Spyware, viruses, & security forum: VULNERABILITIES / FIXES - April 10, 2012

Release Date : 2012-04-10

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Links 2.x

Description:
Some vulnerabilities have been reported in Links, which can be exploited by malicious people to potentially compromise a user's system.

1) An unspecified error within the graphics renderer can be exploited to cause an out-of-bounds write.

2) An unspecified error within the XBM decoder can be exploited to cause out-of-bounds read and write.

The vulnerabilities are reported in versions prior to 2.6.

Solution;
Update to version 2.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://links.twibright.com/download/ChangeLog

http://secunia.com/advisories/48689/

Release Date : 2012-04-10

Criticality level : Less critical
Impact : Exposure of system information
Exposure of sensitive information
Where : From remote
Solution Status : Unpatched

Software: CitrusDB 2.x

Description:
Michal Blaszczak has reported multiple vulnerabilities in CitrusDB, which can be exploited by malicious users to disclose potentially sensitive information.

Input passed via the "load" parameter to index.php (when "type" is set to "base", "dl", "fs" , or "module") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes.

The vulnerabilities are reported in version 2.4.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Michal 'wacky' Blaszczak

Original Advisory:
http://blaszczakm.blogspot.com/2012/04/citrusdb-241-lfisqli-vulnerability.html

http://secunia.com/advisories/48784/

Seditio Pm Okuma Sistemi Plugin "newpmtext" Script Insertion Vulnerability

Release Date : 2012-04-10

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Pm Okuma Sistemi (plugin for Seditio)

Description:
A vulnerability has been discovered in the Pm Okuma Sistemi plugin for Seditio, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via the "newpmtext" parameter to pm.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is confirmed in version 101. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Akastep.

http://secunia.com/advisories/48736/

PrestaShop Socolissimo Module Parameter Names and Values Cross-Site Scripting Vulnerabilities
Release Date : 2012-04-10

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: PrestaShop 1.x

Description:
Arnault Pachot has discovered two vulnerabilities in PrestaShop, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via arbitrary parameter names and values to modules/socolissimo/redirect.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 1.4.7.0. Prior versions may also be affected.

Solution:
Update to version 1.4.7.2.

Provided and/or discovered by:
Arnault Pachot via Secunia.

Original Advisory:
http://www.prestashop.com/de/entwickler-versionen/changelog/1.4.7.2

http://secunia.com/advisories/48036/

Quest ActiveRoles Server Multiple Cross-Site Scripting Vulnerabilities

Release Date : 2012-04-10

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Quest ActiveRoles Server 6.x

Description:
Multiple vulnerabilities have been reported in Quest ActiveRoles Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input passed to GenerateForm.aspx, SelectGroup.aspx, and d-LogonHours.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 6.7.0 Generic Patch 4 (Build 3694).

Solution:
Update to version 6.7.0 Generic Patch 4 (Build 3694).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory
Quest (TF00188528, TF00188529, TF00188533):
https://support.quest.com/Search/SolutionDetail.aspx?id=SOL87841

http://secunia.com/advisories/48714/

Microsoft Windows Authenticode Signature Verification Security Bypass

Release Date : 2012-04-10

Crriticality level : Less critical
Ipact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Operating System: Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the Windows Authenticode Signature Verification functionality insufficiently validating a PE (Portable Executable) file's file digest. This can be exploited to manipulate a signed executable file by e.g. adding malicious code without invalidating the signature.

Successful exploitation allows execution of arbitrary code, but requires a user or application to run a specially crafted, signed PE file that is considered trusted.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Robert Zacek and Igor Glucksmann, Avast Software.

Original Advisory:
MS12-024 (KB2653956):
http://technet.microsoft.com/en-us/security/bulletin/MS12-024

http://secunia.com/advisories/48581/

Release Date : 2012-04-10

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x

Description:
A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within the .NET CRL (Common Language Runtime) when handling certain parameters passed to a function and can be exploited via a specially crafted web page.

Successful exploitation allows execution of arbitrary code, but requires a browser that can run XAML Browser Applications (XBAPs).

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Vitaliy Toropov via iDefense.

Original Advisory:
MS12-025 (KB2671605, KB2656368, KB2656374, KB2656370, KB2656372, KB2656378, KB2656369, KB2656376, KB2656373):
http://technet.microsoft.com/en-us/security/bulletin/ms12-025

http://secunia.com/advisories/48785/

Release Date : 2012-04-10

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) An unspecified error in the Print feature can be exploited by tricking a user into printing a specially crafted HTML page.

Successful exploitation of this vulnerability may allow execution of arbitrary code, but requires the "Print table of links" option to be enabled (disabled by default).

2) An error in JScript9 when accessing an already deleted object can be exploited to corrupt memory.

Successful exploitation of this vulnerability could potentially allow execution of arbitrary code.

3) An error in the handling of the onReadyStateChange event when accessing an already deleted object can be exploited to corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

4) An error when accessing an already deleted object can be exploited to corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

5) An error in the handling of VML styles when accessing an already deleted object can be exploited to corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

Solution:
Apply patches.

Provided and/or discovered by:
1) The vendor credits linx2008, AISec.
2) The vendor credits Roel Spilker, TOPdesk.
3) The vendor credits Jose Antonio Vazquez Gonzalez via iDefense.
4, 5) The vendor credits an anonymous person via ZDI.

Original Advisory:
MS12-023 (KB2675157):
http://technet.microsoft.com/en-us/security/bulletin/MS12-023

http://secunia.com/advisories/48724/

Release Date : 2012-04-10

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) in an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0474-1:
http://lists.opensuse.org/opensuse-updates/2012-04/msg00022.html

http://secunia.com/advisories/48704/