Spyware, viruses, & security forum: VULNERABILITIES / FIXES - November 13, 2012

Release Date : 2012-11-13

Criticality level : Moderately critical
Impact : DoS
Where : Froom remote
Solution Status: Vendor Patch

Software: UnrealIRCd 3.x

Description:
A vulnerability has been reported in UnrealIRCd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in version 3.2.9 on Windows with SSL support.

Solution:
The vendor has released an updated version.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.unrealircd.com/txt/unrealsecadvisory.20121112.txt
http://forums.unrealircd.com/viewtopic.php?f=2&t=7704

http://secunia.com/advisories/51266/

Release Date : 2012-11-13

Criticality level : Highly critical
Impact : Unknown
DoS
System access
Where : Froom remote
Solution Status: Vendor Patch

Operating System : Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for libav. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
USN-1630-1:
http://www.ubuntu.com/usn/usn-1630-1/

http://secunia.com/advisories/51257/

Release Date : 2012-11-13

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status: Vendor Patch

Software: Xen 3.x
Xen 4.x

Description:Multiple vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

1) An error when handling the VCPU deadline can be exploited to trigger an infinite loop and cause a crash.

2) An out-of-bounds read error within the "domain_pirq_to_emuirq()" function when handling pirq values can be exploited to cause a crash.

3) An error when handling "set_p2m_entry()" call fails exhausts memory reserved for the p2m table and can be exploited to trigger an exception and cause a crash.

4) An error when handling the "HVMOP_pagetable_dying()" hypercall can be exploited to cause a crash.

5) An error within the "GNTTABOP_get_status_frames()" function can be exploited to trigger an infinite loop and cause a crash.

Please see the vendor's advisory for a list of affected versions.

Solution:
Apply patches (please see the vendor's advisory for more information).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Xen (XSA-20, XSA-21, XSA-22, XSA-23, XSA-24):
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00001.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00003.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00004.html
http://lists.xen.org/archives/html/xen-announce/2012-11/msg00002.html

http://secunia.com/advisories/51200/

Eventy Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2012-11-13

Criticality level : Moderately critical
Impact : Cross Site Scripting
Manipulation of data
Where : Froom remote
Solution Status: Unpatched

Software: Eventy 1.x

Description:
Vulnerability Lab has reported multiple vulnerabilities in Eventy, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

1) Input passed via the "id" parameter to eve_event.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "selyear" and "selmonth" parameters in eventy.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 1.8. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Ibrahim El-Sayed (the_storm), Vulnerability Lab.

Original Advisory:
Vulnerability Lab:
http://www.vulnerability-lab.com/download_content.php?id=756

http://secunia.com/advisories/51246/

Microsoft Internet Explorer Multiple Use-After-Free Vulnerabilities

Release Date : 2012-11-13

Criticality level : Highly critical
Impact : System access
Where : Froom remote
Solution Status: Vendor Patch

Software: Microsoft Internet Explorer 9.x

Description:
Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) A use-after-free error within the "CFormElement" class can be exploited to dereference already freed memory.

2) A use-after-free error within the "CTreePos" class can be exploited to dereference already freed memory.

3) A use-after-free error within the "CTreeNode" class can be exploited to dereference already freed memory.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution:
Apply updates.

Provided and/or discovered by:
1, 2) The vendor credits Jose A. Vazquez, spa-s3c.blogspot.com via iDefense Labs
3) The vendor credits Cheng-da Tsai (Orange), Sung-ting Tsai, and Ming-chieh Pan (Nanika), Trend Micro

Original Advisory:
Microsoft (KB2761451):
http://technet.microsoft.com/en-us/security/bulletin/ms12-071

http://secunia.com/advisories/51202/

Release Date : 2012-11-13

Criticality level : Highly critical
Impact : System access
Where : Froom remote
Solution Status: Vendor Patch

Software: Microsoft Excel 2003
Microsoft Excel 2010
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2008 for Mac
Microsoft Office 2008 for Mac
Microsoft Office 2010
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Excel 2007
Microsoft Office Excel Viewer 2007
Microsoft Office for Mac 2011

Description:
Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system.

1) An error when processing the "SerAuxErrBar" record can be exploited to cause a heap-based buffer overflow via a specially crafted file.

2) An input validation error can be exploited to corrupt memory via a specially crafted file.

3) A use-after-free error when processing the "SST" record can be exploited via a specially crafted file.

4) An error when processing certain data structures can be exploited to cause a stack-based buffer overflow via a specially crafted file.

Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits:
1) Sean Larsson via iDefense.
2, 3) An anonymous person via iDefense.
4) An anonymous person via ZDI.

Original Advisory:
MS12-076 (KB2597126, KB2687307, KB2687311, KB2687313, KB2687481, KB2764047, KB2764048):
http://technet.microsoft.com/en-us/security/bulletin/ms12-076

http://secunia.com/advisories/51242/

Release Date : 2012-11-13

Criticality level : Highly critical
Impact : Security Bypass
Exposure of sensitive information
System access
Where : Froom remote
Solution Status: Vendor Patch

Software: Microsoft .NET Framework 1.x
Microsoft .NET Framework 2.x
Microsoft .NET Framework 3.x
Microsoft .NET Framework 4.x

Description:
Multiple vulnerabilities have been reported in Microsoft .NET Framework, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) An error within permissions checking of objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

2) A sanitisation error when processing partially trusted code can be exploited to disclose certain data via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

3) The Entity Framework component loads certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening certain files located on a remote WebDAV or SMB share.

4) A validation error when acquiring proxy settings via the Web Proxy Auto-Discovery (WPAD) can be exploited to execute JavaScript code with reduced restrictions.

5) An error within permissions checking of Windows Presentation Foundation (WPF) objects that perform reflection can be exploited via a specially crafted XAML Browser Application (XBAP) or an untrusted .NET application.

Solution:
Apply patches.

Provided and/or discovered by:
1, 2, 4, 5) The vendor credits James Forshaw, Context Information Security.
3) Reported by the vendor.

Original Advisory:
MS12-074 (KB2698035, KB2698023, KB2729450, KB2729449, KB2737019, KB2698032, KB2729453, KB2729460, KB2737083, KB2729452, KB2729462, KB2737084, KB2756872):
http://technet.microsoft.com/en-us/security/bulletin/ms12-074

http://secunia.com/advisories/51236/