Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - June 7, 2007

by Marianna Schmudlach / June 7, 2007 1:11 AM PDT

Yahoo! Messenger Webcam Upload and Viewer ActiveX Controls Buffer Overflow

Advisory ID : FrSIRT/ADV-2007-2094
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

Two vulnerabilities have been identified in Yahoo! Messenger, which could be exploited by remote attackers to take complete control of an affected system.

The first issue is caused by a buffer overflow error in the Webcam Upload ActiveX control (ywcupl.dll) when processing an overly long "Server" property while calling the "Send()" method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

The second vulnerabilityy is caused by a buffer overflow error in the Webcam Viewer ActiveX control (ywcvwr.dll) when processing an overly long "Server" property while calling the "Receive()" method, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.

Affected Products

Yahoo! Messenger version 8.1.0.249 and prior

Solution

Set kill bits for the CLSIDs {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} and {9D39223E-AE8E-11D4-8FD3-00D0B7730277}.

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2094

Credits

Vulnerabilities reported by Danny.

Discussion is locked
You are posting a reply to: VULNERABILITIES - June 7, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - June 7, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
All In One Control Panel "aiocp_dp" Parameter Cross Site Scr
by Marianna Schmudlach / June 7, 2007 1:12 AM PDT

All In One Control Panel "aiocp_dp" Parameter Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-2097
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in AIOCP (All In One Control Panel), which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an input validation error in the "public/code/cp_dpage.php" script that does not validate the "aiocp_dp" parameter before being passed as an argument to the "F_show_dynamic_page()" function, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

AIOCP (All In One Control Panel) version 1.3.016 and prior

Solution

Upgrade to AIOCP version 1.3.017 :
http://sourceforge.net/projects/aiocp/

References

http://www.frsirt.com/english/advisories/2007/2097
http://sourceforge.net/forum/forum.php?forum_id=703526

Credits

Vulnerability reported by the vendor.

Collapse -
Free PayPal Shopping Cart "news_id" Parameter Remote SQL Inj
by Marianna Schmudlach / June 7, 2007 1:13 AM PDT

Free PayPal Shopping Cart "news_id" Parameter Remote SQL Injection Vulnerability

Advisory ID : FrSIRT/ADV-2007-2098
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Free PayPal Shopping Cart, which could be exploited by attackers to execute arbitrary SQL queries. This issue is caused by an input validation error in the "news.asp" script that does not validate the "news_id" parameter before being used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks.

Affected Products

Free PayPal Shopping Cart version 1.0 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2098

Credits

Vulnerability reported by kerem125 and gsy.

Collapse -
WordPress XML-RPC Interface "wp_suggestCategories()" SQL Inj
by Marianna Schmudlach / June 7, 2007 1:14 AM PDT

WordPress XML-RPC Interface "wp_suggestCategories()" SQL Injection Vulnerability

Advisory ID : FrSIRT/ADV-2007-2099
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in WordPress, which could be exploited by malicious users to execute arbitrary SQL queries. This issue is caused by an input validation error in the "wp_suggestCategories()" [xmlrpc.php] function that does not validate user-supplied arguments before being used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks.

Affected Products

WordPress version 2.2 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2099

Credits

Vulnerability reported by Slappter.

Collapse -
ADPLAN SEO Module Unspecified Parameter Cross Site Scripting
by Marianna Schmudlach / June 7, 2007 1:16 AM PDT

ADPLAN SEO Module Unspecified Parameter Cross Site Scripting Vulnerability

Advisory ID : FrSIRT/ADV-2007-2100
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in ADPLAN, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by unspecified input validation errors in the SEO module when processing user-supplied data, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

Affected Products

ADPLAN version 3

Solution

Upgrade to ADPLAN version 4 :
https://secure.adplan.ne.jp/contents/index.cgi

References

http://www.frsirt.com/english/advisories/2007/2100
http://jvn.jp/jp/JVN%2323891849/index.html

Credits

Vulnerability reported by Sugiyama.

Collapse -
Gentoo Security Update Fixes Evolution Shared Memos Format S
by Marianna Schmudlach / June 7, 2007 1:29 AM PDT

Gentoo Security Update Fixes Evolution Shared Memos Format String Vulnerability

Advisory ID : FrSIRT/ADV-2007-2084
CVE ID : CVE-2007-1002
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Gentoo, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in Evolution. For additional information, see : FrSIRT/ADV-2007-1058

Affected Products

mail-client/evolution versions prior to 2.8.3-r2

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=mail-client/evolution-2.8.3-r2"

References

http://www.frsirt.com/english/advisories/2007/2084
http://www.gentoo.org/security/en/glsa/glsa-200706-02.xml

Collapse -
Gentoo Security Update Fixes Elinks Gettext Catalog Local Co
by Marianna Schmudlach / June 7, 2007 1:31 AM PDT

Gentoo Security Update Fixes Elinks Gettext Catalog Local Code Execution Vulnerability

Advisory ID : FrSIRT/ADV-2007-2085
CVE ID : CVE-2007-2027
Rated as : Low Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Gentoo, which could be exploited by local attackers to execute arbitrary code. This issue is caused by an error in Elinks. For additional information, see : FrSIRT/ADV-2007-1686

Affected Products

www-client/elinks versions prior to 0.11.2-r1

Solution

Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=www-client/elinks-0.11.2-r1"

References

http://www.frsirt.com/english/advisories/2007/2085
http://www.gentoo.org/security/en/glsa/glsa-200706-03.xml

Collapse -
Fedora Security Update Fixes Quagga bgpd Remote Denial of Se
by Marianna Schmudlach / June 7, 2007 1:32 AM PDT

Fedora Security Update Fixes Quagga bgpd Remote Denial of Service Vulnerability

Advisory ID : FrSIRT/ADV-2007-2086
CVE ID : CVE-2007-1995
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in Quagga. For additional information, see : FrSIRT/ADV-2007-1336

Affected Products

Fedora Core 6

Solution

Upgrade the affected package

References

http://www.frsirt.com/english/advisories/2007/2086
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00068.html

Collapse -
Fedora Security Update Fixes FreeType "TT_Load_Simple_Glyph(
by Marianna Schmudlach / June 7, 2007 1:34 AM PDT

Fedora Security Update Fixes FreeType "TT_Load_Simple_Glyph()" Integer Overflow

Advisory ID : FrSIRT/ADV-2007-2087
CVE ID : CVE-2007-2754
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to execute arbitrary code. This issue is caused by an error in FreeType. For additional information, see : FrSIRT/ADV-2007-1894

Affected Products

Fedora 7

Solution

Upgrade the affected package

References

http://www.frsirt.com/english/advisories/2007/2087
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00036.html

Collapse -
Fedora Security Update Fixes Zapping VBI Library (ZVBI) Buff
by Marianna Schmudlach / June 7, 2007 1:35 AM PDT

Fedora Security Update Fixes Zapping VBI Library (ZVBI) Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2089
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service or potentially execute arbitrary code. This issue is caused by an error in ZVBI (Zapping VBI Library). For additional information, see : FrSIRT/ADV-2007-2088

Affected Products

Fedora 7

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2089
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00047.html

Collapse -
Fedora Security Update Fixes PostgreSQL SECURITY DEFINER Fun
by Marianna Schmudlach / June 7, 2007 1:37 AM PDT

Fedora Security Update Fixes PostgreSQL SECURITY DEFINER Functions Vulnerability

Advisory ID : FrSIRT/ADV-2007-2090
CVE ID : CVE-2007-2138
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A vulnerability has been identified in Fedora, which could be exploited by malicious users to obtain elevated privileges. This issue is caused by an error in PostgreSQL. For additional information, see : FrSIRT/ADV-2007-1497

Affected Products

Fedora Core 5
Fedora Core 6
Fedora 7

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2090
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00065.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00064.html
https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00043.html

Collapse -
Redhat Security Update Fixes Fetchmail Information Disclosur
by Marianna Schmudlach / June 7, 2007 1:38 AM PDT

Redhat Security Update Fixes Fetchmail Information Disclosure Security Weakness

Advisory ID : FrSIRT/ADV-2007-2095
CVE ID : CVE-2007-1558
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

A weakness has been identified in Redhat, which could be exploited by remote attackers to gain knowledge of sensitive information. This issue is caused by an error in Fetchmail. For additional information, see : FrSIRT/ADV-2007-1467

Affected Products

RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 (Itanium)

Solution

Upgrade the affected packages :
http://rhn.redhat.com/

References

http://www.frsirt.com/english/advisories/2007/2095
http://rhn.redhat.com/errata/RHSA-2007-0385.html

Collapse -
SuSE Security Update Fixes Asterisk Multiple Remote Denial o
by Marianna Schmudlach / June 7, 2007 1:39 AM PDT

SuSE Security Update Fixes Asterisk Multiple Remote Denial of Service Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2096
CVE ID : CVE-2007-1306 - CVE-2007-1561 - CVE-2007-1594 - CVE-2007-1595 - CVE-2007-2294 - CVE-2007-2297 - CVE-2007-2488
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-07
Technical Description

Multiple vulnerabilities have been identified in SuSE and openSUSE, which could be exploited by attackers to cause a denial of service. These issues are caused by errors in Asterisk. For additional information, see : FrSIRT/ADV-2007-0830 - FrSIRT/ADV-2007-1039 - FrSIRT/ADV-2007-1077 - FrSIRT/ADV-2007-1123 - FrSIRT/ADV-2007-1534 - FrSIRT/ADV-2007-1661

Affected Products

SUSE LINUX 10.1
openSUSE 10.2

Solution

Upgrade the affected package :
ftp://ftp.suse.com/pub/suse/update

References

http://www.frsirt.com/english/advisories/2007/2096
http://lists.suse.com/archive/suse-security-announce/2007-Jun/0003.html

Collapse -
Oracle Native Authentication Version 9i and 10g
by Marianna Schmudlach / June 7, 2007 2:14 AM PDT
Collapse -
Microsoft June 2007 Advance Notification Multiple Vulnerabil
by Marianna Schmudlach / June 7, 2007 7:27 AM PDT

Microsoft June 2007 Advance Notification Multiple Vulnerabilities


Bugtraq ID: 24366
Class: Unknown
CVE:
Remote: Yes
Local: Yes
Published: Jun 07 2007 12:00AM
Updated: Jun 07 2007 12:00AM
Credit: Reported by the vendor.


Microsoft has released advance notification that the vendor will be releasing six security bulletins on June 12, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

http://www.securityfocus.com/bid/24366/info

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

Turn up the volume with our Apple Byte sweeps!

Two lucky winners will take home the coveted smart speaker that lets Siri help you around your connected house. This sweepstake ends Feb. 25, 2018.