New Vulnerability Coverage
| Threat Type: |
Multiple Vulnerabilities |
IPS Definition
Database Versions: |
2.500 - 2.513 |
| Coverage Release Date: |
May 15, 2008 - Jun 13, 2008 |
| Published Date: |
Friday, June 13, 2008 |
| Version #: |
1 |
| |
| Severity |
Number of
Vulnerabilities |
Active
Exploitation |
| Critical | 33 | 11 |
| High | 34 | 23 |
| Medium | 15 | 6 |
| Low | 8 | 4 |
| Info | 3 | n/a |
| Total | 93 | 44 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover
multiple vulnerabilities. The FortiGuard Team has observed
44 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at
www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the
2.513 IPS Definitions database update.
A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 15 )
Description:
This indicates an attempt to exploit a remote code-execution vulnerability in Adobe Flash Player 9.
The vulnerability results from insecure code in the DLL responsible for parsing SWF tags. It can be exploited via a crafted SWF file, leading to remote code execution.
Affected Products:
Adobe Flash Player 9.0.115.0 and earlier
Adobe Flash Player 8.0.39.0 and earlier
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a buffer-overflow vulnerability in CA BrightStor.
The vulnerabilities are in the "LISTCTRL.ListCtrlCtrl.1" ActiveX control in ListCtrl.ocx. It results from the application's failure to bounds-check user-supplied input, leading to a buffer overflow. As a result, a remote attacker may be able to execute arbitrary code and gain control of vulnerable systems.
Affected Products:
BrightStor ARCServe Backup for Laptops and Desktops r11.5
CA Desktop Management Suite r11.2 C1
CA Desktop Management Suite r11.2a
CA Desktop Management Suite r11.2
CA Desktop Management Suite r11.1 (GA, a, C1)
Unicenter Desktop Management Bundle r11.2 C1
Unicenter Desktop Management Bundle r11.2a
Unicenter Desktop Management Bundle r11.2
Unicenter Desktop Management Bundle r11.1 (GA, a, C1)
Unicenter Asset Management r11.2 C1
Unicenter Asset Management r11.2a
Unicenter Asset Management r11.2
Unicenter Asset Management r11.1 (GA, a, C1)
Unicenter Software Delivery r11.2 C1
Unicenter Software Delivery r11.2a
Unicenter Software Delivery r11.2
Unicenter Software Delivery r11.1 (GA, a, C1)
Unicenter Remote Control r11.2 C1
Unicenter Remote Control r11.2a
Unicenter Remote Control r11.2
Unicenter Remote Control r11.1 (GA, a, C1)
Reference IDs:
|
Description:
Computer Associates BrightStor ARCserve Backup is prone to a remote stack-based buffer overflow vulnerability because the application fails to properly check the bounds of user-supplied data prior to copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute arbitrary code with system level privileges.
Affected Products:
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.0
Computer Associates BrightStor ARCserve Backup Laptop & Desktop 11.1 SP1
Reference IDs:
|
Description:
D-Link MPEG4 SHM Audio ActiveX Control ('VAPGDecoder.dll') is vulnerable to a buffer overflow issue when an overly long string is passed to the Url parameter. A malicious user can trick a victim to visit a malicious web site to use this vulnerability and could then execute arbitrary remote code execution on the victim's host.
Affected Products:
D-Link MPEG4 SHM Audio Control 1.7.0.5
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer-overflow vulnerability in DivX Player.
This vulnerability is caused by the application's failure to properly check the bounds of user-supplied input, allowing execution of arbitrary code. A remote attacker may be able to exploit this by using an overly long subtitle in a .SRT file.
Affected Products:
DivX Player 6.7 build 6.7.0.22 and earlier.
Reference IDs:
|
Description:
This indicates a buffer overflow vulnerability in Novell GroupWise. This vulnerability is caused by a buffer overflow error when processing overly long "mailto:" URIs, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into following a specially crafted link or opening a malicious HTML attachment.
Affected Products:
Novell Groupwise 7.0
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in the HP OpenView Process Manager Service, which by default listens on TCP port 8886 or 8887. By exploiting this, a remote attacker may be able to gain control of vulnerable systems.
Affected Products:
HP OpenView Network Node Manager 7.53 and later versions
Reference IDs:
|
Description:
This indicates an attempt to exploit a heap-overrun vulnerability in Microsoft Internet Explorer.
A remote code-execution vulnerability exists in the way Internet Explorer displays a web page that contains certain unexpected method calls to HTML objects. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution. An attacker who successfully exploits this vulnerability could gain the same user rights as the logged-on user.
Affected Products:
Internet Explorer 6 SP1 when installed on Microsoft Windows 2000 SP4
Internet Explorer 6 for Windows XP SP2 and SP3
Internet Explorer 6 for Windows XP Professional x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 SP1 and SP2
Internet Explorer 6 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 for Windows XP SP2 and SP3
Internet Explorer 7 for Windows XP Professional x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 SP1 and SP2
Internet Explorer 7 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 in Windows Vista and Internet Explorer 7 in Windows Vista SP1
Internet Explorer 7 in Windows Vista x64 Edition and SP1
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
Internet Explorer 7 in Windows Server 2008 for x64-based Systems
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attempt to exploit a memory corruption vulnerability in Microsoft Publisher.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious Publisher file. It allows a remote attacker to execute arbitrary code via a crafted Publisher file.
Affected Products:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System
2007 Microsoft Office System Service Pack 1
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Windows Media Player.
The vulnerability is due to the way Windows Media Player handles supported file formats. This vulnerability is caused by a buffer overflow in QUARTZ.DLL when it tries to parse SAMI files containing long caption class names.
Affected Products:
Windows 2000 SP4
Windows XP SP2 and Windows XP SP3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition SP2
Windows Server 2003 SP1 and Windows Server 2003 SP2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista SP1
Windows Vista x64 Edition and Windows Vista x64 Edition SP1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attempt to exploit a double free vulnerability in Microsoft Word.
The vulnerabilities are caused by an error that occurs when the vulnerable software handles a malicious DOC file. A remote attacker may exploit this to execute arbitrary code via a crafted DOC file.
Affected Products:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System
Microsoft Outlook 2007
2007 Microsoft Office System Service Pack 1
Microsoft Outlook 2007 Service Pack 1
Microsoft Word Viewer 2003
Microsoft Word Viewer 2003 Service Pack 3
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Reference IDs:
|
Description:
This indicates an attempt to exploit an integer-overflow vulnerability in Microsoft Word.
The vulnerabilities are caused by an error that occurs when the vulnerable software handles a malicious RTF file. It allows a remote attacker to execute arbitrary code via a crafted RTF file.
Affected Products:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System
Microsoft Outlook 2007
2007 Microsoft Office System Service Pack 1
Microsoft Outlook 2007 Service Pack 1
Microsoft Word Viewer 2003
Microsoft Word Viewer 2003 Service Pack 3
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Office 2004 for Mac
Microsoft Office 2008 for Mac
Reference IDs:
|
Description:
There is a stack buffer overflow vulnerability in Orbit downloader. This can be exploited when an attempt to download from an overly long URL has failed.
Affected Products:
Orbit downloader 2.6.3 and 2.6.4.
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer-overflow vulnerability in Symantec Norton Internet Security 2008 and prior versions.
The vulnerability is caused by an input parameter check error in the GetEventLogInfo method. It allows a remote attacker to execute arbitrary code in the victim's system by sending a long parameter to this method.
Affected Products:
Symantec Norton Internet Security 2008 and prior versions
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer-overflow vulnerability in TFTP Server SP on Windows.
This vulnerability is caused by the application's failure to properly check the bounds of user-supplied data, which allows execution of arbitrary code. A remote attacker may exploit this by sending a specially crafted TFTP error packet.
Affected Products:
TFTP Server SP 1.4 and 1.5 for Windows.
Reference IDs:
|
High ( 11 )
Description:
This indicates an attempt to exploit a denial of service vulnerability in Adobe Acrobat Reader.
The vulnerability is a result of memory corruption errors in the AcroPDF ActiveX control (AcroPDF.dll). It does not properly handle malformed arguments passed to the "setPageMode()", "setLayoutMode()", "setNamedDest()" and "LoadFile()" methods. The vulnerability can be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page with Internet Explorer.
Affected Products:
Adobe Acrobat Standard 7.0.8
Adobe Acrobat Standard 7.0.7
Adobe Acrobat Standard 7.0.6
Adobe Acrobat Standard 7.0.5
Adobe Acrobat Standard 7.0.4
Adobe Acrobat Standard 7.0.3
Adobe Acrobat Standard 7.0.2
Adobe Acrobat Standard 7.0.1
Adobe Acrobat Standard 7.0
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.7
Adobe Acrobat Reader 7.0.6
Adobe Acrobat Reader 7.0.5
Adobe Acrobat Reader 7.0.4
Adobe Acrobat Reader 7.0.3
Adobe Acrobat Reader 7.0.2
Adobe Acrobat Reader 7.0.1
Adobe Acrobat Reader 7.0
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 7.0
Reference IDs:
|
Description:
The Asprox trojan is designed to create a spam botnet and send spam emails. It installs an update of itself as a system service with the name "Microsoft Security Center Extension". It uses Google to search for .asp pages, then sends blind SQL-injection attack requests to the websites that are found.
Affected Products:
Any website based on ASP technologies and using Microsoft SQL server as the backend database server.
Reference IDs:
|
Description:
This indicates an attempt to exploit a vulnerability in the HPeDiag ActiveX control in hpediag.dll.
The HPeDiag ActiveX control is vulnerable to information disclosure and arbitrary code execution exploits. A remote attacker may be able to access arbitrary files or registry keys, and possibly execute code on a vulnerable system.
Affected Products:
HP hpediag.dll, version 4.000.009.002
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a format string vulnerability in HP OpenView 7.53.
The vulnerability is in the "ovalarmsrv" service in ov.dll. It results from the application's failure to check user supplied input, leading to arbitrary code execution. By exploiting this a remote attacker may be able to gain control of vulnerable systems.
Affected Products:
HP OpenView 7.53 and earlier versions.
Reference IDs:
|
Description:
This indicates detection of an attempt to exploit a vulnerability in the Microsoft ASN.1 library via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory.
The vulnerability is in MSASN1.DLL, part of the ASN.1 library. It may allow remote attackers to execute arbitrary code via specially crafted ASN.1 BER encodings.
Affected Products:
Microsoft, Windows NT, Workstation 4.0 SP6a
Microsoft, Windows 2000, Service Pack 2
Microsoft, Windows 2000, Service Pack 3
Microsoft, Windows 2000, Service Pack 4, FR
Microsoft, Windows XP, Gold
Microsoft, Windows XP, Service Pack 1, Tablet PC
Microsoft, Windows XP, 64-bit
Microsoft, Windows XP, 64-bit, Service Pack 1
Microsoft, Windows XP, 64-bit Version 2003, Service Pack 1
Microsoft, Windows Server 2003, Release 2
Microsoft, Windows Server 2003, 64-bit
Microsoft, Windows NT, Server 4.0 SP6a
Microsoft, Windows NT, Terminal Server 4.0 SP6
Reference IDs:
|
Description:
This indicates an attempt to exploit a security bypass vulnerability in Microsoft Word.
The Microsoft Word application contains a vulnerability where you can execute JavaScript code without the user's permission. Successful exploitation could make it possible for an attacker to execute arbitrary code on a vulnerable system.
Affected Products:
Microsoft Word 2003
Microsoft Word 2007
Reference IDs:
|
Description:
This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Works 7.
The vulnerability is in the WkImgSrv.dll ActiveX control. It allows an attacker to execute arbitrary code with the privileges of the current user.
Affected Products:
Microsoft Works 7
Reference IDs:
|
Description:
This indicates an attempt to exploit a stack-based buffer overflow in Subversion.
The vulnerability is caused by an input validation error in the date-parsing code. A remote attacker can exploit this by sending a specially-crafted DAV2 REPORT query or get-dated-rev svn-protocol command, which may result in the execution of arbitrary code.
Affected Products:
Subversion Subversion 1.0.2
Subversion Subversion 1.0.1
Subversion Subversion 1.0
Reference IDs:
|
Description:
This indicates a possible exploit of a buffer overflow vulnerability in SubVersion.
Subversion is a version control system for all Linux and Unix-based operating systems. A buffer overflow vulnerability is reported in it that may allow an attacker to execute arbitrary code on a vulnerable system. This is due to the application's failure to properly sanitize date strings when parsing them. A remote attacker can send a specially crafted "DAV2 REPORT" query or "get-dated-rev" svn protocol command to cause a stack-based buffer overflow, leading to execution of arbitrary code on the system with privileges of the victim.
Affected Products:
Subversion 1.0.2 and prior.
Reference IDs:
|
Description:
This indicates an attempt to exploit an SQL-injection vulnerability in Symantec Altiris Deployment Solution.
This vulnerability is caused by the application's failure to sufficiently sanitize user-supplied input. A remote attacker may exploit this to execute arbitrary code with SYSTEM-level privileges.
Affected Products:
Symantec Altiris Deployment Solution 6.8.x & 6.9.x
All builds prior to 6.9.176
Reference IDs:
|
Description:
Zango and Hotbar install some ActiveX components for Microsoft Internet Explorer which contain the insecure method "DownloadAndExec". Some malicious users can force the victim to visit a malicious URL that contains the call to this method, letting them download and execute arbitrary code on the victim's computer.
Affected Products:
Zango and Hotbar toolbar.
|
Medium ( 9 )
Description:
Apache HTTP server is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
Affected Products:
Apache Software Foundation, Apache HTTP Server, 2.0
Apache Software Foundation, Apache HTTP Server, 2.0 A9
Apache Software Foundation, Apache HTTP Server, 2.0.28
Apache Software Foundation, Apache HTTP Server, 2.0.28 Beta
Apache Software Foundation, Apache HTTP Server, 2.0.32
Apache Software Foundation, Apache HTTP Server, 2.0.32 Beta
Apache Software Foundation, Apache HTTP Server, 2.0.34 Beta
Apache Software Foundation, Apache HTTP Server, 2.0.35
Apache Software Foundation, Apache HTTP Server, 2.0.36
Apache Software Foundation, Apache HTTP Server, 2.0.37
Apache Software Foundation, Apache HTTP Server, 2.0.38
Apache Software Foundation, Apache HTTP Server, 2.0.39
Apache Software Foundation, Apache HTTP Server, 2.0.40
Apache Software Foundation, Apache HTTP Server, 2.0.41
Apache Software Foundation, Apache HTTP Server, 2.0.42
Apache Software Foundation, Apache HTTP Server, 2.0.43
Apache Software Foundation, Apache HTTP Server, 2.0.44
Apache Software Foundation, Apache HTTP Server, 2.0.45
Apache Software Foundation, Apache HTTP Server, 2.0.46
Apache Software Foundation, Apache HTTP Server, 2.0.47
Apache Software Foundation, Apache HTTP Server, 2.0.48
Apache Software Foundation, Apache HTTP Server, 2.0.49
Apache Software Foundation, Apache HTTP Server, 2.0.50
Apache Software Foundation, Apache HTTP Server, 2.0.51
Apache Software Foundation, Apache HTTP Server, 2.0.52
Apache Software Foundation, Apache HTTP Server, 2.0.53
Apache Software Foundation, Apache HTTP Server, 2.0.54
Apache Software Foundation, Apache HTTP Server, 2.0.55
Apache Software Foundation, Apache HTTP Server, 2.0.56
Apache Software Foundation, Apache HTTP Server, 2.0.56 Dev
Apache Software Foundation, Apache HTTP Server, 2.0.57
Apache Software Foundation, Apache HTTP Server, 2.0.58
Apache Software Foundation, Apache HTTP Server, 2.0.59
Apache Software Foundation, Apache HTTP Server, 2.0.60 Dev
Apache Software Foundation, Apache HTTP Server, 2.0.61 Dev
Apache Software Foundation, Apache HTTP Server, 2.1
Apache Software Foundation, Apache HTTP Server, 2.1.1
Apache Software Foundation, Apache HTTP Server, 2.1.2
Apache Software Foundation, Apache HTTP Server, 2.1.3
Apache Software Foundation, Apache HTTP Server, 2.1.4
Apache Software Foundation, Apache HTTP Server, 2.1.5
Apache Software Foundation, Apache HTTP Server, 2.1.6
Apache Software Foundation, Apache HTTP Server, 2.1.7
Apache Software Foundation, Apache HTTP Server, 2.1.8
Apache Software Foundation, Apache HTTP Server, 2.2
Apache Software Foundation, Apache HTTP Server, 2.2.1
Apache Software Foundation, Apache HTTP Server, 2.2.2
Apache Software Foundation, Apache HTTP Server, 2.2.3
Apache Software Foundation, Apache HTTP Server, 2.2.4
Apache Software Foundation, Apache HTTP Server, 2.2.5 Dev
Reference IDs:
|
Description:
This indicates an attempt to exploit a vulnerability in Mac OS X iCal.
This vulnerability is due to null-pointer dereference errors while parsing malformed .ics files, which leads to abnormal termination of the iCal application.
Affected Products:
iCal 3.0.1 running on Mac OS X 10.5.1; previous versions may also be affected.
Reference IDs:
|
Description:
The web application software is vulnerable to a SQL injection flaw through the HTTP Referer header. A malicious user can thus execute blind SQL queries in the backend database without the user's consent.
Affected Products:
PHP-Nuke 8.0.0 Final
Reference IDs:
|
Description:
This indicates an attempt to exploit an information-disclosure vulnerability in Microsoft IE.
The vulnerability is caused by some errors in the implementation of XMLHttpRequest. An attacker can overwrite the "Host" and other HTTP header fields by using some insecure methods of XMLHttpRequest object. It allows remote attackers to steal private information by tricking a user into viewing a malicious web page which calls these insecure methods.
Affected Products:
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 SP4
Internet Explorer 6 SP1 when installed on Microsoft Windows 2000 SP4
Internet Explorer 6 for Windows XP SP2 and SP3
Internet Explorer 6 for Windows XP Professional x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 SP1 and SP2
Internet Explorer 6 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 for Windows XP SP2 and SP3
Internet Explorer 7 for Windows XP Professional x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 SP1 and SP2
Internet Explorer 7 for Windows Server 2003 x64 Edition and SP2
Internet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Internet Explorer 7 in Windows Vista and Internet Explorer 7 in Windows Vista SP1
Internet Explorer 7 in Windows Vista x64 Edition and SP1
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems
Internet Explorer 7 in Windows Server 2008 for x64-based Systems
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attempt to exploit a denial of service vulnerability in the Pragmatic General Multicast (PGM) protocol on Microsoft Windows.
The vulnerability is due to insufficient validation of the length of PGM fragmented packets received. A malicious attacker could exploit this vulnerability by sending specially crafted PGM packets to a vulnerable system.
A successful exploitation of the vulnerability will result in consumption of memory and will slow down the computer or can cause the computer to crash.
Affected Products:
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition and SP2
Windows Server 2003 SP1 and SP2
Windows Server 2003 x64 Edition and SP2
Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a denial-of-service vulnerability in the Pragmatic General Multicast (PGM) protocol on Microsoft Windows.
A denial-of-service vulnerability exists in implementations of the Pragmatic General Multicast protocol on Microsoft Windows. This vulnerability exists in the multicast service which can cause the host to exhaust all of its memory resources. A remote attacker can create a denial of service on vulnerable systems by sending specially crafted PGM packets.
Affected Products:
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition and SP2
Windows Server 2003 SP1 and SP2
Windows Server 2003 x64 Edition and SP2
Windows Server 2003 with SP1 for Itanium-based Systems and SP2
Reference IDs:
|
Description:
This indicates a possible attempt to exploit a remote code execution vulnerability in the Microsoft Speech Recognition feature.
The vulnerability is located in the "sapi.dll" ActiveX control. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Note that the Speech Recognition feature is disabled by default in Windows Vista.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista
Windows Vista Service Pack 1
Windows Vista x64 Edition
Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
Reference IDs:
|
Description:
This is an attempt to exploit a priviledge elevation vulnerability in Microsoft's Windows Internet Name Service (WINS).
The vulnerability is caused by the WINS server's insufficient validation of the data structures within specially crafted WINS network packets. The vulnerability could allow a local attacker to run code with elevated privileges. An attacker who successfully exploits this vulnerability could take complete control of the system affected.
Affected Products:
Microsoft Windows 2000 Server SP4
Windows Server 2003 Service Pack 1 and Windows Server 2003 SP 2
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates a denial-of-service vulnerability in the SuiteLink Service in WonderWare SuiteLink, which is used in the application InTouch 8.0. This vulnerability is caused by sending a malformed packet to TCP port 5413, which can cause a memory allocation failure.
Affected Products:
Systems using WonderWare SuiteLink prior to version 2.0 Patch 01.
Reference IDs:
|
Low ( 2 )
Description:
This indicates an attempt to exploit a denial of service vulnerability in Cacti 0.8.6i.
The vulnerability allows remote authenticated users to cause a denial of service by using an overly large value for the "graph_start" or "graph_end" parameter.
Affected Products:
Cacti, Cacti 0.8.6i,j
Mandriva, Corporate Server 4.0
Mandriva, Corporate Server 4.0/X86_64
Reference IDs:
|
Description:
This indicates a possible exploit of a URL-spoofing vulnerability in Microsoft Internet Explorer.
Microsoft Internet Explorer suffers from a URL-spoofing vulnerability. Using an image control that has been enclosed in a hyperlink, a malicious user can use a form to spoof the URL shown in the status bar. This can be used to trick the user into visiting a malicious web site.
Affected Products:
Microsoft Internet Explorer 6.x
Opera 8.x
Reference IDs:
|
Info ( 1 )
Description:
This indicates that a connection attempt to the LimeWire server was made by a LimeWire client.
Affected Products:
Any Windows systems that may run LimeWare client and are connected to the internet are vulnerable.
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new
vectors of exploitation are discovered. The table below details the
security content enhanced with this release.
Critical ( 20 )
High ( 24 )
Medium ( 7 )
Low ( 7 )
Info ( 2 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes
to monitor exploit activity. Vulnerabilities can be classified as
active and given a magnitude level. The magnitude level is the rate
of activity across the probes. The value of the magnitude is set to
low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin
and their corresponding exploit activity magnitude. The data below is
as of this writing.
Critical ( 11 of 32 )
High ( 23 of 34 )
Medium ( 6 of 15 )
Low ( 4 of 6 )
Top of Section
Document History
| Revision Date |
Version Number |
|
| Friday, June 13, 2008 |
1 |
Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
