Ad: NOOK HD Tablets-Now with Google Play
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - June 12, 2012

by: Carol~ June 12, 2012 6:39 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - June 12, 2012

by Carol~ Moderator - 6/12/12 6:39 AM

HP Server Automation Samba RPC Network Data Representation Marshalling Vulnerability

Release Date : 2012-06-12

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Software: HP Server Automation 7.x
HP Server Automation 9.x

Description:
HP has acknowledged a vulnerability in HP Server Automation, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is reported in versions 7.8.x, 9.0.x, and 9.1.x running on Red Hat Linux, SUSE Linux, and SunOS.

Solution:
Apply HP Server Automation Patch SRVA_00127.

Original Advisory:
HPSBMU02790 SSRT100872:
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03366886

http://secunia.com/advisories/49502/


Reply
Report offensive post
Email to friend

Apple iTunes Two Vulnerabilities

by Carol~ Moderator - 6/12/12 6:41 AM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Apple iTunes 10.x

Description:
Apple has reported two vulnerabilities in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

1) An error in the handling of .m3u playlists can be exploited to cause a heap-based buffer overflow via a specially crafted M3U (".m3u") file.

2) A vulnerability is caused due to a bundled vulnerable version of WebKit.

NOTE: This vulnerability does not affect the application on OS X Lion systems.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Solution:
Update to version 10.6.3.

Provided and/or discovered by:
The vendor credits:
1) Gjoko Krstic, Zero Science Lab.
2) Adam Barth and Abhishek Arya, Google Chrome Security Team.

Original Advisory:
Apple:
http://support.apple.com/kb/HT5318

http://secunia.com/advisories/49489/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for flash-player

by Carol~ Moderator - 6/12/12 6:41 AM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : Security Bypass
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0723-1:
http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html

http://secunia.com/advisories/49451/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Thinkun Remind Plugin "dirPath" Remote File

by Carol~ Moderator - 6/12/12 7:45 AM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

WordPress Thinkun Remind Plugin "dirPath" Remote File Inclusion Vulnerability

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: WordPress Thinkun Remind Plugin 1.x

Description:
Sammy Forgit has discovered a vulnerability in the Thinkun Remind plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "dirPath" parameter in wp-content/plugins/thinkun-remind/exportData.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources.

The vulnerability is confirmed in version 1.1.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
Sammy Forgit, OpenSysCom.

Original Advisory:
http://www.opensyscom.fr/Actualites/wordpress-plugins-thinkun-remind-remote-file-disclosure-vulnerability.html

http://secunia.com/advisories/49461/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Contus Video Gallery Plugin Arbitrary File Upload

by Carol~ Moderator - 6/12/12 7:45 AM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

WordPress Contus Video Gallery Plugin Arbitrary File Upload Vulnerability

Release Date : 2012-06-12

Criticality level : Less critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: WordPress Contus Video Gallery Plugin 1.x

Description:
Sammy Forgit has discovered a vulnerability in the Contus Video Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the wp-content/plugins/contus-video-galleryversion-10/upload1.php script improperly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension.

Successful exploitation requires that Apache is not configured to handle the mime-type for media files with e.g. a ".jpg" or ".gif" extension (Configured to handle by default).

The vulnerability is confirmed in version 1.3. Other versions may also be affected.

Solution:
Restrict access to the wp-content/plugins/contus-video-galleryversion-10/upload1.php script (e.g. via .htaccess).

Provided and/or discovered by:
Sammy Forgit.

Original Advisory:
OpenSysCom:
http://www.opensyscom.fr/Actualites/wordpress-plugins-wordpress-video-gallery-arbitrary-file-upload-vulnerability.html

http://secunia.com/advisories/49494/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for bind

by Carol~ Moderator - 6/12/12 9:47 AM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Moderately critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0722-1:
lists.opensuse.org/opensuse-security-announce/2012-06/msg00005.html

http://secunia.com/advisories/49501/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for mysql

by Carol~ Moderator - 6/12/12 9:47 AM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-11

Criticality level : Less critical
Ipact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: Ubuntu Linux 10.04
Ubuntu Linux 11.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04
Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for mysql. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply updated packages.

Original Advisory:
USN-1467-1:
http://www.ubuntu.com/usn/usn-1467-1/

http://secunia.com/advisories/49490/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

libguestfs "virt-edit" File Permissions Security Issue

by Carol~ Moderator - 6/12/12 12:14 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : Local system
Solution Status : Vendor Patch

Software: libguestfs 1.x

Description:
A security issue has been reported in libguestfs, which can be exploited by malicious, local users to disclose potentially sensitive information.

The security issue is caused due to the "virt-edit" utility not keeping original file permissions when editing a file inside a virtual machine image, which results in world-readable permissions being set.

The security issue is reported in version 1.16.4. Other versions may also be affected.

Solution:
Update to version 1.16.24.

Provided and/or discovered by:
Reported by Richard W.M. Jones in a Red Hat bug report.

Original Advisory:
https://bugzilla.redhat.com/show_bug.cgi?id=788642

http://secunia.com/advisories/49431/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

BMC Identity Management Suite Web Interface Cross-Site

by Carol~ Moderator - 6/12/12 12:14 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

BMC Identity Management Suite Web Interface Cross-Site Request Forgery Vulnerability

Release Date : 2012-06-12

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: BMC Identity Management Suite 7.x

Description:
A vulnerability has been reported in BMC Identity Management Suite, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change any passwords managed by the suite by tricking an administrative user into visiting a malicious web site.

The vulnerability is reported in version 7.5.00.103. Other versions may also be affected.

Solution:
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

Provided and/or discovered by:
US-CERT credits Travis Lee

Original Advisory:
US-CERT:
http://www.kb.cert.org/vuls/id/221180

http://secunia.com/advisories/49499/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xen Privilege Escalation and Denial of Service

by Carol~ Moderator - 6/12/12 12:14 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Xen Privilege Escalation and Denial of Service Vulnerabilities

Release Date : 2012-06-12

Criticality level : Less critical
Impact : Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch

Software: Xen 3.x
Xen 4.x

Description:
Two vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and gain escalated privileges.

1) An error when handling certain system calls can be exploited to gain additional privileges.

Successful exploitation of this vulnerability requires a 64-bit PV guest kernel running on a 64-bit hypervisor.

2) An error when handling exceptions does not properly clear a flag, which can be exploited to cause a crash.

Note: This vulnerability does not affect HVM guests.

The vulnerabilities are reported in versions 3.4, 4.0, and 4.1.

Note: Additionally, a weakness exists within 64-bit PV guests, which can lead to CPU lock ups.

Solution:
Apply patches (please see the vendor's advisory for more information).

Provided and/or discovered by:
1) The vendor credits Rafal Wojtczuk.
2) Reported by the vendor.

Original Advisory:
XSA-7:
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00001.html

XSA-8:
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00003.html

XSA-9:
http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html

http://secunia.com/advisories/49381/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Citrix XenServer Privilege Escalation and Denial of Service

by Carol~ Moderator - 6/12/12 12:14 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Citrix XenServer Privilege Escalation and Denial of Service Vulnerabilities

Release Date : 2012-06-12

Criticality level : Less critical
Impact : Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Citrix XenServer 5.0
Citrix XenServer 5.5
Citrix XenServer 5.6
Citrix XenServer 6.0

Description:
Citrix has acknowledged two vulnerabilities in XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and gain escalated privileges.

The vulnerabilities are reported in versions 6.0.2 and prior.

Solution:
Install hotfix (please see the vendor's advisory for more information).

Original Advisory:
http://support.citrix.com/article/CTX133161

http://secunia.com/advisories/49429/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft .NET Framework WinForms Memory Access

by Carol~ Moderator - 6/12/12 12:35 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Microsoft .NET Framework WinForms Memory Access Vulnerability

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x

Description:
A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error within the framework when handling pointers and can be exploited to corrupt memory via a specially crafted web page.

Successful exploitation allows execution of arbitrary code, but requires a browser that can run XAML Browser Applications (XBAPs).

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Vitaliy Toropov via ZDI.

Original Advisory:
MS12-038 (KB2706726, KB2686828, KB2686827, KB2686833, KB2686830, KB2686831):
http://technet.microsoft.com/en-us/security/bulletin/ms12-038

http://secunia.com/advisories/49418/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Windows Remote Desktop Protocol Object Handling

by Carol~ Moderator - 6/12/12 12:37 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Microsoft Windows Remote Desktop Protocol Object Handling Vulnerability

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within Remote Desktop Services when handling certain objects. This can be exploited to access an uninitialised or deleted object via specially crafted RDP packets.

Successful exploitation allows execution of arbitrary code, but requires that Remote Desktop is enabled (disabled by default).

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS12-036 (KB2685939):
http://technet.microsoft.com/en-us/security/bulletin/ms12-036

http://secunia.com/advisories/49384/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Windows Kernel-Mode Drivers Multiple

by Carol~ Moderator - 6/12/12 12:38 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities

Release Date : 2012-06-12

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System: Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Multiple vulnerabilities have been reported in Windows, which can be exploited by malicious, local users to gain escalated privileges.

1) An error in win32k.sys within the string atom class name handling can be exploited to execute arbitrary code with kernel-mode privileges.

2) An error in win32k.sys within the string atom class name handling can be exploited to execute arbitrary code with kernel-mode privileges.

3) An error in win32k.sys within the clipboard format atom name handling can be exploited to execute arbitrary code with kernel-mode privileges.

4) An integer overflow error when handling the reference counter for font resources when loading TrueType fonts can be exploited to execute arbitrary code with kernel-mode privileges.

5) A race condition error in win32k.sys when handling particular thread creation attempts can be exploited to execute arbitrary code with kernel-mode privileges.

Solution:
Apply patches.

Provided and/or discovered by:
1-3) The vendor credits Tarjei Mandt, Azimuth Security.
4) The vendor credits Mateusz "j00ru" Jurczyk, Google Inc.
5) Reported by the vendor.

Original Advisory:
MS12-041 (KB2709162):
http://technet.microsoft.com/en-us/security/bulletin/MS12-041

http://secunia.com/advisories/49436/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft XML Core Services Uninitialised Object

by Carol~ Moderator - 6/12/12 1:10 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Microsoft XML Core Services Uninitialised Object Vulnerability

Release Date : 2012-06-12

Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround

Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft XML Core Services (MSXML) 3.x
Microsoft XML Core Services (MSXML) 4.x
Microsoft XML Core Services (MSXML) 5.x
Microsoft XML Core Services (MSXML) 6.x

Description:
A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when attempting to access an object in memory that has not been initialised.

Successful exploitation allows execution of arbitrary code by e.g. tricking a user into viewing a malicious web page in Internet Explorer.

NOTE: The vulnerability is reportedly being actively exploited.

Solution:
Apply Microsoft Fix it solution.

Provided and/or discovered by:
Reported as a 0-day.

Original Advisory:
Microsoft:
http://technet.microsoft.com/en-us/security/advisory/2719615

http://secunia.com/advisories/49456/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Internet Explorer Multiple Vulnerabilities

by Carol~ Moderator - 6/12/12 1:12 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : Cross Site Scripting
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Microsoft Internet Explorer 8.x
Microsoft Internet Explorer 9.x

Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, and compromise a user's system.

1) An error when handling the "Center" element can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

2) An unspecified error in the "toStaticHTML" API when sanitising HTML code can be exploited to execute arbitrary HTML and script code in the user's browser session in context of a targeted site.

3) An error when handling EUC-JP character encoding can be exploited to execute arbitrary HTML and script code in the user's browser session in context of a targeted site.

4) An unspecified error when processing NULL bytes can be exploited to disclose content from the process memory.

5) An unspecified error within the developer toolbar can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

6) An error when handling the "Same ID" property can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

7) An error when handling the "Col" element can be exploited to access a nonexistent object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

8) An error when handling the "Title" element can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

9) An error when handling the "OnBeforeDeactivate" event can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

10) An error when handling the "insertAdjacentText" method can be exploited to access undefined memory and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

11) An error when handling the "insertRow" method can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

12) An error when handling the "OnRowsInserted" event can be exploited to access an already deleted object and corrupt memory.

Successful exploitation of this vulnerability allows execution of arbitrary code.

13) An error within the handling of the "Scrolling" event can be exploited to disclose information from another domain or Internet Explorer zone.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits:
1) An anonymous person via iDefense
2) Adi Cohen, IBM
3) Masato Kinugawa
4) Roman Shafigullin, LinkedIn
5) Code Audit Labs, VulnHunt
6) Dark Son, VulnHunt
7) Vupen via ZDI
8, 9, 10, 11, 12) An anonymous person via ZDI
13) Reported by the vendor

Original Advisory:
MS12-037 (KB2699988)
http://technet.microsoft.com/en-us/security/bulletin/ms12-037

http://secunia.com/advisories/49412/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Lync /Office Communicator Multiple Vulnerabilities

by Carol~ Moderator - 6/12/12 1:13 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Highly critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Lync 2010
Microsoft Office Communicator 2007

Description:
Multiple vulnerabilities have been reported in Microsoft Lync and Office Communicator, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1) An error exists when parsing TrueType fonts.

2) An error exists in the t2embed.dll module when parsing TrueType fonts.

3) The client loads libraries (e.g. wlanapi.dll and ncrypt.dll) in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ".ocsmeet" file located on a remote WebDAV or SMB share.

Successful exploitation of this vulnerability allows execution of arbitrary code.

4) An unspecified error in the "SafeHTML" API when sanitising HTML code can be exploited to execute arbitrary HTML and script code in the user's chat session.

Solution:
Apply patches.

Provided and/or discovered by:
3) hamburgers maccoy via Secunia
4) Adi Cohen, IBM

Original Advisory:
MS12-039 (KB2707956, KB2708980, KB2693282, KB2696031, KB2693283, KB2702444):
http://technet.microsoft.com/en-us/security/bulletin/ms12-039

http://secunia.com/advisories/48429/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Dynamics AX Enterprise Portal Cross-Site Scripting

by Carol~ Moderator - 6/12/12 1:52 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Release Date : 2012-06-12

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Dynamics AX 2012

Description:
A vulnerability has been reported in Microsoft Dynamics AX, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input passed to Enterprise Portal is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Finian Mackin.

Original Advisory:
MS12-040 (KB2706738, KB2709100, KB2710639, KB2711239):
http://technet.microsoft.com/en-us/security/bulletin/MS12-040

http://secunia.com/advisories/49433/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Windows Kernel Two Privilege Escalation

by Carol~ Moderator - 6/12/12 1:53 PM

In Reply to: VULNERABILITIES / FIXES - June 12, 2012 by Carol~ Moderator

Microsoft Windows Kernel Two Privilege Escalation Vulnerabilities

Release Date : 2012-06-12

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System: Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Storage Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

1) An error in the User Mode Scheduler (UMS) when handling a particular system request can be exploited to execute arbitrary code with kernel-mode privileges.

Successful exploitation requires the system to run an Intel x64-based version of Windows 7 or Windows Server 2008 R2.

2) An error due to incorrect protection of BIOS ROM can be exploited to execute arbitrary code with kernel-mode privileges.

Solution:
Apply patches.

Provided and/or discovered by:
1) The vendor credits Rafal Wojtczuk, Bromium and Jan Beulich, SUSE.
2) Reported by the vendor.

Original Advisory:
MS12-042 (KB2707511, KB2709715, KB2711167):
http://technet.microsoft.com/en-us/security/bulletin/MS12-042

http://secunia.com/advisories/49454/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close