Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - February 06, 2013

by: Carol~ February 6, 2013 10:11 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - February 06, 2013

by Carol~ Moderator - 2/6/13 10:11 AM

Red Hat update for kernel

Release Date : 2013-02-06

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System : Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6

Description:
Red Hat has issued an update for kernel. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0223-1:
https://rhn.redhat.com/errata/RHSA-2013-0223.html

http://secunia.com/advisories/52105/


Reply
Report offensive post
Email to friend

SUSE update for v8

by Carol~ Moderator - 2/6/13 10:15 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System:
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for v8. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0241-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00007.html

http://secunia.com/advisories/52049/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for apache2

by Carol~ Moderator - 2/6/13 10:15 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Privilege escalation
Where : From remote
Solution Status : Vendor Patch

Operating System:
openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for apache2. This fixes two weaknesses, a security issue, and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0243-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html

openSUSE-SU-2013:0248-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html

http://secunia.com/advisories/52111/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for apache2 (#2)

by Carol~ Moderator - 2/6/13 10:15 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : openSUSE 12.2

Description:
SUSE has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0245-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html

http://secunia.com/advisories/52113/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Qt Shared Memory Segment Manipulation Weakness

by Carol~ Moderator - 2/6/13 10:16 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date: 2013-02-06

Criticality level Not critical
Impact : Security Bypass
Where : Local system
Solution Status : Vendor Workaround

Software:
Qt 4.x
Qt 5.x

Description:
A weakness has been reported in Qt, which can be exploited by malicious, local users to bypass certain security restrictions.

The weakness is caused due to the Qt library creating shared memory blocks with world-readable and world-writable permissions, which can be exploited to overwrite arbitrary data in the shared memory or read arbitrary data from the memory.

The weakness is reported in versions 4.4.0 through 5.0.0.

Solution:
Apply patches if available.

Provided and/or discovered by:
The vendor credits Tim Brown.

Original Advisory:
http://permalink.gmane.org/gmane.comp.lib.qt.devel/9759

http://secunia.com/advisories/52040/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote

by Carol~ Moderator - 2/6/13 10:16 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

WordPress WP ecommerce Shop Styling Plugin "dompdf" Remote File Inclusion Vulnerability

Release Date : 2013-02-06

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: WordPress WP ecommerce Shop Styling Plugin 1.x

Description:
Charlie Eriksen has discovered a vulnerability in the WP ecommerce Shop Styling plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "dompdf" parameter in wp-content/plugins/wp-ecommerce-shop-styling/includes/generate-pdf.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources.

The vulnerability is confirmed in version 1.7.2. Other versions may also be affected.

Solution:
Update to version 1.8.

Provided and/or discovered by:
Charlie Eriksen via Secunia

Original Advisory:
http://wordpress.org/extend/plugins/wp-ecommerce-shop-styling/changelog/
http://plugins.trac.wordpress.org/changeset/664069/wp-ecommerce-shop-styling

http://secunia.com/advisories/51707/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

EMC RSA Archer GRC Multiple Vulnerabilities

by Carol~ Moderator - 2/6/13 10:20 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Vendor Patch

Software: EMC RSA Archer GRC 5.x

Description:
Multiple vulnerabilities have been reported in EMC RSA Archer GRC, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, conduct clickjacking attacks, and bypass certain security restrictions.

1) An unspecified error exists within the application and can be exploited to upload arbitrary files via directory traversal sequences.

2) An unspecified error related to Silverlight can be exploited to bypass same-origin policy and perform unauthorized cross-domain requests.

3) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

4) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into clicking a specially crafted link via clickjacking.

The vulnerabilities are reported in versions prior to 5.3.

Solution:
Update to version 5.2SP1 or 5.3.

Provided and/or discovered by:
1, 2, 4) Reported by the vendor
3) The vendor credits Nello Coppeto, eMaze Network SpA

Original Advisory:
ESA-2013-002:
http://seclists.org/bugtraq/2013/Feb/att-0/ESA-2013-002.txt

http://secunia.com/advisories/52102/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

EMC RSA Archer SmartSuite Framework Multiple Vulnerabilities

by Carol~ Moderator - 2/6/13 10:20 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
System access
Where : From remote
Solution Status : Unpatched

Software: EMC RSA Archer SmartSuite Framework 4.x

Description:
Multiple vulnerabilities have been reported in EMC RSA Archer SmartSuite Framework, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, conduct clickjacking attacks, and bypass certain security restrictions.

Solution:
Upgrade to version 5.2SP1 or 5.3.

Original Advisory:
ESA-2013-002:
http://seclists.org/bugtraq/2013/Feb/att-0/ESA-2013-002.txt

http://secunia.com/advisories/52067/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco Nexus 7000 Series NX-OS High Availability Policy CDP

by Carol~ Moderator - 2/6/13 10:20 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Cisco Nexus 7000 Series NX-OS High Availability Policy CDP Denial of Service Vulnerability

Release Date : 2013-02-06

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System :
Cisco Nexus 7000 Series Switches
Cisco NX-OS 4.x
Cisco NX-OS 5.x

Description:
A vulnerability has been reported in Cisco Nexus 7000 Series NX-OS, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling Cisco Discovery Protocol (CDP) packets and can be exploited to reset a device by sending specially crafted CDP packets.

Successful exploitation requires that the High Availability policy is configured for Reset.

The vulnerability is reported in versions 4.2, 5.0, 5.1, and 5.2 running on Cisco Nexus 7000 series switches.

Solution:
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCtk34535, CSCtk19132):
http://tools.cisco.com/security/center/viewAlert.x?alertId=26619
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html

http://secunia.com/advisories/52094/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for xserver-xorg-video-qxl

by Carol~ Moderator - 2/6/13 10:20 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System:
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for xserver-xorg-video-qxl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages.

Original Advisory:
USN-1714-1:
http://www.ubuntu.com/usn/usn-1714-1

http://secunia.com/advisories/52098/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IntegraXor ActiveX Control Buffer Overflow Vulnerability

by Carol~ Moderator - 2/6/13 10:20 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: IntegraXor 4.x
PE3DO32A ActiveX Control 4.x

Description:
A vulnerability has been reported in IntegraXor, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the PE3DO32A.ocx ActiveX control and can be exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 4.00 build 4250.0 and prior.

Solution:
Update to version 4.00 build 4280.0.

Provided and/or discovered by:
Andrew Brooks

Original Advisory:
ICS-CERT:
http://ics-cert.us-cert.gov/pdf/ICSA-13-036-02.pdf

http://secunia.com/advisories/52073/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM System Storage SAN Volume Controller and Storwize V7000

by Carol~ Moderator - 2/6/13 11:03 AM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

IBM System Storage SAN Volume Controller and Storwize V7000 Authentication Bypass Vulnerability

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System: IBM Storwize V7000 6.x

Software: IBM System Storage SAN Volume Controller 6.x

Description:
A vulnerability has been reported in IBM System Storage SAN Volume Controller and Storwize V7000, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the application not properly restricting access to administration GUI, which can be exploited to bypass authentication mechanism and e.g. modify configurations.

The vulnerability is reported in versions 6.1, 6.2, 6.3, and 6.4.

Solution:
Apply SVC/V7000 PTF level 6.4.1.3.

Provided and/or discovered by:
The vendor credits Marcin Mielnoczek, Narodowe Archiwum Cyfrowe (National Digital Archives).

Original Advisory:
IBM (S1004277):
https://www.ibm.com/support/docview.wss?uid=ssg1S1004277

http://secunia.com/advisories/52115/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OpenSSL Information Disclosure and Denial of Service

by Carol~ Moderator - 2/6/13 12:21 PM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

OpenSSL Information Disclosure and Denial of Service Vulnerabilities

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status : Vendor Patch

Software: OpenSSL 0.x
OpenSSL 1.x

Description:
Multiple vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service) of the application using the library.

1) An error when handling message authentication codes (MACs) with a block cipher algorithm in the CBC (Cipher-Block Chaining) mode can be exploited to potentially disclose certain plaintext bits from a block of ciphertext.

2) An error when handling TLS packets using CBC mode can be exploited to cause a crash.

This vulnerability is reported in version 1.0.1c running on the AES-NI platform.

3) An error when handling OCSP response verification can be exploited to render the application unusable.

Vulnerabilities #1 and #3 are reported in versions 1.0.1c, 1.0.0j, and 0.9.8x and prior.

Solution:
Update to versions 1.0.1d, 1.0.0k, or 0.9.8y.

Provided and/or discovered by:
1) Nadhem AlFardan and Kenny Paterson, Information Security Group at Royal Holloway, University of London
2) The vendor independently credits Adam Langley and Wolfgang Ettlingers
3) Reported by the vendor.

Original Advisory:
OpenSSL:
http://www.openssl.org/news/secadv_20130205.txt

Nadhem AlFardan and Kenny Pater

http://secunia.com/advisories/52036/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xen netback Two Denial of Service Vulnerabilities

by Carol~ Moderator - 2/6/13 1:52 PM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Workaround

Software: Xen 3.x

Description:
Two vulnerabilities have been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

1) An input sanitization error within the netback implementation when handling the ring producer/consumer pointers can be exploited to trigger an infinite loop and render the system unusable.

2) A memory leak error within the netback implementation can be exploited to render the system unusable.

The vulnerabilities are reported in versions 3.x including Linux 2.6.18.

Solution:
Fixed in the Mercurial repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.openwall.com/lists/oss-security/2013/02/05/8

http://secunia.com/advisories/52056/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xen "pciback_enable_msi()" Log Message Flooding Denial

by Carol~ Moderator - 2/6/13 1:55 PM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Xen "pciback_enable_msi()" Log Message Flooding Denial of Service Vulnerability

Release Date : 2013-02-06

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Workaround

Software: Xen 3.x

Description:
A vulnerability has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the "pciback_enable_msi()" function (drivers/xen/pciback/conf_space_capability_msi.c), which does not limit the rate of kernel log messages. This can be exploited to flood the kernel with log messages and render the system unusable.

Successful exploitation requires running a guest with access to passed through PCI devices.

The vulnerability is reported in versions 3.x including Linux 2.6.18.

Solution:
Fixed in the Mercurial repository.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
XSA-43:
http://www.openwall.com/lists/oss-security/2013/02/05/9

http://secunia.com/advisories/52059/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Nagios XI Multiple Vulnerabilities

by Carol~ Moderator - 2/6/13 1:56 PM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-02-06

Criticality level : Less critical
Impact : Cross Site Scripting
Spoofing
Manipulation of data
System access
Where : From remote
Solution Status : Unpatched

Software: Nagios XI 2012.x

Description:
James Clawson has discovered a weakness and multiple vulnerabilities in Nagios XI, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct spoofing, cross-site scripting, and cross-site request forgery attacks.

1) Input passed via the "xiwindow" GET parameter to admin/index.php is not properly verified before being used to be displayed as iframe. This can be exploited to display an arbitrary website within an iframe e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

2) Input passed via multiple GET parameters to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

List of affected scripts and parameters:
http://[host]/includes/components/alertcloud/index.php?width
http://[host]/includes/components/escalationwizard/escalationwizard.php?config_name

3) The application allows users to perform certain actions via HTTP requests without properly verifying the requests. This can be exploited to e.g. edit and apply "Host Escalations" configurations by tricking a logged-in administrator into visiting a malicious website.

4) Input passed via the "address" POST parameter to includes/components/autodiscovery/index.php (when "mode" is set to "newjob", "update" is set to "1", and "job" is set to "-1") is not properly verified before being used. This can be exploited to inject and execute arbitrary shell commands.

The weakness and the vulnerabilities are confirmed in version 2012r1.5. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
James Clawson

Original Advisory:
James Clawson:
http://archives.neohapsis.com/archives/fulldisclosure/2013-02/0011.html

http://secunia.com/advisories/52011/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco IOS Catalyst Switches HTTP Server Feature Denial of

by Carol~ Moderator - 2/6/13 2:07 PM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Cisco IOS Catalyst Switches HTTP Server Feature Denial of Service Vulnerability

Release Date : 2013-02-06

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Partial Fix

Operating System :
Cisco IOS 12.x
Cisco IOS 15.0
Cisco IOS 15.1
Cisco IOS 15.2

Description:
A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling TCP socket events within the HTTP server feature and can be exploited to crash a device by sending a specially crafted series of packets to TCP port 80 or 443.

Successful exploitation requires the HTTP server feature to be enabled.

Please see the vendor's advisory for a list of affected versions running on Cisco Catalyst switches.

Solution:
Apply updates if available (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCuc53853):
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1100
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCuc53853

http://secunia.com/advisories/52026/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

DataLife Engine Multiple Vulnerabilities

by Carol~ Moderator - 2/6/13 2:13 PM

In Reply to: VULNERABILITIES / FIXES - February 06, 2013 by Carol~ Moderator

Release Date : 2013-01-31
Last Update : 2013-02-06

Criticality level : Highly critical
Impact : Hijacking
System access
Where : From remote
Solution Status : Vendor Workaround

Software: DataLife Engine 9.x

Description:
Multiple vulnerabilities have been reported in DataLife Engine, which can be exploited by malicious people to conduct session fixation attacks and compromise a vulnerable system.

1) Input passed via the "catlist[]" POST parameter to engine/preview.php (when "mod" is set to "preview") is not properly sanitised before calling the "preg_replace()" function with the "e" modifier. This can be exploited to execute arbitrary PHP code.

Successful exploitation requires the application to use a template that incorporates "[catlist]" or "[not-catlist]" tags in its preview.tpl file (default template does not).

2) An error when handling sessions can be exploited to hijack a user's session by tricking the user into logging in after visiting a specially crafted page located on the same domain or one of its subdomains.

The vulnerabilities are reported in version 9.7. Other versions may also be affected.

Solution:
Apply the vendor patch.

Provided and/or discovered by:
1) Egidio Romano
2) Timur Yunusov, Positive Research Center

Original Advisory:
KIS-2013-01:
http://karmainsecurity.com/KIS-2013-01

PT-2012-53:
http://en.securitylab.ru/lab/PT-2012-53

http://secunia.com/advisories/51971


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close