Weekly Vulnerabilities Reports > December 10 to 16, 2012

Overview

47 new vulnerabilities reported during this period, including 19 critical vulnerabilities and 4 high severity vulnerabilities. This weekly summary report vulnerabilities in 43 products from 21 vendors including Microsoft, Google, XEN, Adobe, and Opensuse. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Cross-site Scripting".

  • 35 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 40 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

19 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-13 CVE-2012-5680 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Camera RAW

Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2012-12-12 CVE-2012-5678 Adobe
Microsoft
Linux
Google
Apple
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

10.0
2012-12-12 CVE-2012-5677 Adobe
Microsoft
Linux
Google
Apple
Numeric Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2012-12-12 CVE-2012-5676 Adobe
Microsoft
Linux
Google
Apple
Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player

Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors.

10.0
2012-12-12 CVE-2012-5144 Canonical
Libav
Google
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN."

10.0
2012-12-12 CVE-2012-5143 Opensuse
Google
Integer Overflow OR Wraparound vulnerability in multiple products

Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.

10.0
2012-12-12 CVE-2012-5142 Google
Opensuse
Code Injection vulnerability in Google Chrome

Google Chrome before 23.0.1271.97 does not properly handle history navigation, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

10.0
2012-12-12 CVE-2012-5141 Opensuse
Google
Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors.
10.0
2012-12-12 CVE-2012-5140 Google
Opensuse
USE After Free vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader.

10.0
2012-12-12 CVE-2012-5139 Opensuse
Google
USE After Free vulnerability in multiple products

Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to visibility events.

10.0
2012-12-12 CVE-2012-4786 Microsoft Code Injection vulnerability in Microsoft products

The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."

10.0
2012-12-10 CVE-2012-5973 CA Code Injection vulnerability in CA Xcom Data Transport R11.0/R11.5

CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.

10.0
2012-12-12 CVE-2012-4787 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/9

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Counting Use After Free Vulnerability."

9.3
2012-12-12 CVE-2012-4782 Microsoft Resource Management Errors vulnerability in Microsoft Internet Explorer 10/9

Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."

9.3
2012-12-12 CVE-2012-4781 Microsoft Code Injection vulnerability in Microsoft Internet Explorer

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "InjectHTMLStream Use After Free Vulnerability."

9.3
2012-12-12 CVE-2012-4774 Microsoft Code Injection vulnerability in Microsoft products

Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."

9.3
2012-12-12 CVE-2012-2556 Microsoft Code Injection vulnerability in Microsoft products

The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."

9.3
2012-12-12 CVE-2012-2539 Microsoft Resource Management Errors vulnerability in Microsoft products

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote Code Execution Vulnerability."

9.3
2012-12-12 CVE-2012-1537 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Directx

Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."

9.3

4 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-13 CVE-2012-4991 Axway Path Traversal vulnerability in Axway Securetransport

Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.

8.5
2012-12-13 CVE-2012-5679 Adobe Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Camera RAW

Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows attackers to execute arbitrary code via unspecified vectors.

7.5
2012-12-12 CVE-2012-4971 Layton Technology SQL Injection vulnerability in Layton Technology Helpbox 4.4.0

Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.

7.5
2012-12-11 CVE-2012-4349 Symantec Local Privilege Escalation vulnerability in Symantec Network Access Control 12.1/12.1.1/12.1.1.1

Unquoted Windows search path vulnerability in Symantec Network Access Control (SNAC) 12.1 before RU2 allows local users to gain privileges via unspecified vectors.

7.2

21 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-13 CVE-2012-5513 XEN Improper Input Validation vulnerability in XEN

The XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.

6.9
2012-12-12 CVE-2012-4974 Laytontechnology Permissions, Privileges, and Access Controls vulnerability in Laytontechnology Helpbox 4.4.0

Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie.

6.5
2012-12-12 CVE-2012-2549 Microsoft Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012

The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability."

5.8
2012-12-13 CVE-2012-3277 HP Denial of Service vulnerability in HP OpenVMS

HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2012-12-12 CVE-2012-4977 Layton Technology Cryptographic Issues vulnerability in Layton Technology Helpbox 4.4.0

Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.

5.0
2012-12-12 CVE-2012-4976 Layton Technology Information Exposure vulnerability in Layton Technology Helpbox 4.4.0

selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.

5.0
2012-12-11 CVE-2012-6313 Simple Gmail Login
Wordpress
Information Exposure vulnerability in Simple Gmail Login 1.1.2 and 1.1.3

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace.

5.0
2012-12-10 CVE-2012-6301 Google Improper Input Validation vulnerability in Google Android 4.0.3

The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.

5.0
2012-12-13 CVE-2012-6333 XEN Resource Management Errors vulnerability in XEN

Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.

4.7
2012-12-13 CVE-2012-5525 XEN Local Denial of Service vulnerability in XEN 4.2.0

The get_page_from_gfn hypercall function in Xen 4.2 allows local PV guest OS administrators to cause a denial of service (crash) via a crafted GFN that triggers a buffer over-read.

4.7
2012-12-13 CVE-2012-5515 XEN Local Denial of Service vulnerability in Xen 'extent_order' Values

The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.

4.7
2012-12-13 CVE-2012-5514 XEN Local Denial of Service vulnerability in Xen

The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.

4.7
2012-12-13 CVE-2012-5511 XEN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in XEN

Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.

4.7
2012-12-13 CVE-2012-5510 XEN Local Denial of Service vulnerability in Xen Grant Table

Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

4.7
2012-12-13 CVE-2011-3131 XEN Resource Management Errors vulnerability in XEN

Xen 4.1.1 and earlier allows local guest OS kernels with control of a PCI[E] device to cause a denial of service (CPU consumption and host hang) via many crafted DMA requests that are denied by the IOMMU, which triggers a livelock.

4.6
2012-12-12 CVE-2012-5675 Adobe Permissions, Privileges, and Access Controls vulnerability in Adobe Coldfusion

Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to bypass intended shared-hosting sandbox permissions via unspecified vectors.

4.4
2012-12-12 CVE-2012-4972 Layton Technology Cross-Site Scripting vulnerability in Layton Technology Helpbox 4.4.0

Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp.

4.3
2012-12-11 CVE-2012-6312 Video Lead Form
Wordpress
Cross-Site Scripting vulnerability in Video-Lead-Form Uk-Cookie

Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.

4.3
2012-12-11 CVE-2012-5956 Zohocorp Cross-Site Scripting vulnerability in Zohocorp Manageengine Assetexplorer 5.6

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the DocRoot/Computer_Information/output element.

4.3
2012-12-13 CVE-2012-5966 D Link Permissions, Privileges, and Access Controls vulnerability in D-Link Dsl-2730U

The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command.

4.0
2012-12-12 CVE-2012-4975 Layton Technology Permissions, Privileges, and Access Controls vulnerability in Layton Technology Helpbox 4.4.0

editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.

4.0

3 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-12-12 CVE-2012-4791 Microsoft Code Injection vulnerability in Microsoft Exchange Server 2007/2010

Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."

3.5
2012-12-13 CVE-2012-5512 Citrix Configuration vulnerability in Citrix Xenserver 4.1.0

Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.

3.2
2012-12-13 CVE-2012-3276 HP Configuration vulnerability in HP Openvms

HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via unspecified vectors.

2.1