Vulnerability Summary for the Week of February 15, 2010

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- webkit google -- chrome	WebKit before r53525, as used in Google Chrome before 4.0.249.89,allows remote attackers to execute arbitrary code in the Chrome sandboxvia a malformed RUBY element, as demonstrated by a <ruby&gt><rt> sequence.</rt&gt<table&gt <tbody><tr>	2010-02-18	9.3	CVE-2010-0647 CONFIRM
apple -- webkit google -- chrome	WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit beforer52401, as used in Google Chrome before 4.0.249.78, allows remoteattackers to bypass the Same Origin Policy via vectors involving thewindow.open method.	2010-02-18	7.5	CVE-2010-0661 CONFIRM CONFIRM
dokuwiki -- dokuwiki	A typo in the administrator permission check in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to gain privileges and access closed wikis by editing currentACL statements, as demonstrated in the wild in January 2010.	2010-02-15	7.5	CVE-2010-0288 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM
google -- chrome	Multiple integer overflows in factory.cc in Google V8 before r3560, asused in Google Chrome before 4.0.249.89, allow remote attackers toexecute arbitrary code in the Chrome sandbox via crafted use ofJavaScript arrays.	2010-02-18	9.3	CVE-2010-0645 CONFIRM
google -- chrome	Multiple integer signedness errors in factory.cc in Google V8 beforer3560, as used in Google Chrome before 4.0.249.89, allow remoteattackers to execute arbitrary code in the Chrome sandbox via crafteduse of JavaScript arrays.	2010-02-18	10.0	CVE-2010-0646 VUPEN CONFIRM
google -- chrome	Integer overflow in the CrossCallParamsEx::CreateFromBuffer function insandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89allows attackers to leverage renderer access to cause a denial ofservice (heap memory corruption) or possibly have unspecified otherimpact via a malformed message, related to deserializing of sandboxmessages.	2010-02-18	9.3	CVE-2010-0649 CONFIRM
google -- chrome	Use-after-free vulnerability in Google Chrome before 4.0.249.78 allowsuser-assisted remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via vectorsinvolving the display of a blocked popup window during navigation to adifferent web site.	2010-02-18	9.3	CVE-2010-0655 CONFIRM
google -- chrome	Google Chrome before 4.0.249.78 on Windows does not perform theexpected encoding, escaping, and quoting for the URL in the --appargument in a desktop shortcut, which allows user-assisted remoteattackers to execute arbitrary programs or obtain sensitive informationby tricking a user into creating a crafted shortcut.	2010-02-18	9.3	CVE-2010-0657 CONFIRM SECTRACK CONFIRM CONFIRM
google -- chrome	Multiple integer overflows in Skia, as used in Google Chrome before4.0.249.78, allow remote attackers to execute arbitrary code in theChrome sandbox or cause a denial of service (memory corruption andapplication crash) via vectors involving CANVAS elements.	2010-02-18	9.3	CVE-2010-0658 CONFIRM
juniper -- odyssey_access_client	Stack-based buffer overflow in dsInstallerService.dll in the JuniperInstaller Service, as used in Juniper Odyssey Access Client4.72.11421.0 and other products, allows remote attackers to executearbitrary code via a long string in a malformedDSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService namedpipe.	2010-02-15	10.0	CVE-2009-4643 MISC IDEFENSE
realnetworks -- helix_player realnetworks -- realplayer	Buffer overflow in the Unescape function in common/util/hxurl.cpp andplayer/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a URLargument containing a % (percent) character that is not followed by twohex digits.	2010-02-18	7.5	CVE-2010-0416 CONFIRM CONFIRM REDHAT MLIST
sun -- openoffice.org	Integer overflow in the XPMReader::ReadXPM function infilter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2allows remote attackers to execute arbitrary code via a crafted XPMfile that triggers a heap-based buffer overflow.	2010-02-16	9.3	CVE-2009-2949 VUPEN
sun -- openoffice.org	Heap-based buffer overflow in theGIFLZWDecompressor::GIFLZWDecompressor function infilter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allowsremote attackers to cause a denial of service (application crash) orpossibly execute arbitrary code via a crafted GIF file, related to LZWdecompression.	2010-02-16	9.3	CVE-2009-2950 CONFIRM XF VUPEN BID REDHAT CONFIRM CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA
sun -- openoffice.org	Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo)before 3.2 allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a craftedsprmTDefTable table property modifier in a Word document.	2010-02-16	9.3	CVE-2009-3301 CONFIRM XF VUPEN BID REDHAT CONFIRM CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA
sun -- openoffice.org	filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remoteattackers to cause a denial of service (application crash) or possiblyexecute arbitrary code via a crafted sprmTSetBrc table propertymodifier in a Word document, related to a "boundary error flaw."	2010-02-16	9.3	CVE-2009-3302 CONFIRM XF VUPEN BID REDHAT CONFIRM CONFIRM DEBIAN SECTRACK SECUNIA SECUNIA
sun -- openoffice.org	OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforceVisual Basic for Applications (VBA) macro security settings, whichallows remote attackers to run arbitrary macros via a crafted document.	2010-02-16	9.3	CVE-2010-0136 BID MLIST DEBIAN SECTRACK

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- blazeds adobe -- coldfusion adobe -- flex_data_services adobe -- lifecycle adobe -- lifecycle_data_services	Unspecified vulnerability in BlazeDS 3.2 and earlier, as used inLiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1,and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1,and 9.0, allows remote attackers to obtain sensitive information viavectors that are associated with a request, and related to injectedtags and external entity references in XML documents.	2010-02-15	4.3	CVE-2009-3960 BID OSVDB CONFIRM SECTRACK
adobe -- adobe_air adobe -- flash_player	Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 andAdobe AIR before 1.5.3.9130 allows remote attackers to bypass intendedsandbox restrictions and make cross-domain requests via unspecifiedvectors.	2010-02-15	6.8	CVE-2010-0186 CONFIRM
adobe -- adobe_air adobe -- flash_player	Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130allow remote attackers to cause a denial of service (application crash)via a modified SWF file.	2010-02-15	4.3	CVE-2010-0187 REDHAT CONFIRM BID MISC CONFIRM SECTRACK MISC
apple -- safari apple -- webkit google -- chrome	WebKit before r52784, as used in Google Chrome before 4.0.249.78 andApple Safari, permits cross-origin loading of CSS stylesheets even whenthe stylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0651 CONFIRM
apple -- webkit google -- chrome	WebKit before r51295, as used in Google Chrome before 4.0.249.78,presents a directory-listing page in response to an XMLHttpRequest fora file:/// URL that corresponds to a directory, which allows attackersto obtain sensitive information or possibly have unspecified otherimpact via a crafted local HTML document.	2010-02-18	4.3	CVE-2010-0656 CONFIRM
apple -- webkit google -- chrome	The image decoder in WebKit before r52833, as used in Google Chromebefore 4.0.249.78, does not properly handle a failure of memoryallocation, which allows remote attackers to execute arbitrary code inthe Chrome sandbox via a malformed GIF file that specifies a large size.	2010-02-18	6.8	CVE-2010-0659 CONFIRM
cisco -- collaboration_server	Cross-site scripting (XSS) vulnerability inwebline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server(CCS) 5 allows remote attackers to inject arbitrary web script or HTMLvia the dest parameter.	2010-02-17	4.3	CVE-2010-0641 XF BID MISC
cisco -- collaboration_server	Cisco Collaboration Server (CCS) 5 allows remote attackers to read thesource code of JHTML files via URL encoded characters in the filenameextension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2)changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4)appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml,(b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml,(d) webline/html/forms/callbackICM.jhtml, (e)webline/html/agent/AgentFrame.jhtml, (f)webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml,(h) webline/html/multichatui/nowDefunctWindow.jhtml, (i)browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k)msccallme/mscCallForm.jhtml, and (l)webline/html/admin/wcs/LoginPage.jhtml components.	2010-02-17	5.0	CVE-2010-0642 XF BID MISC
dokuwiki -- dokuwiki	Directory traversal vulnerability in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to list the contents of arbitrary directories via a .. (dotdot) in the ns parameter.	2010-02-15	5.0	CVE-2010-0287 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM
dokuwiki -- dokuwiki	Multiple cross-site request forgery (CSRF) vulnerabilities in the ACLManager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25callow remote attackers to hijack the authentication of administratorsfor requests that modify access control rules, and other unspecifiedrequests, via unknown vectors.	2010-02-15	6.8	CVE-2010-0289 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM
google -- chrome	browser/login/login_prompt.cc in Google Chrome before 4.0.249.89populates an authentication dialog with credentials that were stored byPassword Manager for a different web site, which allows user-assistedremote HTTP servers to obtain sensitive information via a URL thatrequires authentication, as demonstrated by a URL in the SRC attributeof an IMG element.	2010-02-18	4.3	CVE-2010-0556 CONFIRM
google -- chrome	Google Chrome before 4.0.249.89 attempts to make direct connections toweb sites when all configured proxy servers are unavailable, whichallows remote HTTP servers to obtain potentially sensitive informationabout the identity of a client user via standard HTTP logging, asdemonstrated by a proxy server that was configured for the purpose ofanonymity.	2010-02-18	4.3	CVE-2010-0643 CONFIRM
google -- chrome	Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server isconfigured, sends DNS queries directly, which allows remote DNS serversto obtain potentially sensitive information about the identity of aclient user via request logging, as demonstrated by a proxy server thatwas configured for the purpose of anonymity.	2010-02-18	4.3	CVE-2010-0644 CONFIRM
google -- chrome	Google Chrome before 4.0.249.78 sends an https URL in the Refererheader of an http request in certain circumstances involving https tohttp redirection, which allows remote HTTP servers to obtainpotentially sensitive information via standard HTTP logging.	2010-02-18	5.0	CVE-2010-0660 CONFIRM
google -- chrome	The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not use the correct variables in calculations designedto prevent integer overflows, which allows attackers to leveragerenderer access to cause a denial of service or possibly haveunspecified other impact via bitmap data, related to deserialization.	2010-02-18	4.3	CVE-2010-0662 CONFIRM
google -- chrome	The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not initialize the memory locations that will holdbitmap data, which might allow remote attackers to obtain potentiallysensitive information from process memory by providing insufficientdata, related to use of a (1) thumbnail database or (2) HTML canvas.	2010-02-18	4.3	CVE-2010-0663 CONFIRM
google -- chrome	Stack consumption vulnerability in theChildProcessSecurityPolicy::CanRequestURL function inbrowser/child_process_security_policy.cc in Google Chrome before4.0.249.78 allows remote attackers to cause a denial of service (memoryconsumption and application crash) via a URL that specifies multipleprotocols, as demonstrated by a URL that begins with many repetitionsof the view-source: substring.	2010-02-18	4.3	CVE-2010-0664 CONFIRM
intel -- e1000 linux -- kernel linux -- kernel	The Linux kernel before 2.6.32.4 allows local users to gain privilegesor cause a denial of service (panic) by calling the (1) mmap or (2)mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."	2010-02-15	4.6	CVE-2010-0291 CONFIRM
intel -- e1000 linux -- kernel linux -- kernel	The load_elf_binary function in fs/binfmt_elf.c in the Linux kernelbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELFinterpreter is available before a call to the SET_PERSONALITY macro,which allows local users to cause a denial of service (system crash)via a 32-bit application that attempts to execute a 64-bit applicationand then triggers a segmentation fault, as demonstrated byamd64_killer, related to the flush_old_exec function.	2010-02-17	4.7	CVE-2010-0307 CONFIRM BID MLIST MLIST MLIST MLIST CONFIRM MISC CONFIRM MLIST CONFIRM
k5n -- webcalendar	Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0allows remote attackers to hijack the authentication of administratorsfor requests that change the administrative password via unknownvectors. NOTE: the provenance of this information is unknown; thedetails are obtained solely from third party information.	2010-02-15	6.8	CVE-2010-0638 SECUNIA
linux -- kernel	The do_pages_move function in mm/migrate.c in the Linux kernel before2.6.33-rc7 does not validate node values, which allows local users toread arbitrary kernel memory locations, cause a denial of service(OOPS), and possibly have unspecified other impact by specifying a nodethat is not part of the kernel's node set.	2010-02-17	4.6	CVE-2010-0415 CONFIRM
microsoft -- internet_explorer	Microsoft Internet Explorer permits cross-origin loading of CSSstylesheets even when the stylesheet download has an incorrect MIMEtype and the stylesheet document is malformed, which allows remote HTTPservers to obtain sensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0652 MISC
mozilla -- firefox	Mozilla Firefox, possibly before 3.6, allows remote attackers todiscover a redirect's target URL, for the session of a specific user ofa web site, by placing the site's URL in the HREF attribute of astylesheet LINK element, and then reading thedocument.styleSheets[0].href property value, related to an IFRAMEelement.	2010-02-18	4.3	CVE-2010-0648 MISC MISC
mozilla -- firefox	Mozilla Firefox permits cross-origin loading of CSS stylesheets evenwhen the stylesheet download has an incorrect MIME type and thestylesheet document is malformed, which allows remote HTTP servers toobtain sensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0654 MISC
opera -- opera_browser	Opera permits cross-origin loading of CSS stylesheets even when thestylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0653 MISC
realnetworks -- helix_player realnetworks -- realplayer	Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a RuleBookstructure with a large number of rule-separator characters that triggerheap memory corruption.	2010-02-18	5.0	CVE-2010-0417 CONFIRM CONFIRM REDHAT MLIST
squid-cache -- squid	The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0through 3.0.STABLE23 allows remote attackers to cause a denial ofservice (crash) via crafted packets to the HTCP port, which triggers aNULL pointer dereference.	2010-02-15	5.0	CVE-2010-0639 VUPEN MISC MISC CONFIRM SECTRACK BID OSVDB MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- blazeds adobe -- coldfusion adobe -- flex_data_services adobe -- lifecycle adobe -- lifecycle_data_services	Unspecified vulnerability in BlazeDS 3.2 and earlier, as used inLiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1,and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1,and 9.0, allows remote attackers to obtain sensitive information viavectors that are associated with a request, and related to injectedtags and external entity references in XML documents.	2010-02-15	4.3	CVE-2009-3960 BID OSVDB CONFIRM SECTRACK
adobe -- adobe_air adobe -- flash_player	Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 andAdobe AIR before 1.5.3.9130 allows remote attackers to bypass intendedsandbox restrictions and make cross-domain requests via unspecifiedvectors.	2010-02-15	6.8	CVE-2010-0186 CONFIRM
adobe -- adobe_air adobe -- flash_player	Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130allow remote attackers to cause a denial of service (application crash)via a modified SWF file.	2010-02-15	4.3	CVE-2010-0187 REDHAT CONFIRM BID MISC CONFIRM SECTRACK MISC
apple -- safari apple -- webkit google -- chrome	WebKit before r52784, as used in Google Chrome before 4.0.249.78 andApple Safari, permits cross-origin loading of CSS stylesheets even whenthe stylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0651 CONFIRM
apple -- webkit google -- chrome	WebKit before r51295, as used in Google Chrome before 4.0.249.78,presents a directory-listing page in response to an XMLHttpRequest fora file:/// URL that corresponds to a directory, which allows attackersto obtain sensitive information or possibly have unspecified otherimpact via a crafted local HTML document.	2010-02-18	4.3	CVE-2010-0656 CONFIRM
apple -- webkit google -- chrome	The image decoder in WebKit before r52833, as used in Google Chromebefore 4.0.249.78, does not properly handle a failure of memoryallocation, which allows remote attackers to execute arbitrary code inthe Chrome sandbox via a malformed GIF file that specifies a large size.	2010-02-18	6.8	CVE-2010-0659 CONFIRM
cisco -- collaboration_server	Cross-site scripting (XSS) vulnerability inwebline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server(CCS) 5 allows remote attackers to inject arbitrary web script or HTMLvia the dest parameter.	2010-02-17	4.3	CVE-2010-0641 XF BID MISC
cisco -- collaboration_server	Cisco Collaboration Server (CCS) 5 allows remote attackers to read thesource code of JHTML files via URL encoded characters in the filenameextension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2)changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4)appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml,(b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml,(d) webline/html/forms/callbackICM.jhtml, (e)webline/html/agent/AgentFrame.jhtml, (f)webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml,(h) webline/html/multichatui/nowDefunctWindow.jhtml, (i)browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k)msccallme/mscCallForm.jhtml, and (l)webline/html/admin/wcs/LoginPage.jhtml components.	2010-02-17	5.0	CVE-2010-0642 XF BID MISC
dokuwiki -- dokuwiki	Directory traversal vulnerability in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to list the contents of arbitrary directories via a .. (dotdot) in the ns parameter.	2010-02-15	5.0	CVE-2010-0287 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM
dokuwiki -- dokuwiki	Multiple cross-site request forgery (CSRF) vulnerabilities in the ACLManager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25callow remote attackers to hijack the authentication of administratorsfor requests that modify access control rules, and other unspecifiedrequests, via unknown vectors.	2010-02-15	6.8	CVE-2010-0289 CONFIRM DEBIAN SECUNIA FEDORA FEDORA CONFIRM
google -- chrome	browser/login/login_prompt.cc in Google Chrome before 4.0.249.89populates an authentication dialog with credentials that were stored byPassword Manager for a different web site, which allows user-assistedremote HTTP servers to obtain sensitive information via a URL thatrequires authentication, as demonstrated by a URL in the SRC attributeof an IMG element.	2010-02-18	4.3	CVE-2010-0556 CONFIRM
google -- chrome	Google Chrome before 4.0.249.89 attempts to make direct connections toweb sites when all configured proxy servers are unavailable, whichallows remote HTTP servers to obtain potentially sensitive informationabout the identity of a client user via standard HTTP logging, asdemonstrated by a proxy server that was configured for the purpose ofanonymity.	2010-02-18	4.3	CVE-2010-0643 CONFIRM
google -- chrome	Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server isconfigured, sends DNS queries directly, which allows remote DNS serversto obtain potentially sensitive information about the identity of aclient user via request logging, as demonstrated by a proxy server thatwas configured for the purpose of anonymity.	2010-02-18	4.3	CVE-2010-0644 CONFIRM
google -- chrome	Google Chrome before 4.0.249.78 sends an https URL in the Refererheader of an http request in certain circumstances involving https tohttp redirection, which allows remote HTTP servers to obtainpotentially sensitive information via standard HTTP logging.	2010-02-18	5.0	CVE-2010-0660 CONFIRM
google -- chrome	The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not use the correct variables in calculations designedto prevent integer overflows, which allows attackers to leveragerenderer access to cause a denial of service or possibly haveunspecified other impact via bitmap data, related to deserialization.	2010-02-18	4.3	CVE-2010-0662 CONFIRM
google -- chrome	The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not initialize the memory locations that will holdbitmap data, which might allow remote attackers to obtain potentiallysensitive information from process memory by providing insufficientdata, related to use of a (1) thumbnail database or (2) HTML canvas.	2010-02-18	4.3	CVE-2010-0663 CONFIRM
google -- chrome	Stack consumption vulnerability in theChildProcessSecurityPolicy::CanRequestURL function inbrowser/child_process_security_policy.cc in Google Chrome before4.0.249.78 allows remote attackers to cause a denial of service (memoryconsumption and application crash) via a URL that specifies multipleprotocols, as demonstrated by a URL that begins with many repetitionsof the view-source: substring.	2010-02-18	4.3	CVE-2010-0664 CONFIRM
intel -- e1000 linux -- kernel linux -- kernel	The Linux kernel before 2.6.32.4 allows local users to gain privilegesor cause a denial of service (panic) by calling the (1) mmap or (2)mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."	2010-02-15	4.6	CVE-2010-0291 CONFIRM
intel -- e1000 linux -- kernel linux -- kernel	The load_elf_binary function in fs/binfmt_elf.c in the Linux kernelbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELFinterpreter is available before a call to the SET_PERSONALITY macro,which allows local users to cause a denial of service (system crash)via a 32-bit application that attempts to execute a 64-bit applicationand then triggers a segmentation fault, as demonstrated byamd64_killer, related to the flush_old_exec function.	2010-02-17	4.7	CVE-2010-0307 CONFIRM BID MLIST MLIST MLIST MLIST CONFIRM MISC CONFIRM MLIST CONFIRM
k5n -- webcalendar	Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0allows remote attackers to hijack the authentication of administratorsfor requests that change the administrative password via unknownvectors. NOTE: the provenance of this information is unknown; thedetails are obtained solely from third party information.	2010-02-15	6.8	CVE-2010-0638 SECUNIA
linux -- kernel	The do_pages_move function in mm/migrate.c in the Linux kernel before2.6.33-rc7 does not validate node values, which allows local users toread arbitrary kernel memory locations, cause a denial of service(OOPS), and possibly have unspecified other impact by specifying a nodethat is not part of the kernel's node set.	2010-02-17	4.6	CVE-2010-0415 CONFIRM
microsoft -- internet_explorer	Microsoft Internet Explorer permits cross-origin loading of CSSstylesheets even when the stylesheet download has an incorrect MIMEtype and the stylesheet document is malformed, which allows remote HTTPservers to obtain sensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0652 MISC
mozilla -- firefox	Mozilla Firefox, possibly before 3.6, allows remote attackers todiscover a redirect's target URL, for the session of a specific user ofa web site, by placing the site's URL in the HREF attribute of astylesheet LINK element, and then reading thedocument.styleSheets[0].href property value, related to an IFRAMEelement.	2010-02-18	4.3	CVE-2010-0648 MISC MISC
mozilla -- firefox	Mozilla Firefox permits cross-origin loading of CSS stylesheets evenwhen the stylesheet download has an incorrect MIME type and thestylesheet document is malformed, which allows remote HTTP servers toobtain sensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0654 MISC
opera -- opera_browser	Opera permits cross-origin loading of CSS stylesheets even when thestylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document.	2010-02-18	4.3	CVE-2010-0653 MISC
realnetworks -- helix_player realnetworks -- realplayer	Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a RuleBookstructure with a large number of rule-separator characters that triggerheap memory corruption.	2010-02-18	5.0	CVE-2010-0417 CONFIRM CONFIRM REDHAT MLIST
squid-cache -- squid	The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0through 3.0.STABLE23 allows remote attackers to cause a denial ofservice (crash) via crafted packets to the HTCP port, which triggers aNULL pointer dereference.	2010-02-15	5.0	CVE-2010-0639 VUPEN MISC MISC CONFIRM SECTRACK BID OSVDB MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
apple -- safari google -- chrome	WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari,allows remote attackers to bypass intended restrictions on popupwindows via crafted use of a mouse click event.	2010-02-18	2.6	CVE-2010-0650 CONFIRM CONFIRM SECTRACK CONFIRM CONFIRM
linux -- kernel	The wake_futex_pi function in kernel/futex.c in the Linux kernel before2.6.33-rc7 does not properly handle certain unlock operations for aPriority Inheritance (PI) futex, which allows local users to cause adenial of service (OOPS) and possibly have unspecified other impact viavectors involving modification of the futex value from user space.	2010-02-15	2.1	CVE-2010-0622 CONFIRM
linux -- kernel	The futex_lock_pi function in kernel/futex.c in the Linux kernel before2.6.33-rc7 does not properly manage a certain reference count, whichallows local users to cause a denial of service (OOPS) via vectorsinvolving an unmount of an ext3 filesystem.	2010-02-15	2.1	CVE-2010-0623 CONFIRM

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.