New Vulnerability Coverage
| Threat Type: |
Multiple Vulnerabilities |
IPS Definition
Database Versions: |
2.490 - 2.494 |
| Coverage Release Date: |
Apr 15, 2008 - Apr 29, 2008 |
| Published Date: |
Wednesday, April 30, 2008 |
| Version #: |
1 |
| |
| Severity |
Number of
Vulnerabilities |
Active
Exploitation |
| Critical | 28 | 3 |
| High | 17 | 7 |
| Medium | 11 | 2 |
| Low | 4 | 1 |
| Info | 1 | n/a |
| Total | 61 | 13 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover
multiple vulnerabilities. The FortiGuard Team has observed
13 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at
www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the
2.494 IPS Definitions database update.
A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 18 )
Description:
This indicates an attempt to exploit a heap overflow vulnerability in Apple Quicktime.
The vulnerability can be triggered when parsing .mov file 'crgn' atoms, resulting in a heap based buffer overflow. Viewing a maliciously crafted MOV image may lead to arbitrary code execution.
Affected Products:
Apple Quicktime 7.4.1 or prior.
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Apple QuickTime.
Apple QuickTime before 7.3 contains a buffer overflow vulnerability. It occurs when processing "panorama sample atoms" in QuickTime Virtual Reality (QTVR) movie files. A remote attacker can exploit this vulnerability by tricking the target user into opening a crafted movie file. Successful exploitation may lead to arbitrary code execution in the security context of the logged in user.
Affected Products:
Apple Computer - Mac OS X (10.3.9)
Apple Computer - Mac OS X (10.4.9)
Apple Computer - Mac OS X (10.5)
Apple Computer - Quicktime (prior to 7.3)
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Apple QuickTime.
The vulnerability occurs in quickTime.qts while parsing corrupted ".pict" files. The module contains a vulnerable memory copy loop which searches for a terminator value. When this value is changed or omitted, heap corruption occurs, allowing the execution of arbitrary code.
Affected Products:
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Reference IDs:
|
Description:
This indicates an attempt to exploit a code injection vulnerability in Apple QuickTime.
The vulnerability allows remote attackers to cause arbitrary code to be injected and executed via an invalid "Atom size" field in a .QTIF image file. The code is executed in the security context of the current user.
Affected Products:
prior to Apple QuickTime Player 7.4.
Reference IDs:
|
Description:
This indicates an heap overflow vulnerability in Borland VisiBroker.
The vulnerability is caused by an input validation error in Smart Agent (osagent.exe) while processing malformed "DSRequest" packet. It allows remote attackers to execute arbitrary code via a crafted request.
Affected Products:
Borland VisiBroker version 08.00.00.C1.03 and prior
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Cisco Secure Access Control Server (ACS) for Windows.
The vulnerability is in the User-Changeable Password (UCP) application, a set of CGI programs and web site contents installed on Microsoft IIS. The CGI program "CSUserCGI.exe" is vulnerable to multiple buffer overflows that occur
before the authentication process. A remote attacker can exploit these to gain control of vulnerable systems.
Affected Products:
Cisco ACS UCP versions older than 4.2.
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Cisco Unified Communications Manager and CallManager.
The vulnerability is a heap based buffer overflow in the Certificate Trust List (CTL) Provider service. It allows remote attackers to cause a denial of service or execute arbitrary code via an excessively long request.
Affected Products:
Unified CallManager 4.0 and 4.1 prior to 4.1(3)SR5c
Unified Communications Manager 4.2 prior to 4.2(3)SR3
Unified Communications Manager 4.3 prior to 4.3(1)SR1
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in the IrfanView FlashPix Plug-In.
The FlashPix plugin for IrfanView has a vulnerability which allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, resulting in a heap based buffer overflow.
Affected Products:
IrfanView FlashPix Plug-In v3.9.8.0 or prior.
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Excel.
The vulnerability is a result of the software's failure or correctly handle conditional formatting values. It can lead to an exploitable stack overrun when processing conditional formatting BIFF records from a worksheet in the Workbook stream.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Reference IDs:
|
Description:
This indicates an attempt to exploit a vulnerability in Microsoft Excel that may allow an attacker to take complete control of an affected system.
The vulnerability exists in the way Excel handles Formula data when opening an Excel file. The vulnerability is caused by a memory handling error in Excel if a user opens a specially crafted Excel file when validating Style record information.
Affected Products:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
2007 Microsoft Office System
Microsoft Office Excel Viewer 2003
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Microsoft Excel 2000 Service Pack 3
Microsoft Excel 2002 Service Pack 3
Microsoft Excel 2003 Service Pack 2
Microsoft Excel 2007
Reference IDs:
|
Description:
This indicates an attempt to exploit a vulnerability in Microsoft Excel that may allow an attacker to take complete control of an affected system.
The vulnerability exists in the way Excel handles Style record data when opening an Excel file. The vulnerability is caused by a memory handling error in Excel if a user opens a specially crafted Excel file when validating Style record information.
Affected Products:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
2007 Microsoft Office System
Microsoft Office Excel Viewer 2003
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Reference IDs:
|
Description:
This indicates an attempt to exploit a code execution vulnerability in Microsoft Outlook.
The vulnerability is caused by an input validation error in Outlook, that can occur when handling a "mailto" URI. It allows remote attackers to execute arbitrary code via a specially crafted "mailto" URI.
Affected Products:
Microsoft Office 2000 SP3
Microsoft Office XP SP3
Microsoft Office 2003 SP2
2007 Microsoft Office System
Reference IDs:
|
Description:
This indicates a buffer overflow vulnerability in Novell eDirectory.
This vulnerability is caused by a buffer error when processing overly large LDAP Extended Request messages, which could be exploited by remote attackers to crash an affected application or execute arbitrary code.
Affected Products:
Novell eDirectory 8.8.1
Novell eDirectory 8.7.3 9
Novell eDirectory 8.7.3 .8 pre-SP9
Novell eDirectory 8.7.3 .8
Novell eDirectory 8.7.3
Novell eDirectory 8.7.1 SU1
Novell eDirectory 8.7.1
Novell eDirectory 8.7
Novell eDirectory 8.6.2
Novell eDirectory 8.5.27
Novell eDirectory 8.5.12 a
Novell eDirectory 8.5
Novell eDirectory 8.0
Novell eDirectory 8.8
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Novell GroupWise.
The vulnerability is caused by a buffer overflow error that occurs when parsing an email message containing an "IMG" tag with an overly long "SRC" parameter. It can be exploited by attackers to crash the application or execute arbitrary code by tricking a user into forwarding or replying to a specially crafted HTML message.
Affected Products:
Novell Groupwise 6.5.6
Reference IDs:
|
Description:
This indicates an attempt to exploit a heap overflow vulnerability in SAP message server.
The vulnerability is caused by an input validation error that occurs in "/msgserver/html/group" while handling the group parameter. It allows remote attackers to execute arbitrary code via a a long string in the group parameter.
Affected Products:
SAP Message Server
Reference IDs:
|
Description:
This indicates an attempt to exploit an arbitrary code execution vulnerability in Sun JDK and JRE.
The vulnerability is a result of the software's failure to properly process XSLT stylesheets contained in XSLT Transforms, in XML Signatures. An attacker can exploit this by using a crafted XML file to execute arbitrary code with the permissions of the application processing it.
Affected Products:
Sun Java JDK versions 1.6.x
Sun Java JRE versions 1.6.x / 6.x
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Symantec Backup Exec for Windows.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "Save" method. It allows a remote attacker to execute arbitrary code via a crafted web page.
Affected Products:
Symantec Backup Exec for Windows Servers 12.0
Symantec Backup Exec for Windows Servers 11d
Reference IDs:
|
Description:
This indicates an attempt to exploit an arbitrary file upload vulnerability in Timbuktu Pro.
The Timbuktu Pro software contains an arbitrary file upload vulnerability which may allow an attacker to upload an executable to a startup directory of a victim's machine or upload fake system DLLs.
Affected Products:
Timbuktu Pro 8.6.5 for Windows.
Timbuktu Pro 8.7 for Mac OS X may also be vulnerable.
Reference IDs:
|
High ( 9 )
Description:
This indicates an attempt to exploit a stack based buffer overflow vulnerability in mplayer2.exe in Microsoft Windows Media Player 6.4.
This vulnerability is caused by boundry errors that occur when handling some atoms of mp4 files. It allow remote attackers to execute arbitrary code via a specially crafted .mp4 file.
Affected Products:
3ivx MPEG-4 5.0.1
Reference IDs:
|
Description:
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in the ACal Calendar Project.
The vulnerability is due to an error in the "login.php" script. The script relies on the "ACalAuthenticate" cookie parameter to determine if a user has been successfully authenticated. This can be exploited by remote attackers to bypass the authentication process and gain unauthorized access to the application, by setting the "ACalAuthenticate" parameter to "inside".
Affected Products:
ACal Project 2.2.5
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a buffer overflow vulnerability in CA BrightStor.
The vulnerabilities are in the "LISTCTRL.ListCtrlCtrl.1" ActiveX control in ListCtrl.ocx. It results from the application's failure to bounds check user supplied input, leading to buffer overflow. As a result a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.
Affected Products:
BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager.
The vulnerability is in OVAS.EXE, and is caused by a faulty user input check of the HTTP URL length. It can be triggered by an overly long HTTP GET request sent to port 7510/TCP. As a result, a remote attacker may be able to execute arbitrary code.
Affected Products:
Openview 7.5.1 and prior.
Reference IDs:
|
Description:
This indicates a format string vulnerability in McAfee ePolicy Orchestrator.
McAfee ePolicy Orchestrator does not properly validate user controlled input. Specially crafted user supplied strings can allow a remote attacker to execute arbitrary code.
Affected Products:
McAfee ePolicy Orchestrator 4.0 and prior.
McAfee Common Management Agent 3.6.0.574(patch 3) and prior.
Reference IDs:
|
Description:
This indicates an attempt to exploit a denial of service vulnerability in the JavaScript engine in Mozilla products.
The vulnerability may allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener and other vectors.
Affected Products:
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 7.04 sparc
Ubuntu Ubuntu Linux 7.04 powerpc
Ubuntu Ubuntu Linux 7.04 i386
Ubuntu Ubuntu Linux 7.04 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux Optional Productivity Application 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Mozilla Thunderbird 2.0 9
Mozilla Thunderbird 2.0 8
Mozilla Thunderbird 2.0 .6
Mozilla Thunderbird 2.0 .5
Mozilla Thunderbird 2.0 .4
Mozilla SeaMonkey 1.1.7
Mozilla SeaMonkey 1.1.6
Mozilla SeaMonkey 1.1.5
Mozilla SeaMonkey 1.1.4
Mozilla SeaMonkey 1.1.3
Mozilla SeaMonkey 1.1.2
Mozilla SeaMonkey 1.1.1
Mozilla Firefox 2.0 8
Mozilla Firefox 2.0 .9
Mozilla Firefox 2.0 .7
Mozilla Firefox 2.0 .6
Mozilla Firefox 2.0 .5
Mozilla Firefox 2.0 .4
Mozilla Firefox 2.0 .3
Mozilla Firefox 2.0 .10
Mozilla Firefox 2.0 .1
Mozilla Firefox 2.0.0.3
Mozilla Firefox 2.0.0.2
Mozilla Firefox 2.0.0.11
Mozilla Firefox 2.0.0.10
Mozilla Firefox 2.0.0.10
Mozilla Firefox 2.0 RC3
Mozilla Firefox 2.0 RC2
Mozilla Firefox 2.0 beta 1
Mozilla Firefox 2.0
Foresight Linux Foresight Linux 1.1
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a denial of service vulnerability in DivX Web Player.
The vulnerability can be exploited by invoking the GoWindowed method for the DivXBrowserPlugin ActiveX object (npdivx32.dll).
Affected Products:
DivX Inc. DivX Web Player 1.2
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in Rising Antivirus Web Scan.
There is a design error in the Rising Web Scan Object ActiveX control in 'OL2005.dll' that can lead to remote code execution. The software can be forced to update itself from a malicious location controlled by the attacker.
Affected Products:
Rising Antivirus International Rising Web Scan Object 'OL2005.dll' 18.0 7
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Tumbleweed SecureTransport, a Managed File Transfer solution.
The Tumbleweed SecureTransport ActiveX component is vulnerable to a buffer overflow when an overly long argument is passed in the "remoteFile" argument to the method "TransferFile()". An attacker can execute arbitrary remote code by forging a malicious HTML page.
Affected Products:
Tumbleweed SecureTransport 4.6.1
Reference IDs:
|
Medium ( 6 )
Description:
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Apache HTTP Server.
The vulnerability is due to lack of validation of user supplied input data. It may be exploited by remote attackers to execute arbitrary HTML code on a target user's web browser, within the context of a trusted web site.
Affected Products:
Apache HTTP Server, 1.3.0 to 1.3.9
Apache HTTP Server, 2.0.35 to 2.2.6
Reference IDs:
|
Description:
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Apache HTTP Server.
The vulnerability is due to the software's failure to validate user supplied input data. It can be exploited by an attacker to execute arbitrary HTML code on a victim's web browser, within the context of a trusted web site.
Affected Products:
Apache HTTP Server, 1.3
Apache HTTP Server, 1.3.1
Apache HTTP Server, 1.3.11
Apache HTTP Server, 1.3.12
Apache HTTP Server, 1.3.14
Apache HTTP Server, 1.3.17
Apache HTTP Server, 1.3.18
Apache HTTP Server, 1.3.19
Apache HTTP Server, 1.3.20
Apache HTTP Server, 1.3.22
Apache HTTP Server, 1.3.23
Apache HTTP Server, 1.3.24
Apache HTTP Server, 1.3.25
Apache HTTP Server, 1.3.26
Apache HTTP Server, 1.3.27
Apache HTTP Server, 1.3.28
Apache HTTP Server, 1.3.29
Apache HTTP Server, 1.3.3
Apache HTTP Server, 1.3.31
Apache HTTP Server, 1.3.32
Apache HTTP Server, 1.3.33
Apache HTTP Server, 1.3.34
Apache HTTP Server, 1.3.35
Apache HTTP Server, 1.3.35dev
Apache HTTP Server, 1.3.36
Apache HTTP Server, 1.3.37
Apache HTTP Server, 1.3.39
Apache HTTP Server, 2.0
Apache HTTP Server, 2.0 A9
Apache HTTP Server, 2.0.28
Apache HTTP Server, 2.0.28 Beta
Apache HTTP Server, 2.0.32
Apache HTTP Server, 2.0.35
Apache HTTP Server, 2.0.36
Apache HTTP Server, 2.0.37
Apache HTTP Server, 2.0.38
Apache HTTP Server, 2.0.39
Apache HTTP Server, 2.0.40
Apache HTTP Server, 2.0.41
Apache HTTP Server, 2.0.42
Apache HTTP Server, 2.0.43
Apache HTTP Server, 2.0.44
Apache HTTP Server, 2.0.45
Apache HTTP Server, 2.0.46
Apache HTTP Server, 2.0.47
Apache HTTP Server, 2.0.48
Apache HTTP Server, 2.0.49
Apache HTTP Server, 2.0.50
Apache HTTP Server, 2.0.51
Apache HTTP Server, 2.0.52
Apache HTTP Server, 2.0.53
Apache HTTP Server, 2.0.54
Apache HTTP Server, 2.0.55
Apache HTTP Server, 2.0.56 Dev
Apache HTTP Server, 2.0.58
Apache HTTP Server, 2.0.59
Apache HTTP Server, 2.0.60 Dev
Apache HTTP Server, 2.0.61 Dev
Apache HTTP Server, 2.2.0
Apache HTTP Server, 2.2.2
Apache HTTP Server, 2.2.3
Apache HTTP Server, 2.2.4
Apache HTTP Server, 2.2.5
Apache HTTP Server, 2.2.5 Dev
Apache HTTP Server, 2.2.6
Apache HTTP Server, 2.2.6 Dev
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox.
Multiple vulnerabilities have been identified in Mozilla Firefox and SeaMonkey. They can be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system.
Affected Products:
Mozilla SeaMonkey versions prior to 1.1.9
Mozilla Firefox versions prior to 2.0.0.13
Mozilla Thunderbird versions prior to 2.0.0.13
Reference IDs:
|
Description:
This indicates an attempt to exploit a memory corruption vulnerability in Microsoft Visio.
The vulnerability is caused by an input validation error that occurs in DWGDP.DLL while processing malformed DXF files. It allows remote attackers to crash the vulnerable software or execute arbitrary code via a crafted DXF file.
Affected Products:
Microsoft Office XP SP3
Microsoft Office 2003 SP2
Microsoft Office 2003 SP3
2007 Microsoft Office System
2007 Microsoft Office System SP1
Reference IDs:
|
Description:
This indicates a possible Denial of Service vulnerability in the processing of the val parameter by Novell GroupWise Messenger.
Novell Messenger is a cross-platform instant messaging product that is based on Novell eDirectory. Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allow remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter.
Affected Products:
Novell GroupWise Messenger 2.0
Novell GroupWise Messenger 1.0
Reference IDs:
|
Description:
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in ActiveCalendar.
The vulnerability is due to input validation errors in various scripts (e.g. "data/flatevents.php") when processing the "css" parameter. It can be exploited by attackers to cause malicious scripting code to be executed by the user's browser.
Affected Products:
Active Calendar 1.2.0
Reference IDs:
|
Low ( 2 )
Description:
This indicates an attempt to exploit a denial of service vulnerability in Microsoft Internet Explorer
The vulnerability is a result of a NULL pointer dereference error in the Microsoft Data Access ActiveX "msado15.dll" object. It can be triggered by a specially crafted "ADODB.Recordset Filter Property". It can be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a malicious web page.
Affected Products:
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a vulnerability in the way Postfix handles the relaying of e-mail messages.
In certain configurations Postfix becomes an open relay for mail addressed to an MX host with IPv6 addresses. An attacker can bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
Affected Products:
Wietse Venema Postfix 2.1.3
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux AS 4
RedHat Desktop 4.0
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new
vectors of exploitation are discovered. The table below details the
security content enhanced with this release.
Critical ( 13 )
High ( 9 )
Medium ( 6 )
Low ( 2 )
Info ( 17 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes
to monitor exploit activity. Vulnerabilities can be classified as
active and given a magnitude level. The magnitude level is the rate
of activity across the probes. The value of the magnitude is set to
low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin
and their corresponding exploit activity magnitude. The data below is
as of this writing.
Critical ( 3 of 27 )
High ( 6 of 16 )
Medium ( 1 of 8 )
Low ( 1 of 3 )
Top of Section
Document History
| Revision Date |
Version Number |
|
| Wednesday, April 30, 2008 |
1 |
Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
