Bricked HP Notebooks, IBM BoF, Cisco DoS

IBM Lotus Domino Web Access is vulnerable to a buffer overflow. An ActiveX control (dwa7.dwa7.1) is responsible for this error. This can be exploited remotely and successful exploitation could result in the execution of arbitrary code. The vulnerability is reported in dwa7W.dll version 7.0.34.1. Users should set the kill bit for this ActiveX control until an update is made available.

More issues with HP notebooks. Another buffer overflow has been discovered in the HP Software Update that could result in the modification of system files resulting in a non bootable system. Every HP machine containing the HP Software Update is vulnerable. A working POC exploit has been released to the public. At this time there is no update available.

Finally, there is a Denial of Service in Cisco Firewall Services Module. This is a result of an error processing data with Layer 7 application inspections. The vulnerability is reported in FWSM System Software version 3.2(3). Cisco has made an update and workaround available at http://www.cisco.com/warp/public/707/cisco-sa-20071219-fwsm.shtml

Leave a Reply