New Vulnerability Coverage
| Threat Type: |
Multiple Vulnerabilities |
IPS Definition
Database Versions: |
2.495 - 2.499 |
| Coverage Release Date: |
May 01, 2008 - May 14, 2008 |
| Published Date: |
Wednesday, May 14, 2008 |
| Version #: |
1 |
| |
| Severity |
Number of
Vulnerabilities |
Active
Exploitation |
| Critical | 22 | 8 |
| High | 23 | 7 |
| Medium | 9 | 4 |
| Low | 3 | 1 |
| Info | 2 | n/a |
| Total | 59 | 20 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover
multiple vulnerabilities. The FortiGuard Team has observed
20 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at
www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the
2.499 IPS Definitions database update.
A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 8 )
Description:
This indicates an attempt to exploit a heap overflow vulnerability in Borland StarTeam 2008.
The vulnerability is caused by an error in the deserialization function (tmsg50.dll). It can occur while processing malformed "PROJECT_LOGIN" and "SET_SERVER_ACL" commands. It allows remote attackers to execute arbitrary code via a crafted request.
Affected Products:
Borland StarTeam 2008 version 10.0.0.57 and prior.
Reference IDs:
|
Description:
This indicates an attempt to exploit an integer overflow vulnerability in Clam AntiVirus (ClamAV).
The vulnerability is caused by an integer overflow error that occurs in the "libclamav/pe.c" file when handling certain PE files. It can be exploited to crash the application or execute arbitrary code.
Affected Products:
ClamAV prior to 0.92.1
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in
Corel WordPerfect Office X3.
The vulnerability allows remote attackers to cause a buffer overflow via a long printer selection (PRS) name in a Wordperfect document(.wpd). Successful exploitation allows execution of arbitrary code.
Affected Products:
Corel WordPerfect Office X3 13.0.565.
Reference IDs:
|
Description:
This indicates an attempt to exploit a vulnerability in Microsoft Excel 2000 and Office for Mac 2004 and 2008.
The vulnerability is a result of the software's failure to properly import malformed .SLK files. It allows user assisted remote attackers to execute arbitrary code via a crafted .SLK file.
Affected Products:
Microsoft Excel 2000 SP3
Office for Mac 2004 and 2008
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a remote code execution vulnerability in Microsoft Office Web Components.
The "DataSourceControl" object in the Office Web Components Library 9 (MSOWC.DLL), shipped with Office 2000 and Office XP, contains a vulnerability which allows remote attackers to control the path of file creation on the local computer. A user's computer can be compromised when browsing a malicious site that invokes the OWC functionality.
Affected Products:
Microsoft Office Web Components 2000
+ Microsoft Back Office Server 2000
+ Microsoft BizTalk Server 2000 Developer Edition SP2
+ Microsoft BizTalk Server 2000 Developer Edition SP1a
+ Microsoft BizTalk Server 2000 Developer Edition
+ Microsoft BizTalk Server 2000 Enterprise Edition SP2
+ Microsoft BizTalk Server 2000 Enterprise Edition SP1a
+ Microsoft BizTalk Server 2000 Enterprise Edition
+ Microsoft BizTalk Server 2000 Standard Edition SP2
+ Microsoft BizTalk Server 2000 Standard Edition SP1a
+ Microsoft BizTalk Server 2000 Standard Edition
+ Microsoft BizTalk Server 2002 Developer Edition
+ Microsoft BizTalk Server 2002 Enterprise Edition
+ Microsoft Commerce Server 2000 SP2
+ Microsoft Commerce Server 2000 SP1
+ Microsoft Commerce Server 2000
+ Microsoft Commerce Server 2002
+ Microsoft Internet Explorer for Unix SP2
+ Microsoft ISA Server 2000 SP2
+ Microsoft ISA Server 2000 SP1
+ Microsoft ISA Server 2000 FP1
+ Microsoft ISA Server 2000
+ Microsoft ISA Server 2000 Enterprise Edition SP2
+ Microsoft ISA Server 2000 Enterprise Edition SP1
+ Microsoft ISA Server 2000 Enterprise Edition
+ Microsoft Office 2000 SP2
+ Microsoft Office 2000 SP1
+ Microsoft Office 2000
+ Microsoft Office XP SP3
+ Microsoft Office XP SP2
+ Microsoft Office XP SP1
+ Microsoft Office XP
+ Microsoft Small Business Server 2000
+ Microsoft Visual Studio .NET 2002
+ Microsoft Visual Studio .NET 2003 Enterprise Architect
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a buffer overflow vulnerability in Windows Kodak Image Viewer.
A remote code execution vulnerability exists in the way that the Kodak Image Viewer handles image files. An attacker may be able to exploit this vulnerability by constructing a specially crafted image file that allows remote code execution. The exploit can be triggered when a user visits a web site and views a specially crafted image file, or opens an e-mail attachment.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Reference IDs:
|
Description:
This indicates an attempt to exploit remote command execution in rpc.yupdated.
There exists a vulnerability in Network Information Service (NIS) update daemon. Due to insufficient user input validation, a remote attacker can execute arbitrary commands with root privileges on a target system.
Affected Products:
Sun SunOS 4.1.4 -JL
Sun SunOS 4.1.4
Sun SunOS 4.1.3 c
Sun SunOS 4.1.3 _U1
Sun SunOS 4.1.3
Sun SunOS 4.1.2
Sun SunOS 4.1.1
Sun SunOS 4.1 PSR_A
Sun SunOS 4.1
Sun Solaris 9
Sun Solaris 8
Sun Solaris 10
SGI IRIX 6.0.1 XFS
SGI IRIX 6.0.1
SGI IRIX 6.0
SGI IRIX 5.3 XFS
SGI IRIX 5.3
SGI IRIX 5.2
SGI IRIX 5.1.1
SGI IRIX 5.1
SGI IRIX 5.0.1
SGI IRIX 5.0
SGI IRIX 4.0.5 IPR
SGI IRIX 4.0.5 H
SGI IRIX 4.0.5 G
SGI IRIX 4.0.5 F
SGI IRIX 4.0.5 E
SGI IRIX 4.0.5 D
SGI IRIX 4.0.5 A
SGI IRIX 4.0.5 (IOP)
SGI IRIX 4.0.5
SGI IRIX 4.0.4 T
SGI IRIX 4.0.4 B
SGI IRIX 4.0.4
SGI IRIX 4.0.3
SGI IRIX 4.0.2
SGI IRIX 4.0.1 T
SGI IRIX 4.0.1
SGI IRIX 4.0
SGI IRIX 3.3.3
SGI IRIX 3.3.2
SGI IRIX 3.3.1
SGI IRIX 3.3
SGI IRIX 3.2
NEC UX/4800 (64)
NEC UP-UX/V (Rel4.2MP)
NEC EWS-UX/V (Rel4.2MP)
NEC EWS-UX/V (Rel4.2)
IBM AIX 4.1
IBM AIX 3.2
HP HP-UX 10.20
HP HP-UX 10.10
HP HP-UX 10.1 0
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Sybase MobiLink.
The vulnerability is caused by a buffer overflow error in the MobiLink component, when processing overly long data (username, version or remote ID) sent to port 2439/TCP. It can be exploited by remote unauthenticated attackers to crash the application or execute arbitrary code.
Affected Products:
Sybase MobiLink 10.0.1.3629
Reference IDs:
|
High ( 6 )
Description:
This indicates an attempt to exploit a parameter injection vulnerability in Akamai Download Manager.
The vulnerability is caused by an input validation error in Akamai Download Manager ActiveX Control 2.2.3.5, that occurs when processing some parameters. It allows remote attackers to save a downloaded file to an arbitrary location by tricking a user into visiting a malicious web page.
Affected Products:
Akamai Download Manager ActiveX Control 2.2.3.5
|
Description:
This indicates an attempt to exploit a heap overflow vulnerability in Apple Quicktime.
The vulnerability in Quicktime can be exploited when parsing Kodak encoded images, resulting in a heap buffer overflow. Viewing a maliciously crafted PICT image may lead to unexpected application termination or arbitrary code execution.
Affected Products:
Apple Quicktime 7.4.1 and prior.
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in Asterisk.
The vulnerability is caused by a stack based buffer overflow in the process_sdp function in chan_sip.c. It allows remote attackers to execute arbitrary code by sending a specific sip "INVITE" message with long value of the attribute "T38FaxRateManagement".
Affected Products:
Asterisk AsteriskNow Beta 5
Asterisk Asterisk 1.4.2
Asterisk Asterisk 1.4.1
Asterisk Asterisk 1.4 Beta
Asterisk Appliance Developers Kit 0.3
Reference IDs:
|
Description:
This indicates a buffer overflow vulnerability in IBM's Informix Dynamic Server.
The vulnerability is caused by an input validation error in oninit.exe that can be triggered when processing an overly long password. It allows remote attackers to execute arbitrary code via a crafted request packet sent to tcp port 1526.
Affected Products:
IBM Informix IDS 9.40 .UC3
IBM Informix IDS 9.40 .UC2
IBM Informix IDS 9.40 .UC1
IBM Informix IDS 9.3
IBM Informix IDS 9.40 xC7
IBM Informix IDS 9.40 .xD8
IBM Informix IDS 9.40 .UC5
IBM Informix IDS 9.40 .TC5
IBM Informix IDS 9.4
IBM Informix IDS 7.31 .xD9
IBM Informix IDS 7.31 .xD8
IBM Informix IDS 7.3
IBM Informix IDS 11.10.xC2
IBM Informix IDS 11.10
IBM Informix IDS 10.00.xC8
IBM Informix IDS 10.00.xC7W1
IBM Informix IDS 10.0 xC3
IBM Informix IDS 10.0 .xC4
IBM Informix IDS 10.0
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in PHP.
The vulnerability may allow attackers to execute arbitrary code on remote systems by including PHP sequences in some parameters.
Affected Products:
Any website that runs any PHP software which allows remote code execution is vulnerable.
|
Description:
This indicates a possible attempt to exploit a memory corruption vulnerability in RealNetworks' RealPlayer.
The vulnerability is in the 'rmoc3260.dll' ActiveX control. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.
Affected Products:
RealNetworks rmoc3260.dll 6.0.10 45
RealNetworks RealPlayer 11
Reference IDs:
|
Medium ( 4 )
Description:
This indicates an attempt to exploit a Denial of Service vulnerability in the SMB service of Microsoft Vista.
The vulnerability in the SMB service can be remotely exploited while protocol dialects are being negotiated. When the DoS condition is triggered, Vista no longer responds to SMB requests and existing SMB connections to the Vista host become unresponsive.
Affected Products:
Microsoft Windows Vista.
Reference IDs:
|
Description:
This indicates an attempt to exploit a PHP remote file inclusion vulnerability in ActiveCalendar.
The vulnerability is due to an input validation error in the "data/showcode.php" script. The script does not validate the "page" parameter before it is passed to an "fread()" call. This can be exploited by remote attackers to disclose the contents of arbitrary files.
Affected Products:
Active Calendar 1.2
Reference IDs:
|
Description:
This indicates an attempt to exploit a stack buffer overflow vulnerability in Sun Java Web Start.
The vulnerability is caused by an input validation error in the "useEncodingDecl()" function. The error occurs while parsing the XML header's character encoding attribute. It allows remote attackers to execute arbitrary code via an over long "charset" name.
Affected Products:
Sun JDK and JRE 6 Update 4 and earlier.
Sun JDK and JRE 5.0 Update 14 and earlier.
Reference IDs:
|
Description:
This indicates an attempt to exploit a Denial of Service vulnerability in the WireShark SNMP dissector.
The vulnerability is caused by an error in the SNMP dissector. It allows a remote attacker to cause a Denial of Service by crashing the system.
Affected Products:
Wireshark (formerly Ethereal) 0.99.6 through 0.99.7.
Reference IDs:
|
Info ( 1 )
Description:
This indicates an attempt to use the TOR web proxy to defeat traffic analysis.
TOR is a software project that helps defend against traffic analysis. In some cases company or network policy may restrict the use of TOR because it allows users to hide prohibited network activities.
Affected Products:
Any version of TOR.
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new
vectors of exploitation are discovered. The table below details the
security content enhanced with this release.
Critical ( 14 )
High ( 21 )
Medium ( 6 )
Low ( 4 )
Info ( 1 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes
to monitor exploit activity. Vulnerabilities can be classified as
active and given a magnitude level. The magnitude level is the rate
of activity across the probes. The value of the magnitude is set to
low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin
and their corresponding exploit activity magnitude. The data below is
as of this writing.
Critical ( 8 of 21 )
High ( 7 of 22 )
Medium ( 4 of 9 )
Low ( 1 of 3 )
Top of Section
Document History
| Revision Date |
Version Number |
|
| Wednesday, May 14, 2008 |
1 |
Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
