Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - February 01, 2013

by: Carol~ February 1, 2013 3:50 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - February 01, 2013

by Carol~ Moderator - 2/1/13 3:50 AM

Red Hat update for xorg-x11-drv-qxl

Release Date: 2013-02-01

Criticality level : Less critical
Impact: DoS
Where : From local network
Solution Status : Vendor Patch

Operating System:
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for xorg-x11-drv-qxl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0218-1:
https://rhn.redhat.com/errata/RHSA-2013-0218.html

http://secunia.com/advisories/52052/


Reply
Report offensive post
Email to friend

HP Network Node Manager Unspecified Cross-Site Scripting

by Carol~ Moderator - 2/1/13 3:53 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

HP Network Node Manager Unspecified Cross-Site Scripting Vulnerabilities

Release Date : 2013-02-01

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: HP Network Node Manager i (NNMi) 9.x

Description:
Some vulnerabilities have been reported in HP Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions 9.0x, 9.1x, and 9.20.

Solution:
Apply hotfix.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HPSBMU02842 SSRT100909:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03652323

http://secunia.com/advisories/52048/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for mysql

by Carol~ Moderator - 2/1/13 3:53 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-02-01

Criticality level : Less critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System :
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information and manipulate data, by malicious users to cause a DoS (Denial of Service), disclose sensitive information, or manipulate data, and by malicious people to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0219-1:
https://rhn.redhat.com/errata/RHSA-2013-0219.html

http://secunia.com/advisories/52050/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for mingw32-libxml2

by Carol~ Moderator - 2/1/13 3:54 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-02-01

Criticality level: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status : Vendor Patch

Operating System :
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for mingw32-libxml2. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0217-1:
https://rhn.redhat.com/errata/RHSA-2013-0217.html

http://secunia.com/advisories/52051/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Smart Analytics System / InfoSphere Balanced Warehouse

by Carol~ Moderator - 2/1/13 4:31 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

IBM Smart Analytics System / InfoSphere Balanced Warehouse OpenSSL Vulnerabilities

Release Date : 2013-02-01

Criticality level: Highly critical
Impact: Security Bypass
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status : Vendor Patch

Operating System :
IBM InfoSphere Balanced Warehouse Series
IBM Smart Analytics System Series

Description:
IBM has acknowledged multiple vulnerabilities in IBM Smart Analytics System and IBM InfoSphere Balanced Warehouse, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library.

The vulnerabilities are reported in the following products:
* IBM InfoSphere Balanced Warehouse C3000
* IBM InfoSphere Balanced Warehouse C4000
* IBM InfoSphere Balanced Warehouse D5100
* IBM Smart Analytics System 1050 for Linux
* IBM Smart Analytics System 2050 for Linux
* IBM Smart Analytics System 5600 V1
* IBM Smart Analytics System 5600 V2
* IBM Smart Analytics System 5710

Solution:
Apply patch.

Original Advisory:
IBM:
https://www.ibm.com/support/docview.wss?uid=swg21619837
https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_infosphere_balanced_warehouse_c3000_c4000_and_d5100_and_ibm_smart_analytics_system_1050_2050_5600_and_5710_are_affected_by_vulnerabilities_in_openssl16

http://secunia.com/advisories/52019/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress yolink Search Plugin "s" Cross-Site Scripting

by Carol~ Moderator - 2/1/13 4:31 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability

Release Date : 2013-02-01

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress yolink Search Plugin 2.x

Description:
A vulnerability has been discovered in the yolink Search plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "s" GET parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerability is confirmed in version 2.5. Prior versions may also be affected.

Solution:
Update to version 2.6.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
yolink Search:
http://wordpress.org/extend/plugins/yolink-search/changelog/
http://plugins.trac.wordpress.org/changeset/661916/yolink-search/tags

http://secunia.com/advisories/52030/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

D-Link DCS-930L / DCS-932L Configuration Disclosure Security

by Carol~ Moderator - 2/1/13 5:28 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

D-Link DCS-930L / DCS-932L Configuration Disclosure Security Issue

Release Date : 2013-02-01

Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch

Operating System :
D-Link DCS-930L Cloud Camera 1000
D-Link DCS-932L Cloud Camera 1100

Description:
A security issue has been reported in D-Link DCS-930L and DCS-932L, which can be exploited by malicious people to disclose sensitive information.

The security issue is caused due to the device not properly protecting the download of the configuration via a HTTP request to frame/GetConfig, which can be exploited to e.g. disclose administrative credentials.

The security issue is reported in the following products:
* D-Link DCS-930L version 1.04.
* D-Link DCS-932L version 1.02.

Solution:
Update to a fixed version.

Provided and/or discovered by:
Roberto Paleari.

Original Advisory:
http://packetstormsecurity.com/files/119902/D-Link-DCS-Cameras-Authentication-Bypass-Command-Execution.html

http://secunia.com/advisories/51970/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Netgear SPH200D Cross-Site Scripting Vulnerability

by Carol~ Moderator - 2/1/13 5:28 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-02-01

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Operating System: Netgear SPH200D 1.x

Description:
Michael Messner has reported a vulnerability in Netgear SPH200D, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input appended to the URL when accessing a non-existent page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.0.4.80. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Michael Messner

Original Advisory:
http://www.s3cur1ty.de/m1adv2013-002

http://secunia.com/advisories/52029/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Drupal Google Authenticator Login Module Security Bypass

by Carol~ Moderator - 2/1/13 5:28 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Drupal Google Authenticator Login Module Security Bypass Security Issue

Release Date : 2013-02-01

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: Drupal Google Authenticator Login Module 7.x

Description:
A security issue has been reported in the Google Authenticator Login module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to a logic error when handling multi-factor authentication, which can potentially be exploited to bypass the authentication and log in to another user's account by using the user's name.

Successful exploitation requires the user name to be known and the victim to have the permission to use multi-factor authentication and to have an incomplete association between the account and Google Authenticator token.

The security issue is reported in versions prior to 7.x-1.3.

Solution:
Update to version 7.x-1.3.

Provided and/or discovered by:
The vendor credits Patrick C.

Original Advisory:
SA-CONTRIB-2013-012:
http://drupal.org/node/1903282

http://secunia.com/advisories/51987/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware vSphere Products Client-Side Authentication

by Carol~ Moderator - 2/1/13 5:29 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

VMware vSphere Products Client-Side Authentication Vulnerability

Release Date : 2013-02-01

Criticality level : Not critical
Impact : System access
Where : From local network
Solution Status : Partial Fix

Software:
VMware Virtual Infrastructure Client
VMware VirtualCenter 2.x
VMware vSphere 4.x
VMware vSphere Client 4.x

Description:
A vulnerability has been reported in some VMware vSphere products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the handling of the management authentication protocol, which can be exploited to corrupt memory.

Successful exploitation may allow execution of arbitrary code, but requires tricking the vCenter Server or vSphere Client into interacting with a malicious server as a client.

The vulnerability is reported in the following products and versions:
* vCenter Server version 4.1
* vCenter Server version 4.0
* VirtualCenter version 2.5
* vSphere Client version 4.1
* vSphere Client version 4.0
* VI-Client version 2.5

Solution:
Apply patches if available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
VMware:
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

http://secunia.com/advisories/52047/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware ESX Server Multiple Vulnerabilities

by Carol~ Moderator - 2/1/13 6:55 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-02-01

Criticality level : Moderately critical
Impact : Exposure of system information
DoS
System access
Where : From local network
Solution Status : Partial Fix

Operating System :
VMware ESX Server 3.x
VMware ESX Server 4.x

Description:
Multiple vulnerabilities have been reported in VMware ESX Server, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.

1) A vulnerability exists within the handling of the authentication protocol.

2) Some vulnerabilities exist in the bundled vulnerable version of libxml2.

3) Some vulnerabilities exist in the bundled vulnerable version of bind.

4) Some vulnerabilities exist in the bundled vulnerable version of libxslt.

The vulnerabilities are reported in versions 3.5, 4.0, and 4.1.

Solution:
Apply patches if available.

Original Advisory:
VMware:
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

http://secunia.com/advisories/52061/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware ESXi Multiple Vulnerabilities

by Carol~ Moderator - 2/1/13 6:55 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-02-01

Criticality level : Moderately critical
Impact : DoS
System access
Where : From local network
Solution Status : Partial Fix

Operating System:
VMware ESXi 3.x
VMware ESXi 4.x

Description:
Multiple vulnerabilities have been reported in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.

1) A vulnerability exists within the handling of the authentication protocol.

2) Some vulnerabilities exist in the bundled vulnerable version of libxml2.

The vulnerabilities are reported in versions 4.1, 4.0, and 3.5.

Solution:
Apply patches if available.

Original Advisory:
VMware:
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

http://secunia.com/advisories/52062/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Snorby "in_xml()" Information Disclosure Weakness

by Carol~ Moderator - 2/1/13 6:55 AM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-02-01

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: Snorby 2.x

Description:
A weakness has been reported in Snorby, which can be exploited by malicious people to disclose certain sensitive information.

The weakness is caused due to an unspecified error within the "in_xml()" method (app/models/event.rb) and can be exploited to disclose certain user related data.

The weakness is reported in version 2.5.5. Prior versions may also be affected.

Solution:
Update to version 2.5.6.

Provided and/or discovered by:
The vendor credits Joshua Heiks.

Original Advisory:
Snorby:
https://github.com/Snorby/snorby/blob/master/ChangeLog.md
https://github.com/Snorby/snorby/commit/0796269fde3aa8b4c19ea6309b68ebf77e42c9df

http://secunia.com/advisories/52057/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for JBoss Enterprise BRMS Platform

by Carol~ Moderator - 2/1/13 12:23 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date: 2013-02-01

Criticality level : Moderately critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: JBoss Enterprise BRMS Platform 5.x

Description:
Red Hat has issued an update for JBoss Enterprise BRMS Platform. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to bypass certain security restrictions, and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.

Solution:
Apply security patches or update to version 5.3.1.

Original Advisory:
RHSA-2013:0221-1:
https://rhn.redhat.com/errata/RHSA-2013-0221.html

http://secunia.com/advisories/52054/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP-Table Reloaded Plugin "id" Cross-Site

by Carol~ Moderator - 2/1/13 12:23 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

WordPress WP-Table Reloaded Plugin "id" Cross-Site Scripting Vulnerability

Release Date : 2013-02-01

Criticality level: Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress WP-Table Reloaded Plugin 1.x

Description:
A vulnerability has been discovered in the WP-Table Reloaded plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "id" GET parameter to wp-content/plugins/wp-table-reloaded/js/tabletools/zeroclipboard.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerability is confirmed in version 1.9.3. Prior versions may also be affected.

Solution:
Update to version 1.9.4.

Provided and/or discovered by:
hip

Original Advisory:
WP-Table Reloaded:
http://wordpress.org/extend/plugins/wp-table-reloaded/changelog/
http://plugins.trac.wordpress.org/changeset/659870/wp-table-reloaded/trunk

hip:
http://packetstormsecurity.com/files/119968/WordPress-WP-Table-Reloaded-Cross-Site-Scripting.html

http://secunia.com/advisories/52027/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Vaadin "JsonPaintTarget.addAttribute()" Script Insertion

by Carol~ Moderator - 2/1/13 12:23 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Vaadin "JsonPaintTarget.addAttribute()" Script Insertion Vulnerability

Release Date : 2013-02-01

Criticality level: Modertaely critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Vaadin 6.x

Description:
A vulnerability has been reported in Vaadin, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via keys of the "Map" argument to the "JsonPaintTarget.addAttribute()" method is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will execute in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is reported in versions prior to 6.8.8.

Solution:
Update to version 6.8.8.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
https://vaadin.com/forum/-/message_boards/view_message/2456529
https://vaadin.com/download/release/6.8/6.8.8/release-notes.html#security-fixes
http://dev.vaadin.com/ticket/10873

http://secunia.com/advisories/52063/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Novell GroupWise Client Two Vulnerabilities

by Carol~ Moderator - 2/1/13 1:49 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-01-31

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software:
Novell GroupWise 2012
Novell GroupWise Client 2012
Novell GroupWise Client 8.x
Novell GroupWise Server 8.x

Description:
Two vulnerabilities have been reported in Novell GroupWise Client, which can be exploited by malicious people to compromise a user's system.

1) Some unspecified errors can be exploited to dereference untrusted pointers.

2) An unspecified error exists within an ActiveX control.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in versions prior to 8.0.3 Hot Patch 2 and 2012 SP1 Hot Patch 1 running on Windows.

Solution:
Update to version 8.0.3 Hot Patch 2 (or later) or 2012 SP1 Hot Patch 1.

Provided and/or discovered by:
The vendor credits:
1) High-Tech Bridge Security Research Lab
2) Andrea Micalizzi (rgod) via ZDI

Original Advisory:
Novell:
http://www.novell.com/support/kb/doc.php?id=7011687
http://www.novell.com/support/kb/doc.php?id=7011688

http://secunia.com/advisories/52031/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

DataLife Engine "catlist[]" PHP Code Execution Vulnerability

by Carol~ Moderator - 2/1/13 1:50 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Release Date : 2013-01-31

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Workaround

Software: DataLife Engine 9.x

Description:
Egidio Romano has reported a vulnerability in DataLife Engine, which can be exploited by malicious people to compromise a vulnerable system.

Input passed via the "catlist[]" POST parameter to engine/preview.php (when "mod" is set to "preview") is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code.

Successful exploitation requires the application to use a template that incorporates "[catlist]" or "[not-catlist]" tags in its preview.tpl file (default template does not).

The vulnerability is reported in version 9.7. Other versions may also be affected.

Solution:
Apply the vendor patch.

Provided and/or discovered by:
Egidio Romano

Original Advisory:
KIS-2013-01:
http://karmainsecurity.com/KIS-2013-01

http://secunia.com/advisories/51971/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Gallery Plugin "load" Remote File Inclusion

by Carol~ Moderator - 2/1/13 3:17 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

WordPress Gallery Plugin "load" Remote File Inclusion Vulnerability

Release Date : 2013-01-31

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: WordPress Gallery Plugin 1.x

Description:
Charlie Eriksen has discovered a vulnerability in the Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "load" parameter in wp-content/plugins/wordpress-gallery/functions/update_order.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources.

The vulnerability is confirmed in version 1.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Charlie Eriksen via Secunia.

http://secunia.com/advisories/51347/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Schneider Electric Accutech Manager Buffer Overflow

by Carol~ Moderator - 2/1/13 3:19 PM

In Reply to: VULNERABILITIES / FIXES - February 01, 2013 by Carol~ Moderator

Schneider Electric Accutech Manager Buffer Overflow Vulnerability

Release Date : 2013-01-31

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Unpatched

Software: Schneider Electric Accutech Manager 2.x

Description:
A vulnerability has been reported in Schneider Electric Accutech Manager, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 2.00.1 and prior.

Solution:
No official solution is currently available. A fix is scheduled to be released in February 2013.

Provided and/or discovered by:
The vendor credits Exodus Intelligence.

Original Advisory:
http://www.schneider-electric.com/sites/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130121_advisory_of_vulnerability_affecting_accutech_manager_software.xml

http://secunia.com/advisories/52034/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close