulnerability in GNU Gnutls

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

5.0
2012-03-26 CVE-2012-1569 GNU Numeric Errors vulnerability in GNU Gnutls and Libtasn1

The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure.

5.0
2012-03-26 CVE-2012-0256 Apache Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apache Traffic Server

Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.

5.0
2012-03-28 CVE-2012-1931 Opera
Unix
Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing.

4.6
2012-03-28 CVE-2012-1930 Opera
Unix
Permissions, Privileges, and Access Controls vulnerability in Opera Browser

Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files.

4.6
2012-03-30 CVE-2011-3063 Google Improper Input Validation vulnerability in Google Chrome

Google Chrome before 18.0.1025.142 does not properly validate the renderer's navigation requests, which has unspecified impact and remote attack vectors.

4.3
2012-03-30 CVE-2011-3058 Google
Apple
Cross-Site Scripting vulnerability in Google Chrome

Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

4.3
2012-03-28 CVE-2012-1907 Privawall Permissions, Privileges, and Access Controls vulnerability in Privawall Antivirus 5.6

The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document.

4.3
2012-03-28 CVE-2012-1904 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer and Realplayer SP

mp4fformat.dll in the QuickTime File Format plugin in RealNetworks RealPlayer 15 and earlier, and RealPlayer SP 1.1.4 Build 12.0.0.756 and earlier, allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP4 file.

4.3
2012-03-28 CVE-2012-1570 Maradns Unspecified vulnerability in Maradns

The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-03-28 CVE-2012-0125 HP Local Unauthorized Access vulnerability in HP Hp-Ux 11.31

Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 allows local users to obtain access to diagnostic information via unknown vectors, a related issue to CVE-2012-0126.

3.3