Weekly Vulnerabilities Reports > December 10 to 16, 2012
Overview
35 new vulnerabilities reported during this period, including 9 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 35 products from 17 vendors including Microsoft, XEN, Adobe, Layton Technology, and Google. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".
- 24 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 29 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
9 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-12-13 | CVE-2012-5680 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Camera RAW Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2012-12-12 | CVE-2012-5678 | Adobe Microsoft Linux Apple | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | 10.0 |
| 2012-12-12 | CVE-2012-5677 | Adobe Microsoft Linux Apple | Numeric Errors vulnerability in Adobe Air, AIR SDK and Flash Player Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2012-12-12 | CVE-2012-5676 | Adobe Microsoft Linux Apple | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2012-12-12 | CVE-2012-4786 | Microsoft | Code Injection vulnerability in Microsoft products The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." | 10.0 |
| 2012-12-10 | CVE-2012-5973 | CA | Code Injection vulnerability in CA Xcom Data Transport R11.0/R11.5 CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request. | 10.0 |
| 2012-12-12 | CVE-2012-4781 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability." | 9.3 |
| 2012-12-12 | CVE-2012-2539 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability." | 9.3 |
| 2012-12-12 | CVE-2012-1537 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability." | 9.3 |
4 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-12-13 | CVE-2012-4991 | Axway | Path Traversal vulnerability in Axway Securetransport Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI. | 8.5 |
| 2012-12-13 | CVE-2012-5679 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Camera RAW Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2012-12-12 | CVE-2012-4971 | Layton Technology | SQL Injection vulnerability in Layton Technology Helpbox 4.4.0 Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp. | 7.5 |
| 2012-12-11 | CVE-2012-4349 | Symantec | Local Privilege Escalation vulnerability in Symantec Network Access Control 12.1/12.1.1/12.1.1.1 Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors. | 7.2 |
19 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-12-12 | CVE-2012-4974 | Laytontechnology | Permissions, Privileges, and Access Controls vulnerability in Laytontechnology Helpbox 4.4.0 Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie. | 6.5 |
| 2012-12-12 | CVE-2012-2549 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012 The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." | 5.8 |
| 2012-12-13 | CVE-2012-3277 | HP | Denial of Service vulnerability in HP OpenVMS HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
| 2012-12-12 | CVE-2012-4977 | Layton Technology | Cryptographic Issues vulnerability in Layton Technology Helpbox 4.4.0 Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network. | 5.0 |
| 2012-12-12 | CVE-2012-4976 | Layton Technology | Information Exposure vulnerability in Layton Technology Helpbox 4.4.0 selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page. | 5.0 |
| 2012-12-11 | CVE-2012-6313 | Simple Gmail Login Wordpress | Information Exposure vulnerability in Simple Gmail Login 1.1.2 and 1.1.3 simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace. | 5.0 |
| 2012-12-10 | CVE-2012-6301 | Improper Input Validation vulnerability in Google Android 4.0.3 The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element. | 5.0 | |
| 2012-12-13 | CVE-2012-6333 | XEN | Resource Management Errors vulnerability in XEN Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input. | 4.7 |
| 2012-12-13 | CVE-2012-5525 | XEN | Local Denial of Service vulnerability in XEN 4.2.0 The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read. | 4.7 |
| 2012-12-13 | CVE-2012-5515 | XEN | Local Denial of Service vulnerability in Xen 'extent_order' Values The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value. | 4.7 |
| 2012-12-13 | CVE-2012-5514 | XEN | Local Denial of Service vulnerability in Xen The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors. | 4.7 |
| 2012-12-13 | CVE-2012-5511 | XEN | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image. | 4.7 |
| 2012-12-13 | CVE-2012-5510 | XEN | Local Denial of Service vulnerability in Xen Grant Table Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors. | 4.7 |
| 2012-12-13 | CVE-2011-3131 | XEN | Resource Management Errors vulnerability in XEN Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock. | 4.6 |
| 2012-12-12 | CVE-2012-5675 | Adobe | Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors. | 4.4 |
| 2012-12-12 | CVE-2012-4972 | Layton Technology | Cross-Site Scripting vulnerability in Layton Technology Helpbox 4.4.0 Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp. | 4.3 |
| 2012-12-11 | CVE-2012-6312 | Video Lead Form Wordpress | Cross-Site Scripting vulnerability in Video-Lead-Form Uk-Cookie Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php. | 4.3 |
| 2012-12-11 | CVE-2012-5956 | Zohocorp | Cross-Site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 5.6 Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element. | 4.3 |
| 2012-12-12 | CVE-2012-4975 | Layton Technology | Permissions, Privileges, and Access Controls vulnerability in Layton Technology Helpbox 4.4.0 editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter. | 4.0 |
3 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-12-12 | CVE-2012-4791 | Microsoft | Code Injection vulnerability in Microsoft Exchange Server 2007/2010 Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability." | 3.5 |
| 2012-12-13 | CVE-2012-5512 | Citrix | Configuration vulnerability in Citrix Xenserver 4.1.0 Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | 3.2 |
| 2012-12-13 | CVE-2012-3276 | HP | Configuration vulnerability in HP Openvms HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors. | 2.1 |