Friday, October 30, 2009

New Vulnerabilities Microsoft / Adobe

* Microsoft .NET Framework Remote Code Execution Exploit (MS09-061)

This remote code execution exploit takes advantage of a vulnerability
in Microsoft .NET Framework when processing certain code e.g. in
a XAML browser application (XBAP).

CVE ID: CVE-2009-0091


* Adobe Reader U3D Clod Declaration Code Execution Exploit (APSB09-15)

This code execution exploit takes advantage of an array indexing
vulnerability in Adobe Reader when processing U3D Clod Declarations
within a PDF file.

CVE ID: CVE-2009-2994


* Microsoft Internet Explorer Remote Memory Corruption PoC (MS09-052)

This code demonstrates a memory corruption vulnerability in Microsoft
Internet Explorer when processing certain HTML elements.


CVE ID: CVE-2009-2531

Tuesday, October 27, 2009

Mozilla Firefox Code Execution and Information Disclosure Vulnerabilities

Multiple vulnerabilities have been identified in Mozilla Firefox,
which could be exploited by attackers to manipulate or disclose
certain data, bypass security restrictions or compromise a vulnerable
system.

The first issue is caused by an error within the form history, which
could allow malicious web sites to trick a vulnerable browser into
auto-filling form fields with history entries and then reading the
entries.

The second vulnerability is caused due to a predictable file naming
scheme being used to download a file which already exists in the
downloads folder, which could allow an attacker with access to a
vulnerable system to place a malicious file in the world-writable
directory used to save temporary downloaded files and cause the
browser to open it.

The third issue is caused by a memory corruption error within the
processing of recursive web-worker calls, which could be exploited to
crash an affected browser or execute arbitrary code.

The fourth vulnerability is caused by a memory corruption error within
the parsing of regular expressions used in Proxy Auto-configuration
(PAC) files, which could allow attackers to crash an affected browser
or execute arbitrary code on a system where PAC has been configured
with specific regular expresssions.

The fifth issue is caused by a heap overflow error in the GIF image
parser, which could be exploited to crash an affected browser or
execute arbitrary code.

The sixth vulnerability is caused due to the XPCOM utility
"XPCVariant::VariantDataToJS" unwrapping doubly-wrapped objects before
returning them to chrome callers, which could result in chrome
privileged code calling methods on an object which had previously been
created or modified by web content, leading to the execution of
malicious JavaScript code with chrome privileges.

The seventh issue is caused by a heap overflow error in the string to
floating point number conversion routines, which could be exploited to
crash an affected browser or execute arbitrary code.

The eighth vulnerability is caused due to a same-origin policy bypass
via the "document.getSelection" function, which could be exploited to
conduct cross-domain scripting attacks.

The ninth vulnerability is caused by an error when downloading a file
with a name containing a right-to-left override character (RTL), which
could be exploited to obfuscate the name and extension of a malicious
file to be downloaded and opened.

The tenth issue is caused by memory corruption errors in the
JavaScript and browser engines when parsing malformed data, which
could be exploited by attackers to crash a vulnerable browser or
execute arbitrary code.

Other memory corruption errors related to liboggz, libvorbis, and
liboggplay have also been reported, which could be exploited by
attackers to compromise a vunerable system.

Affected Products

Mozilla Firefox versions prior to 3.5.4
Mozilla Firefox versions prior to 3.0.15

Monday, October 19, 2009

DHS Web sites vulnerable to hackers, IG says

The Homeland Security Department’s most popular Web sites appear to be vulnerable to hackers and could put department data at risk of loss or unauthorized use, according to a new report from DHS Inspector General Richard Skinner.

“These vulnerabilities could put DHS data at risk,” Skinner wrote in the report issued Oct. 8. “In addition, DHS can make improvements in managing its system inventory and providing technical oversight and guidance in order to evaluate the security threats to its public-facing Web sites.”

Read More...

Wednesday, October 14, 2009

Snow Leopard bug deletes all user data

Computerworld - Snow Leopard users have reported that they've lost all their personal data when they've logged into a "Guest" account after upgrading from Leopard, according to messages on Apple's support forum.

The bug, users said in a well-read thread on Apple's support forum, resets all settings on the Mac, resets all applications' settings and erases the contents of critical folders containing documents, photos and music.

The MacFixIt site first reported the problem more than a month ago.

Read more...

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c