Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - March 30, 2012

by: Carol~ March 30, 2012 7:24 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - March 30, 2012

by Carol~ Moderator - 3/30/12 7:24 AM

SUSE update for php5

Release Date : 2012-03-30

Criticality level : Highly critical
Impact : Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for php5. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0426-1:
https://hermes.opensuse.org/messages/14107451

http://secunia.com/advisories/48668/


Reply
Report offensive post
Email to friend

Ubuntu update for kernel

by Carol~ Moderator - 3/30/12 7:28 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 11.10

Description:
Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1412-1:
http://www.ubuntu.com/usn/usn-1412-1/

http://secunia.com/advisories/48660/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for libreoffice

by Carol~ Moderator - 3/30/12 7:29 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for libreoffice. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0428-1:
https://hermes.opensuse.org/messages/14108305

http://secunia.com/advisories/48649/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

CyaSSL Certificate Handling NULL Pointer Dereference

by Carol~ Moderator - 3/30/12 7:29 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

CyaSSL Certificate Handling NULL Pointer Dereference Vulnerability

Release Date : 2012-03-30

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: CyaSSL 2.x

Description:
A vulnerability has been reported in CyaSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

The vulnerability is caused due to a NULL-pointer dereference error when handling X.509 certificates and can be exploited to cause a crash.

The vulnerability is reported in versions prior to 2.0.8.

Solution:
Update to version 2.0.8.

Provided and/or discovered by:
The vendor credits Remi Gacogne.

Original Advisory:
http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html

http://secunia.com/advisories/48634/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

iRODS Multiple Unspecified Vulnerabilities

by Carol~ Moderator - 3/30/12 7:29 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: iRODS 3.x

Description:
Multiple vulnerabilities with unknown impacts have been reported in iRODS.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 3.1.

Solution:
Update to version 3.1.

Provided and/or discovered by:
The vendor credits Barton Miller, James Kupsch, and Henry Abbey from the University of Wisconsin-Madison.

Original Advisory:
https://www.irods.org/index.php/Release_Notes_3.1

http://secunia.com/advisories/48600/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for flash-player

by Carol~ Moderator - 3/30/12 7:29 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for flash-player. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0427-1:
https://hermes.opensuse.org/messages/14108291

http://secunia.com/advisories/48652/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

libpng "png_set_text_2()" Memory Corruption Vulnerability

by Carol~ Moderator - 3/30/12 7:33 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: libpng 1.x

Description:
A vulnerability has been reported in libpng, which can be exploited by malicious people to compromise an application using the library.

The vulnerability is caused due to an error within the "png_set_text_2()" function (pngset.c) when parsing certain text chunks and can be exploited to corrupt heap memory via a specially crafted PNG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 1.5.10, 1.4.11, 1.2.49, and 1.0.59.

Solution:
Update to version 1.5.10, 1.4.11, 1.2.49, or 1.0.59.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt

http://secunia.com/advisories/48587/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ZyXEL GS1510 Credentials Disclosure and Cross-Site Scripting

by Carol~ Moderator - 3/30/12 7:34 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

ZyXEL GS1510 Credentials Disclosure and Cross-Site Scripting Vulnerability

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System: ZyXEL GS1510

Description:
Two security issues and a vulnerability have been reported in ZyXEL GS1510, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks.

1) The application transmits credentials to webctrl.cgi and via cookie values in plaintext. This can be exploited to intercept the credentials by e.g sniffing network traffic or via a Man-in-the-Middle (MitM) attack.

2) Input passed via the URL to e.g. images is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The security issues and vulnerability are reported in firmware version V1.00(BVN.1). Other versions may also be affected.

Solution:
Update to firmware version V1.00(BVN.1)C0.

Provided and/or discovered by:
Neil Fryer, IT Security Geeks

Original Advisory:
https://www.upsploit.com/index.php/advisories/view/UPS-2011-0042

http://secunia.com/advisories/48381/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

JAMWiki "num" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 3/30/12 7:34 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: JAMWiki 1.x

Description:
Sooraj K.S has discovered a vulnerability in JAMWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "num" parameter to Special:AllPages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.1.5. Prior versions may also be affected.

Solution:
Update to version 1.2.

Provided and/or discovered by:
Sooraj K.S, SecPod Research Team

Original Advisory:
JAMWiki:
http://jamwiki.org/wiki/en/JAMWiki_1.1.6
http://jira.jamwiki.org/browse/JAMWIKI-76

SecPod:
http://secpod.org/blog/?p=493

http://secunia.com/advisories/48638/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenStack Compute (Nova) Resource Exhaustion Denial

by Carol~ Moderator - 3/30/12 7:34 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

OpenStack Compute (Nova) Resource Exhaustion Denial of Service Vulnerability

Release Date : 2012-03-30

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Workaround

Software: OpenStack Compute (Nova) 2011.x

Description:
A vulnerability has been reported in OpenStack Compute (Nova), which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the nova-api component when processing PUT and POST requests containing long server names. This can be exploited to grow log files and exhaust system resources via specially crafted HTTP requests.

The vulnerability is reported in version 2011.3. Other versions may also be affected.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Red Hat credits Dan Prince.

Original Advisory:
https://bugs.launchpad.net/glance/+bug/845788

http://secunia.com/advisories/48654/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Coppermine Photo Gallery "keywords" Script Insertion

by Carol~ Moderator - 3/30/12 7:34 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Coppermine Photo Gallery "keywords" Script Insertion Vulnerability

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Coppermine Photo Gallery 1.x

Description:
Janek Vind has discovered a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via the "keywords" POST parameter to edit_one_pic.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

Successful exploitation requires access rights to edit image information.

The vulnerability is confirmed in version 1.5.18. Prior versions may also be affected.

Solution:
Update to version 1.5.20.

Provided and/or discovered by:
Janek Vind

Original Advisory:
Coppermine Photo Gallery:
http://forum.coppermine-gallery.net/index.php/topic,74682.0.html

waraxe-2012-SA#081:
http://www.waraxe.us/advisory-81.html

http://secunia.com/advisories/48643/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware ESX Server Multiple Vulnerabilities

by Carol~ Moderator - 3/30/12 7:38 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Partial Fix

Operating System: VMware ESX Server 4.x

Description:
VMware has acknowledged multiple vulnerabilities in VMware ESX Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

The vulnerabilities are reported in versions 4.1 and 4.0.

Solution:
Apply patches if available.

Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2012-0006.html

http://secunia.com/advisories/48612/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware ESX Server / ESXi I/O Handling ROM Overwrite

by Carol~ Moderator - 3/30/12 7:38 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

VMware ESX Server / ESXi I/O Handling ROM Overwrite Privilege Escalation Vulnerability

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System: VMware ESX Server 3.x
VMware ESX Server 4.x
VMware ESXi 3.x
VMware ESXi 4.x

Description:
A vulnerability has been reported in VMware ESX Server and VMware ESXi, which can be exploited by malicious, local users in a guest virtual machine to gain escalated privileges.

The vulnerability is caused due to an error when handling port-based I/O and can be exploited to modify virtual DOS machine Read-Only Memory.

The vulnerability is reported in ESX Server and ESXi versions 4.1, 4.0, and 3.5 running Windows XP 32-bit, Windows Server 2003 32-bit, and Windows Server 2003 R2 32-bit.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Derek Soeder, Ridgeway Internet Security.

Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2012-0006.html

http://secunia.com/advisories/48669/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenVZ update for kernel

by Carol~ Moderator - 3/30/12 7:38 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Privilege escalation
DoS
System access
Where : From local network
Solution Status : Vendor Patch

Operating System: OpenVZ

Description:
OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

Solution:
Update kernel branch RHEL6 to version 042stab053.5.

Original Advisory:
http://wiki.openvz.org/Download/kernel/rhel6/042stab053.5

http://secunia.com/advisories/48655/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat Network Satellite NULL Organization Package Upload

by Carol~ Moderator - 3/30/12 7:38 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Red Hat Network Satellite NULL Organization Package Upload Security Bypass Vulnerability

Release Date : 2012-03-30

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: Red Hat Network Satellite Server 5.x

Description:
A vulnerability has been reported in Red Hat Network Satellite, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper authentication and authorisation checks within the spacewalk-backend when handling a NULL organization. This can be exploited to consume disk space of the /var partition and stop the application from downloading updates by uploading arbitrary packages.

Note: The vulnerability affects version 5.4 running on Red Hat Enterprise Linux 6 under mod_wsgi only.

Solution:
Updated packages are available via Red Hat Network.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
RHSA-2012:0436-1:
https://rhn.redhat.com/errata/RHSA-2012-0436.html

http://secunia.com/advisories/48664/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ArticleSetup Multiple Vulnerabilities

by Carol~ Moderator - 3/30/12 7:49 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: ArticleSetup 1.x

Description:
Antu Sanadi has discovered multiple vulnerabilities in ArticleSetup, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed via the "s" parameter to search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "title", "body", and "resource" parameters to submit.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

3) Input passed via the "cat" parameter to feed.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

4) Input passed via the the "s" parameter to search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

5) Input passed via the "userid" and "password" parameters to login.php and admin/login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

NOTE: This vulnerability can further be exploited to bypass the authentication mechanism but requires that "magic_quotes_gpc" is disabled.

The vulnerabilities are confirmed in version 1.10. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Antu Sanadi, SecPod Technologies.

Original Advisory:
http://secpod.org/advisories/SecPod_ArticleSetup_Multiple_Vuln.txt

http://secunia.com/advisories/48613/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Havalite Arbitrary File Upload Vulnerability

by Carol~ Moderator - 3/30/12 7:50 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Havalite 1.x

Description:
A vulnerability has been discovered in Havalite, which can be exploited by malicious users to compromise a vulnerable system.

The vulnerability is caused due to the havalite/upload.php script improperly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability is confirmed in version 1.1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
KedAns-Dz

Original Advisory:
http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html

http://secunia.com/advisories/48646/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for nova

by Carol~ Moderator - 3/30/12 9:30 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 11.10

Description:
Ubuntu has issued an update for nova. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1413-1:
http://www.ubuntu.com/usn/usn-1413-1

http://secunia.com/advisories/48659/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

phpPgAdmin Functions Script Insertion Vulnerability

by Carol~ Moderator - 3/30/12 9:31 AM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: phpPgAdmin 5.x

Description:
A vulnerability has been reported in phpPgAdmin, which can be exploited by malicious users to conduct script insertion attacks.

Certain unspecified input related to functions is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is reported in version 5.0.3. Prior versions may also be affected.

Solution:
Update to version 5.0.4.

Provided and/or discovered by:
The vendor credits Mateusz Goik.

Original Advisory:
phpPgAdmin:
http://sourceforge.net/news/?group_id=37132
https://github.com/phppgadmin/phppgadmin/commit/74174ad639664b52cc1609ede0af8bc403e98a00

Mateusz Goik:
http://sourceforge.net/mailarchive/message.php?msg_id=28783470

http://secunia.com/advisories/48574/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for libpng12 and libpng14

by Carol~ Moderator - 3/30/12 1:31 PM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for libpng12 and libpng14. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0432-1:
https://hermes.opensuse.org/messages/14117689

http://secunia.com/advisories/48554/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

PTK Multiple Information Disclosure Weaknesses

by Carol~ Moderator - 3/30/12 1:31 PM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Unpatched

Software: PTK 1.x

Description:
Multiple weaknesses have been discovered in PTK, which can be exploited by malicious people to disclose potentially sensitive information.

The weaknesses are caused due to the application not properly restricting access to files within the /log, /images, and /report folders and can be exploited to e.g. disclose valid user names, case evidence files, and generated reports via brute force attacks.

The weaknesses are confirmed in version 1.0.5. Other versions may also be affected.

Solution:
Restrict access to the log, images, and report folders (e.g. via .htaccess).

Provided and/or discovered by:
An anonymous person

Original Advisory:
http://packetstormsecurity.org/files/111360/PTK-1.0.5-Cross-Site-Scripting-Unrestricted-Access.html

http://secunia.com/advisories/48585/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

EMC Data Protection Advisor NULL Pointer Dereference Denial

by Carol~ Moderator - 3/30/12 1:32 PM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability

Release Date : 2012-03-30

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Unpatched

Software: EMC Data Protection Advisor 5.x

Description:
Luigi Auriemma has discovered a vulnerability in EMC Data Protection Advisor, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error in the DPA Controller service when handling certain authentication packets. This can be exploited to cause the service to crash via a specially crafted packet sent to TCP port 3916.

The vulnerability is confirmed in version 5.8.1 Build 5991. Other versions may also be affected.

Solution:
Restrict access to trusted hosts only.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/dpa_1-adv.txt

http://secunia.com/advisories/48658/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Quest InTrust ActiveX Controls Multiple Vulnerabilities

by Carol~ Moderator - 3/30/12 1:36 PM

In Reply to: VULNERABILITIES / FIXES - March 30, 2012 by Carol~ Moderator

Release Date : 2012-03-30

Criticality level : Highly critical
Impact : System access
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software:
Quest ARDoc ActiveX Control 7.x
Quest InTrust 10.x
Software FX Annotation Objects Extension ActiveX Control (AnnotateX.dll) 1.x

Description:
Andrea Micalizzi has discovered multiple vulnerabilities in Quest InTrust, which can be exploited by malicious people to manipulate certain data and compromise a user's system.

1) An insecure method in the ARDoc ActiveX Control (ARDoc.dll) can be exploited to overwrite arbitrary files with the contents of exported documents via a call to the "SaveToFile()" method with a specially crafted "bstrFileName" argument.

2) An input validation error in the Annotation Objects Extension ActiveX Control (AnnotateX.dll) can be exploited to call an arbitrary memory location via a call to the "Add()" method with a specially crafted "obj" argument.

Successful exploitation of this vulnerability allows execution of arbitrary code.

The vulnerabilities are confirmed in version 10.4.0.853. Other versions may also be affected.

Solution:
Set the kill-bit for the ActiveX controls.

Provided and/or discovered by:
Andrea Micalizzi (rgod)

Original Advisory:
http://retrogod.altervista.org/9sg_quest_ii.htm
http://retrogod.altervista.org/9sg_quest_adv.htm

http://secunia.com/advisories/48566/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close