Friday, June 30, 2006

This Week in Vulnerabilities

1) OpenOffice.org 2.0.3 - Three security vulnerabilites that have been found through internal security audits. Although there are currently no known exploits, we urge all users of 2.0.x prior to 2.0.2 to upgrade to the new version or install their vendor's patches accordingly. Patches for users of OpenOffice.org 1.1.5 will be available shortly.

2) F-Secure Multiple Products Scan Evasion Vulnerabilities - Multiple products by F-Secure are prone to scan-evasion vulnerabilities.Exploitation of these vulnerabilities may result in a false sense of security and in the execution of malicious applications. This could potentially lead to a malicious code infection. This was repoted by the vendor. Short and simple answer - upgrade.

3) Microsoft Internet Explorer 6 PoCs - Two vulnerabilities in Internet Explorer were published yesterday to the Full-Disclosure mailing list along with their associated PoC code.

A critically rated IE vulnerability in the use of HTA applications (CLSID 3050f4d8-98B5-11CF-BB82-00AA00BDCE0B) to trick a user into opening a file by double clicking it. The file has to be accessible through either SMB or, according to the advisory, WebDAV, and can be located on a remote site. The currently available version of PoC that was published is limited in that it requires the user to double click on an icon to execute a potentially malicious payload, but we can expect to find creative use of this exploit in the wild very soon. The workaround for this appears to be disabling active scripting.

The second vulnerability is related to the handling of the object.documentElement.outerHTML property. The abuse of this property will allow an attacker to retrieve remote content in the context of the web page which is being currently viewed by the user. This vulnerability can be potentially nasty as attackers can use it to retrieve data from other web sites user is logged into (for example, webmail) and harvest user credentials. Several handlers have spent a little more time validating this particular issue and while it is a subtle exploit and rated a lower level risk, this issue has raised some of our neck hairs.

4) Apple Mac OS X Format String Bug in launchd (PoC) - Another Mac OS X expoit from KF. Nice work man.

5) Apple Mac OS X ImageIO Stack Overflow in Processing TIFF Images - A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create a specially crafted TIFF image file that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

6) Microsoft Internet Explorer 7 Denial of Service (PoC) - Microsoft Internet Explorer 7 is prone to a denial-of-service vulnerability when parsing certain HTML content.Successfully exploiting this issue allows attackers to consume excessive CPU resources in affected browsers, denying service to legitimate users.

7) Microsoft Office - This whole month has been a bad one for the Microsoft Office team. With 3 or 4 seperate vulnerabilities discovered. Keep searching guys.....

------------------

It would appear that the Google SoC students are making some great progress on the beloved Nmap scanner. Nmap 4.11 was released recently.

Look for 4.20 Soon. It is currently Aphla2.

"Making the world a safer place through exploitation."
-Technocrat

No comments:

Post a Comment