Research-> Advisories 2011
| ref. id |
title |
publ. date |
severity |
||
| SSA-1108 |
EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability |
23. aug., 2011 | very high |
||
references: ZDI Advisory CVE-2011-2735 Advisory by EMC, published on securityfocus. Affected products/versions: EMC AutoStart 5.3.* and 5.4.* Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x11 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user. | |||||
| SSA-1107 |
EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability |
23. aug., 2011 | very high |
||
references: ZDI Advisory CVE-2011-2735 Advisory by EMC, published on securityfocus. Affected products/versions: EMC AutoStart 5.3.* and 5.4.* Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Agent Service (ftAgent.exe). The Agent Service listens on TCP port 8045 for communications between AutoStart nodes. When handling messages with opcode 0x140 the process performs arithmetic on an unvalidated user-supplied value used to determine the size of a new heap buffer, allowing a potential integer wrap to cause a heap buffer overflow. Remote, unauthenticated attackers can exploit this vulnerability by sending malformed message packets to the target, which can ultimately lead to arbitrary code execution under the context of the SYSTEM user. | |||||
| SSA-1106 |
EMC Autostart Domain Name Logging Remote Code Execution Vulnerability |
23. aug., 2011 | very high |
||
references: ZDI Advisory CVE-2011-2735 Advisory by EMC, published on securityfocus. Affected products/versions: EMC AutoStart 5.3.* and 5.4.* Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC AutoStart High Availability. Authentication is not required to exploit this vulnerability. The specific flaw exists within the packet error handling of the application. When building an error message to log an error, the application will use a user-supplied string from the packet as an argument to a function containing a format string. The result of this function is written to a statically sized buffer located on the stack. This will lead to code execution under the context of the service. | |||||
| SSA-1105 |
Adobe Shockwave Font Structure Parsing Remote Code Execution Vulnerability |
14. june, 2011 | very high |
||
references: ZDI Advisory CVE-2011-2109 Advisory by Adobe Affected product/version: Adobe Shockwave, version 11.5.9.615 Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Font Asset.x32 module responsible for parsing font-related structures within Director movies (.dir). The code within this module extracts and copies strings without any bounds checking. Several calls to strcpy can be abused to overwrite stack buffers and subsequently execute remote code under the context of the user running the browser. | |||||
| SSA-1104 |
Adobe Shockwave Cursor Structure Parsing Remote Code Execution Vulnerability |
14. june, 2011 | very high |
||
references: ZDI Advisory CVE-2011-2120 Advisory by Adobe Affected product/version: Adobe Shockwave, version 11.5.9.615 Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Cursor Asset.x32 module responsible for parsing cursor structures from within Director movie files (.dir). While handling a size element, the code performs an unchecked multiplication operation which can cause an integer to wrap. This results in an undersized heap allocation which can be overflowed with user data leading to arbitrary code execution under the context of the user running the browser. | |||||
| SSA-1103 |
Adobe Shockwave AudioMixer Structure Parsing Remote Code Execution Vulnerability |
14. june, 2011 | very high |
||
references: ZDI Advisory CVE-2011-2121 Advisory by Adobe Affected product/version: Adobe Shockwave, version 11.5.9.615 Description from ZDI advisory: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AudioMixer.x32 module responsible for parsing mixer structures from within Director movie files (.dir). While handling a size element, the code performs an unchecked multiplication operation which can cause an integer to wrap. This results in an undersized heap allocation which can be overflowed with user data leading to arbitrary code execution under the context of the user running the browser. | |||||
| SSA-1102 |
Adobe Reader ICC Parsing Remote Code Execution Vulnerability |
08. feb., 2011 | very high |
||
references: ZDI Advisory CVE-2011-0598 Advisory by Adobe Affected products/versions: Adobe Reader 10.0 and <= 9.4.1 Versions 10.0 and <= 9.4.1 of Adobe Reader are vulnerable to a Heap Overflow vulnerability while parsing a specially-crafted embedded ICC stream in a PDF file. It is possible to cause an Integer Overflow due to multiple multiplications of controlled byte values. This can lead to the allocation of a small-sized buffer which will be overflown afterwards. The vulnerability can lead to code execution under the context of the currently logged in user. | |||||
| SSA-1101 |
CA ETrust Secure Content Manager Common Services Transport Remote Code Execution Vulnerability |
07. feb., 2011 | very high |
||
references: ZDI Advisory CVE-2011-0758 Advisory by CA Affected products/versions: CA Secure Content Manager 8.0 CA Gateway Security 8.1 Description from ZDI advisory: This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the eTrust Common Services Transport (ECSQdmn.exe) running on port 1882. When making a request to this service a user supplied DWORD value is used in a memory copy operation. Due to the lack of bounds checking an integer can be improperly calculated leading to a heap overflow. If successfully exploited this vulnerability will result in a remote system compromise with SYSTEM credentials. | |||||