Weekly Vulnerabilities Reports > April 9 to 15, 2012
Overview
58 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 70 products from 24 vendors including Microsoft, Wireshark, Novell, Koyo, and Freebsd. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Improper Input Validation", "Resource Management Errors", and "Cross-site Scripting".
- 50 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 55 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 11 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 6 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-04-13 | CVE-2012-1808 | Koyo | Improper Authentication vulnerability in Koyo products The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. | 10.0 |
2012-04-13 | CVE-2012-1805 | Koyo | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Koyo products Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters. | 10.0 |
2012-04-10 | CVE-2012-0776 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Acrobat and Acrobat Reader The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | 10.0 |
2012-04-10 | CVE-2012-0775 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
2012-04-10 | CVE-2012-0774 | Adobe | Numeric Errors vulnerability in Adobe Acrobat and Acrobat Reader Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. | 10.0 |
2012-04-10 | CVE-2012-1182 | Samba | Numeric Errors vulnerability in Samba The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. | 10.0 |
2012-04-09 | CVE-2011-3176 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Zenworks Configuration Management 11.1/11.1A Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request. | 10.0 |
2012-04-09 | CVE-2011-3175 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Zenworks Configuration Management 11.1/11.1A Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request. | 10.0 |
2012-04-11 | CVE-2012-1499 | Uclouvain | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote attackers to execute arbitrary code via a crafted palette index in a CMAP record of a JPEG image, which triggers memory corruption, aka "out-of heap-based buffer write." | 9.3 |
2012-04-10 | CVE-2012-0177 | Microsoft | Buffer Errors vulnerability in Microsoft Office, Works and Works 6-9 File Converter Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability." | 9.3 |
2012-04-10 | CVE-2012-0172 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Style Remote Code Execution Vulnerability." | 9.3 |
2012-04-10 | CVE-2012-0171 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability." | 9.3 |
2012-04-10 | CVE-2012-0170 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 6/7 Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability." | 9.3 |
2012-04-10 | CVE-2012-0169 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "JScript9 Remote Code Execution Vulnerability." | 9.3 |
2012-04-10 | CVE-2012-0163 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability." | 9.3 |
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-04-10 | CVE-2012-0158 | Microsoft | Code Injection vulnerability in Microsoft products The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." | 8.8 |
2012-04-13 | CVE-2011-4874 | Microsys | Resource Management Errors vulnerability in Microsys Promotic Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (data corruption and application crash) via a crafted project (aka .pra) file. | 7.9 |
2012-04-11 | CVE-2012-2210 | Sony | Resource Management Errors vulnerability in Sony Bravia TV Kdl32Cx525 The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116. | 7.8 |
2012-04-10 | CVE-2012-0151 | Microsoft | Improper Input Validation vulnerability in Microsoft products The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." | 7.8 |
2012-04-10 | CVE-2012-0168 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." | 7.6 |
2012-04-13 | CVE-2012-0036 | Curl | SQL Injection vulnerability in Curl and Libcurl curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. | 7.5 |
2012-04-13 | CVE-2011-1779 | Freebsd | Resource Management Errors vulnerability in Freebsd Libarchive 2.8.4/2.8.5 Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. | 7.5 |
2012-04-13 | CVE-2010-4666 | Freebsd | Buffer Errors vulnerability in Freebsd Libarchive 3.0 Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. | 7.5 |
2012-04-13 | CVE-2012-1806 | Koyo | Improper Authentication vulnerability in Koyo products The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. | 7.5 |
2012-04-11 | CVE-2012-2225 | 360Zip | Permissions, Privileges, and Access Controls vulnerability in 360Zip 1.93 360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction. | 7.5 |
2012-04-11 | CVE-2012-2224 | Xunlei | Code Injection vulnerability in Xunlei Thunder 7.2.6 Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitrary code via a crafted file, related to a "DLL injection vulnerability." | 7.5 |
2012-04-11 | CVE-2012-1673 | OLA Lasisi | SQL Injection vulnerability in OLA Lasisi E-Ticketing SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2012-04-11 | CVE-2012-1672 | Useasdf 4444 | SQL Injection vulnerability in Useasdf 4444 Hotel Booking Portal 0.1 SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter. | 7.5 |
25 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-04-13 | CVE-2011-1778 | Freebsd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd Libarchive Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. | 6.8 |
2012-04-13 | CVE-2011-1777 | Freebsd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Freebsd Libarchive Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. | 6.8 |
2012-04-12 | CVE-2011-3846 | HP | Cross-Site Request Forgery (CSRF) vulnerability in HP System Management Homepage 6.2.2.7 Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) 6.2.2.7 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts. | 6.8 |
2012-04-12 | CVE-2012-2230 | Cloudera | Cryptographic Issues vulnerability in Cloudera products Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574. | 6.5 |
2012-04-12 | CVE-2012-1574 | Apache Cloudera | Cryptographic Issues vulnerability in multiple products The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors. | 6.5 |
2012-04-11 | CVE-2012-0043 | Wireshark | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets. | 5.8 |
2012-04-10 | CVE-2012-0146 | Microsoft | Improper Input Validation vulnerability in Microsoft Forefront Unified Access Gateway 2010 Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability." | 5.8 |
2012-04-13 | CVE-2012-1809 | Koyo | Resource Management Errors vulnerability in Koyo products The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | 5.0 |
2012-04-13 | CVE-2011-4883 | Atvise | Improper Input Validation vulnerability in Atvise Webmi2Ads 1.0/2.0/2.0.1 The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly validate values in HTTP requests, which allows remote attackers to cause a denial of service (resource consumption) via a crafted request. | 5.0 |
2012-04-13 | CVE-2011-4882 | Atvise | Code Injection vulnerability in Atvise Webmi2Ads 1.0/2.0/2.0.1 The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to cause a denial of service (application exit) via an unspecified command in an HTTP request. | 5.0 |
2012-04-13 | CVE-2011-4881 | Atvise | Unspecified vulnerability in Atvise Webmi2Ads 1.0/2.0/2.0.1 The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 does not properly check return values from functions, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted HTTP request. | 5.0 |
2012-04-13 | CVE-2011-4880 | Atvise | Path Traversal vulnerability in Atvise Webmi2Ads 1.0/2.0/2.0.1 Directory traversal vulnerability in the web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 allows remote attackers to read arbitrary files via a crafted HTTP request. | 5.0 |
2012-04-11 | CVE-2012-1596 | Wireshark | Resource Management Errors vulnerability in Wireshark The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt. | 5.0 |
2012-04-10 | CVE-2012-0147 | Microsoft | Configuration vulnerability in Microsoft Forefront Unified Access Gateway 2010 Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability." | 5.0 |
2012-04-09 | CVE-2012-2215 | Novell | Path Traversal vulnerability in Novell Zenworks Configuration Management 11.1/11.1A Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request. | 5.0 |
2012-04-13 | CVE-2012-1807 | Koyo | Cross-Site Scripting vulnerability in Koyo products Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-04-11 | CVE-2012-2223 | Novell | Information Exposure vulnerability in Novell Zenworks Configuration Management The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors. | 4.3 |
2012-04-11 | CVE-2012-2156 | Plume CMS | Cross-Site Scripting vulnerability in Plume-Cms Plume CMS Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section. | 4.3 |
2012-04-11 | CVE-2012-1992 | Cmsmadesimple | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). | 4.3 |
2012-04-11 | CVE-2012-1036 | Dotnetnuke | Cross-Site Scripting vulnerability in Dotnetnuke Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message. | 4.3 |
2012-04-11 | CVE-2012-1030 | Dotnetnuke | Cross-Site Scripting vulnerability in Dotnetnuke 6.0.0/6.0.1/6.0.2 Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup. | 4.3 |
2012-04-11 | CVE-2012-0068 | Wireshark | Improper Input Validation vulnerability in Wireshark The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small. | 4.3 |
2012-04-11 | CVE-2012-0066 | Wireshark Redhat | Improper Input Validation vulnerability in multiple products Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a (1) Accellent 5Views (aka .5vw) file, (2) I4B trace file, or (3) NETMON 2 capture file. | 4.3 |
2012-04-11 | CVE-2012-0041 | Wireshark Redhat | Improper Input Validation vulnerability in multiple products The dissect_packet function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a long packet in a capture file, as demonstrated by an airopeek file. | 4.3 |
2012-04-09 | CVE-2011-4188 | Novell | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Novell Imanager Buffer overflow in the Create Attribute function in jclient in Novell iManager 2.7.4 before patch 4 allows remote authenticated users to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted EnteredAttrName parameter, a related issue to CVE-2010-1929. | 4.0 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-04-12 | CVE-2012-0133 | HP | Unspecified vulnerability in HP products HP ProCurve 5400 zl switches with certain serial numbers include a compact flash card that contains an unspecified virus, which might allow user-assisted remote attackers to execute arbitrary code on a PC by leveraging manual transfer of this card. | 3.7 |
2012-04-11 | CVE-2012-1594 | Wireshark | Code Injection vulnerability in Wireshark epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | 3.3 |
2012-04-11 | CVE-2012-1593 | Wireshark | Unspecified vulnerability in Wireshark epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet. | 3.3 |
2012-04-11 | CVE-2012-0042 | Wireshark Redhat | Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly perform certain string conversions, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet, related to epan/to_str.c. | 2.9 |
2012-04-09 | CVE-2012-0742 | IBM | Information Exposure vulnerability in IBM Tivoli Event Pump 4.2.2 IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and VALIDATE_SOAP_USERS options are enabled, places credentials into the AOPSCLOG (aka AOPLOG) data set, which allows local users to obtain sensitive information by reading the data. | 1.9 |