New Vulnerability Coverage
| Threat Type: |
Multiple Vulnerabilities |
IPS Definition
Database Versions: |
2.500 - 2.506 |
| Coverage Release Date: |
May 15, 2008 - May 27, 2008 |
| Published Date: |
Thursday, May 29, 2008 |
| Version #: |
1 |
| |
| Severity |
Number of
Vulnerabilities |
Active
Exploitation |
| Critical | 13 | - |
| High | 14 | 8 |
| Medium | 2 | - |
| Low | 2 | 1 |
| Info | 1 | n/a |
| Total | 32 | 9 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover
multiple vulnerabilities. The FortiGuard Team has observed
9 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at
www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the
2.506 IPS Definitions database update.
A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 5 )
Description:
Computer Associates BrightStor ARCserve Backup is prone to a remote stack-based buffer overflow vulnerability because the application fails to properly check the bounds of user-supplied data prior to copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute arbitrary code with system level privileges.
Affected Products:
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in the HP OpenView Process Manager Service, which by default listens on TCP port 8886 or 8887. By exploiting this, a remote attacker may be able to gain control of vulnerable systems.
Affected Products:
Reference IDs:
|
Description:
This indicates an attempt to exploit memory corrutption vulnerability in Microsoft Publisher.
The vulnerabilities are caused by an error that occurs when the vulnerable software handles a malicious Publisher file. It allows a remote attacker to execute arbitrary code via a crafted Publisher file.
Affected Products:
Reference IDs:
|
Description:
This indicates an attempt to exploit double free vulnerability in Microsoft Word.
The vulnerabilities are caused by an error that occurs when the vulnerable software handles a malicious DOC file. It allows a remote attacker to execute arbitrary code via a crafted DOC file.
Affected Products:
Reference IDs:
|
Description:
This indicates an attempt to exploit integer overflow vulnerability in Microsoft Word.
The vulnerabilities are caused by an error that occurs when the vulnerable software handles a malicious RTF file. It allows a remote attacker to execute arbitrary code via a crafted RTF file.
Affected Products:
Reference IDs:
|
High ( 4 )
Description:
The Asprox trojan is a password-stealing trojan that is designed to create a spam botnet which appears to be solely dedicated to sending phishing emails. The Asprox botnet pushes an update to the infected systems. The update is a binary with the filename msscntr32.exe. The executable is installed as a system service with the name "Microsoft Security Center Extension", but is actually an SQL-injection attack tool.
Affected Products:
Reference IDs:
|
Description:
This indicates an attempt to exploit a vulnerability in the HPeDiag ActiveX control in hpediag.dll.
The HPeDiag ActiveX control is vulnerable to information disclosure and arbitrary code execution exploits. A remote attacker may be able to access arbitrary files or registry keys, and possibly execute code on a vulnerable system.
Affected Products:
Reference IDs:
|
Description:
This indicates detection of an attempt to exploit a vulnerability in the Microsoft ASN.1 library via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory.
The vulnerability is in MSASN1.DLL, part of the ASN.1 library. It may allow remote attackers to execute arbitrary code via specially crafted ASN.1 BER encodings.
Affected Products:
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Works 7.
The vulnerability is in the WkImgSrv.dll ActiveX control. It allows an attacker to execute arbitrary code with the privileges of the current user.
Affected Products:
Reference IDs:
|
Medium ( 1 )
Description:
The web application software is vulnerable to a SQL injection flaw through the HTTP Referer header. A malicious user can thus execute blind SQL queries in the backend database without the user's consent.
Affected Products:
Reference IDs:
|
Low ( 1 )
Description:
This indicates an attempt to exploit a denial of service vulnerability in Cacti 0.8.6i.
The vulnerability allows remote authenticated users to cause a denial of service by using an overly large value for the "graph_start" or "graph_end" parameter.
Affected Products:
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new
vectors of exploitation are discovered. The table below details the
security content enhanced with this release.
Critical ( 9 )
High ( 11 )
Medium ( 1 )
Low ( 1 )
Info ( 1 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes
to monitor exploit activity. Vulnerabilities can be classified as
active and given a magnitude level. The magnitude level is the rate
of activity across the probes. The value of the magnitude is set to
low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin
and their corresponding exploit activity magnitude. The data below is
as of this writing.
Critical ( 0 of 12 )
High ( 8 of 14 )
Medium ( 0 of 2 )
Low ( 1 of 2 )
Top of Section
Document History
| Revision Date |
Version Number |
|
| Thursday, May 29, 2008 |
1 |
Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
