Spyware, viruses, & security forum: VULNERABILITIES / FIXES - May 08, 2012

Release Date : 2012-05-08

Criticality level : Not critical
Impact : Hijacking
Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for horizon. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users in a guest virtual machine to conduct script insertion attacks and by malicious users to conduct session fixation attacks.

Solution:
Apply updated packages.

Original Advisory:
USN-1439-1:
http://www.ubuntu.com/usn/usn-1439-1/

http://secunia.com/advisories/49071/

Release Date : 2012-05-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to disclose certain sensitive information or compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:0546-01:
https://rhn.redhat.com/errata/RHSA-2012-0546.html

http://secunia.com/advisories/49065/

XPhone Unified Communications 2011 Contact Company Name Script Insertion Vulnerability

Release Date : 2012-05-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From local network
Solution Status : Unpatched

Software: XPhone Unified Communications 2011

Description:
A vulnerability has been reported in XPhone Unified Communications 2011, which can be exploited by malicious users to conduct script insertion attacks.

Input passed via a company name within contacts is not properly sanitised before being used in XPhone UC Web and the web frontend for XPhone Virtual Directory. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

The vulnerability is reported in versions SR2 and earlier.

Solution:
Filter malicious characters and character sequences using a proxy. A SR3 update is scheduled to be released within Q3/2012.

Provided and/or discovered by:
Julien Ahrens via Vulnerability Research Laboratory.

Original Advisory:
Julien Ahrens:
http://www.vulnerability-lab.com/get_content.php?id=484
http://security.inshell.net/advisory/16

http://secunia.com/advisories/48979/

Release Date : 2012-05-08

Criticality level : Less critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 11.04

Description:
Ubuntu has issued an update for the kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1432-1:
http://www.ubuntu.com/usn/usn-1432-1/

http://secunia.com/advisories/48889/

Release Date : 2012-05-08

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Manipulation of data
Where : From local network
Solution Status : Vendor Patch

Software: HP Performance Insight 5.x

Description;
Multiple vulnerabilities have been reported in HP Performance Insight, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) An unspecified error in the application can be exploited to gain unauthorized access. No further information is currently available.

The vulnerabilities are reported in versions 5.3.x, 5.41, 5.41.001, and 5.41.002 running on HP-UX, Linux, Solaris, and Windows.

Solution:
Update to version 5.41.002 and apply hotfix HF09.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBMU02775 SSRT100853:
http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03312417

http://secunia.com/advisories/49079/

Microsoft Visio Viewer VSD File Format Memory Corruption Vulnerability

Release Date : 2012-05-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Visio 2010 Viewer

Description:
A vulnerability has been reported in Microsoft Visio Viewer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when validating certain attributes within a VSD file format and can be exploited to corrupt memory via a specially crafted Visio file.

Successful exploitation allows execution of arbitrary code.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Luigi Auriemma via iDefense.

Original Advisory:
MS12-031 (KB2597981):
http://technet.microsoft.com/en-us/security/bulletin/ms12-031

http://secunia.com/advisories/49113/

Microsoft Windows Partition Manager Privilege Escalation Vulnerability

Release Date : 2012-05-08

Criticality level : Less critical
Impact : Privilege Escalation
Where : Local system
Solution Status : Vendor Patch

Operating System: Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error within the Windows Partition Manager (partmgr.sys) when handling function calls for the Plug and Play (PnP) Configuration Manager from two or more processes or threads and can be exploited via a specially crafted program.

Successful exploitation allows execution of arbitrary code with kernel mode privileges.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS12-033 (KB2690533):
http://technet.microsoft.com/en-us/security/bulletin/ms12-033

http://secunia.com/advisories/49115/

Release Date : 2012-05-08

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: Node.js 0.x

Description:
A vulnerability has been reported in Node.js, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the HTTP parser when processing certain strings and can be exploited to disclose HTTP headers of other connections.

The vulnerability is reported in versions prior to 0.6.17 and prior to 0.7.8.

Solution:
Update to version 0.6.17 or 0.7.8.

Provided and/or discovered by:
The vendor credits Matthew Daley.

Original Advisory:
http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/

http://secunia.com/advisories/49066/

Release Date : 2012-05-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office 2010
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2007
Microsoft Office for Mac 2011

Description:
Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.

1) An error when validating certain data within Excel files can be exploited to corrupt memory.

2) An error when handling the OBJECTLINK record within Excel files can be exploited to corrupt memory.

3) An error when validating certain data within Excel files can be exploited to corrupt memory.

4) An error when handling the SXLI record within Excel files can be exploited to corrupt memory.

5) An error when handling the MergeCells record within Excel files can be exploited to cause a heap-based buffer overflow.

6) A type mismatch error when handling the Series record within Excel files can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits the following people:
1, 2) Omair
4) Omair via iDefense
5, 6) Sean Larsson and Jun Mao via iDefense
6) An anonymous person via ZDI

Original Advisory:
MS12-030 (KB2553371, KB2596842, KB2597086, KB2597161, KB2597162, KB2597166, KB2597969, KB2665346, KB2665351):
http://technet.microsoft.com/en-us/security/bulletin/ms12-030

http://secunia.com/advisories/49112/

Release Date : 2012-05-08

Criticality level : Highly critical
Impact : System access
Privilege Escalation
Where : From remote
Solution Status : Vendor Patch

Operating System Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system.

1) An error exists when parsing TrueType fonts.

2) An error in the t2embed.dll module when parsing TrueType fonts can be exploited via a specially crafted TTF file.

3) An error in GDI+ when handling certain records can be exploited via a specially crafted EMF image file.

4) An error in win32k.sys related to certain Windows and Messages handling can be exploited to execute arbitrary code in the context of another process.

5) An error in win32k.sys when handling keyboard layout files can be exploited to execute arbitrary code in the context of another process.

6) An error in win32k.sys related to scrollbar calculations can be exploited to execute arbitrary code in the context of another process.

Solution:
Apply patches.

Provided and/or discovered by:
4) Reported by the vendor.

The vendor also credits:
2) Alin Rad Pop via ZDI
3) Omair and an anonymous person via iDefense
5) Tarjei Mandt, Azimuth Security
5) Nicolas Economou, Core Security Technologies
5) Geoff McDonald, Symantec
6) h4ckmp

Original Advisory:
MS12-034 (KB2681578, KB2660649, KB2659262, KB2676562, KB2686509, KB2658846, KB2660649):
http://technet.microsoft.com/en-us/security/bulletin/ms12-034

http://secunia.com/advisories/49120/

Release Date : 2012-05-08

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2010

Description:
Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.

1) Some errors exist when parsing TrueType fonts.

2) An error in the Office GDI+ library when handling EMF images embedded within a document can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution:
Apply patches.

Provided and/or discovered by:
2) The vendor credits an anonymous person via iDefense

Original Advisory:
MS12-034 (KB2681578, KB2598253, KB2596672, KB2596792, KB2589337):
http://technet.microsoft.com/en-us/security/bulletin/ms12-034

http://secunia.com/advisories/49121/

WordPress Login With Ajax Plugin JSON Callback Cross-Site Scripting Vulnerability

Release Date : 2012-05-08

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Login With Ajax Plugin 3.x

Description:
A vulnerability has been reported in the Login With Ajax plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via JSON callback is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 3.0.4.1.

Solution:
Update to version 3.0.4.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
WordPress Login With Ajax Plugin:
http://plugins.trac.wordpress.org/changeset/541069
http://wordpress.org/extend/plugins/login-with-ajax/changelog/

http://secunia.com/advisories/49013/