Tag Archives: bof

Symantec Internet Security 2008 Vulnerable ActiveX

Posted on by
Reply

There appears to be two vulnerable ActiveX controls in Symantec Internet Security 2008. The following ActiveX controls are vulnerable:

Progid: SymAData.ActiveDataInfo.1

Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8

File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll

Version: 2.7.0.1 

  Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8
  File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll
  Version 2.7.0.1


These ActiveX are marked safe for scripting by Symantec. According to Symantec, although they are marked safe for scripting, they will only run from the “symantec.com” domain. Successful exploitation would require the use of XSS or DNS poisoning techniques, but could allow for complete control over a users system simply by viewing a malicious page. Symantec has issued updates to fix these vulnerabilities.

					

		
		
	


				
					
	

		

						
Panda Dos

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

Panda Antivirus and Firewall is vulnerable to a denial of service and system compromise. The kernel driver included with Panda Antivirus and Firewall 2008 does not handle IOCTL requests correctly. This can result in a local denial of service or execution of code on the local system. There is currently a hotfix available for this issue. If you, or anyone you know, runs Panda Antivirus give them a heads up to run the update utility. 

					

		
		
	


				
					
	

		

						
WMWare ESX Multiple Vulns, Novell iPrint Remote Code

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

VMWare ESX is vulnerable to multiple issues, including the bypassing of security restrictions, system compromise, denial of service, and the disclosure of sensitive information. Currently, VMWare ESX 2.x and 3.x are vulnerable. VMWare has released a patch for this issue, available from www.vmware.com.

Novell iPrint Client is vulnerable to remote exploitation. The vulnerability lies in the active control ienipp.ocx and can be exploited remotely  to cause a stack based buffer overflow. This has been confirmed in version 4.26 and 4.32. Novell recommends all users update to version 4.34.

					

		
		
	


				
					
	

		

						
Opera Multiple Vulns, Lotus Notes Java Compromise

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

Multiple vulnerabilities in the Opera web browser have been reported. These vulnerabilities could allow for the execution of arbitrary script code, conduct cross site scripting, force a user to upload files, and bypass security restrictions. These vulnerabilities are reported in versions prior to 9.26. Version 9.26 is available at the time of this writing. Anyone using this software should upgrade as soon as possible.

If you’re running IBM Lotus Notes with “Enable Java access from JavaScript” enabled, then you are vulnerable to remote compromise. The vulnerability is reported in versions 6.5.6 and 7.0. Reportedly, the vulnerability has been fixed in version 7.0.2. Also, the vendor suggests disabling the above option.

					

		
		
	


				
					
	

		

						
IBM DB2 and Kerio MailServer DoS

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

Some vulnerabilities have been reported in IBM/DB2. While one of the vulnerabilities is unspecified, the other is a result of an unspecified error during a CONNECT/ATTACH process, that can cause a denial of service. Administrators of DB2 systems should apply Fixpak 4a.

Kerio MailServer 6.x (prior to 6.5) contains multiple vulnerabilities. These vulnerabilities could cause a buffer overflow, leading to system compromise, or a denial of service.  Kerio has made a newer version available at http://www.kerio.com/kms_download.html

					

		
		
	


				
					
	

		

						
Mozilla Vulnerabilities

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

Mozilla Firefox, Thunderbird, and SeaMonkey contain multiple vulnerabilities. These vulnerabilities could allow attackers to execute code remotely, cause a DoS, access sensitive information, and in general control your browsing. The vulnerabilities are in version 2.0.0.11 and prior. Thunderbird 2.0.0.9 and SeaMonkey 1.1.7 are vulnerable to many of the same issues. Mozilla has made upgrade available.

					

		
		
	


				
					
	

		

						
Oracle Prerelease Info, Tivoli Bof

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

There’s a vulnerability in Oracle Siebel SimBuilder that could allow for remote system compromise. This vulnerability is related to a vulnerability in NCTAudioFile2.dll.  The vulnerability affects version version 7.8.5 build 2635. Other version have not been tested so they may be vulnerable as well.  Users should disable the affected ActiveX control.  If you are affected by this and would like more information please feel free to contact us.

Tivoli Storage Manager Express is vulnerable to a heap based buffer overflow. This can be exploited by a malicious user on the network to cause code execution under the SYSTEM user. Versions of the software prior to 5.3.7.3 are affected. Administrators of this software should apply the updates available at ftp://service.boulder.ibm.com/storage/tivoli-storage-management/patches/express/NT/5.3.7.3/

Also, Oracle will be releasing critical patch updates Tuesday, January 15th. Several critical vulnerabilities in database software and application servers are expected to be announced. We will provide more details as they are made available.

					

		
		
	


				
					
	

		

						
Bricked HP Notebooks, IBM BoF, Cisco DoS

			
						

				Posted on   by  			

			
						

				Reply			

					


				

			

IBM Lotus Domino Web Access is vulnerable to a buffer overflow. An ActiveX control (dwa7.dwa7.1) is responsible for this error. This can be exploited remotely and successful exploitation could result in the execution of arbitrary code. The vulnerability is reported in dwa7W.dll version 7.0.34.1. Users should set the kill bit for this ActiveX control until an update is made available.


More issues with HP notebooks. Another buffer overflow has been discovered in the HP Software Update that could result in the modification of system files resulting in a non bootable system. Every HP machine containing the HP Software Update is vulnerable. A working POC exploit has been released to the public. At this time there is no update available.


Finally, there is a Denial of Service in Cisco Firewall Services Module. This is a result of an error processing data with Layer 7 application inspections. The vulnerability is reported in FWSM System Software version 3.2(3). Cisco has made an update and workaround available at http://www.cisco.com/warp/public/707/cisco-sa-20071219-fwsm.shtml