Vulnerability Summary for the Week of April 16, 2012
Released
Apr 23, 2012
Document ID
SB12-114
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb -- interlink_module | Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary code via crafted input data. | 2012-04-18 | 7.7 | CVE-2012-1801 |
| artonx.org -- activescriptruby | GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | 2012-04-16 | 7.5 | CVE-2012-1241 |
| curl -- curl | curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. | 2012-04-13 | 7.5 | CVE-2012-0036 |
| emc -- data_protection_advisor | The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. | 2012-04-20 | 7.8 | CVE-2012-0406 |
| freebsd -- libarchive | Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data. | 2012-04-13 | 7.5 | CVE-2010-4666 |
| freebsd -- libarchive | Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image. | 2012-04-13 | 7.5 | CVE-2011-1779 |
| google -- sketchup | Google SketchUp before 8 does not properly handle edge geometry in SketchUp (aka .SKP) files, which allows remote attackers to execute arbitrary code via a crafted file. | 2012-04-17 | 9.3 | CVE-2011-2478 |
| iconics -- bizviz | The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI component SetTrustedZone Policy vulnerability." | 2012-04-18 | 9.3 | CVE-2011-5088 |
| iconics -- bizviz | Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password. | 2012-04-18 | 10.0 | CVE-2011-5089 |
| irfanview -- flashpix_plugin | Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression. | 2012-04-18 | 9.3 | CVE-2012-0278 |
| koyo -- h0-ecom | Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to execute arbitrary code via long strings in unspecified parameters. | 2012-04-13 | 10.0 | CVE-2012-1805 |
| koyo -- h0-ecom | The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 supports a maximum password length of 8 bytes, which makes it easier for remote attackers to obtain access via a brute-force attack. | 2012-04-13 | 7.5 | CVE-2012-1806 |
| koyo -- h0-ecom | The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 does not require authentication, which allows remote attackers to perform unspecified functions via unknown vectors. | 2012-04-13 | 10.0 | CVE-2012-1808 |
| openssl -- openssl | The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. | 2012-04-19 | 7.5 | CVE-2012-2110 |
| realnetworks -- helix_mobile_server | Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials. | 2012-04-17 | 7.5 | CVE-2012-0942 |
| siemens -- scalance_s_firmware | The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password. | 2012-04-18 | 10.0 | CVE-2012-1799 |
| siemens -- scalance_x-300_firmware | Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a malformed URL. | 2012-04-18 | 7.8 | CVE-2012-1802 |
| vmware -- fusion | VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 though 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | 2012-04-17 | 8.3 | CVE-2012-1518 |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adastra -- trace_mode_data_center | Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS. | 2012-04-18 | 5.0 | CVE-2011-5087 |
| apache -- http_server | envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl. | 2012-04-18 | 6.9 | CVE-2012-0883 |
| comodo -- comodo_internet_security | Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 allows local users to cause a denial of service (system crash) via a crafted 32-bit Portable Executable (PE) file with a kernel ImageBase value. | 2012-04-20 | 4.9 | CVE-2012-2273 |
| demandmedia -- pluck_sitelife | Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm. | 2012-04-18 | 4.3 | CVE-2012-0253 |
| emc -- data_protection_advisor | Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field. | 2012-04-20 | 5.0 | CVE-2012-0407 |
| freebsd -- libarchive | Multiple buffer overflows in the (1) heap_add_entry and (2) relocate_dir functions in archive_read_support_format_iso9660.c in libarchive through 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ISO9660 image. | 2012-04-13 | 6.8 | CVE-2011-1777 |
| freebsd -- libarchive | Buffer overflow in libarchive through 2.8.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TAR archive. | 2012-04-13 | 6.8 | CVE-2011-1778 |
| hp -- openvms | Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service via unknown vectors. | 2012-04-19 | 4.9 | CVE-2012-0134 |
| igor_sysoev -- nginx | Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request. | 2012-04-17 | 5.0 | CVE-2012-1180 |
| igor_sysoev -- nginx | Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file. | 2012-04-17 | 5.1 | CVE-2012-2089 |
| koyo -- h0-ecom | Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-04-13 | 4.3 | CVE-2012-1807 |
| koyo -- h0-ecom | The web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | 2012-04-13 | 5.0 | CVE-2012-1809 |
| nsoftware -- unitronics_uniopc | https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site. | 2012-04-18 | 6.8 | CVE-2011-5086 |
| opcsystems -- opcsystems.net | Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. | 2012-04-18 | 5.0 | CVE-2011-4871 |
| owncloud -- owncloud | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 3.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php. | 2012-04-20 | 4.3 | CVE-2012-2269 |
| owncloud -- owncloud | Open redirect vulnerability in index.php (aka the Login Page) in ownCloud 3.0.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter. | 2012-04-20 | 5.8 | CVE-2012-2270 |
| owncloud -- owncloud | Cross-site request forgery (CSRF) vulnerability in ownCloud 3.0.2 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) sequences via vectors involving contacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2012-04-20 | 6.8 | CVE-2012-2397 |
| owncloud -- owncloud | Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2012-04-20 | 4.3 | CVE-2012-2398 |
| realnetworks -- helix_mobile_server | Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-04-17 | 4.3 | CVE-2012-1984 |
| realnetworks -- helix_mobile_server | Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to hijack the authentication of administrators for requests that cause a denial of service (stack consumption and daemon crash) via a malformed URL. | 2012-04-17 | 6.8 | CVE-2012-1985 |
| realnetworks -- helix_mobile_server | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923. | 2012-04-17 | 5.0 | CVE-2012-2267 |
| realnetworks -- helix_mobile_server | master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923. | 2012-04-17 | 5.0 | CVE-2012-2268 |
| recruit -- dokodemo_rikunabi_2013 | Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2012-04-16 | 4.3 | CVE-2012-1240 |
| ryan_walberg -- php_gift_registry | SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action. | 2012-04-20 | 6.5 | CVE-2012-2236 |
| siemens -- scalance_s_firmware | Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a denial of service (device outage) or possibly execute arbitrary code via a crafted DCP frame. | 2012-04-18 | 6.1 | CVE-2012-1800 |
| videolan -- vlc_media_player | VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file. | 2012-04-19 | 4.3 | CVE-2012-2396 |
Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| hp -- system_management_homepage | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows remote authenticated users to cause a denial of service via unknown vectors. | 2012-04-18 | 3.5 | CVE-2012-0135 |
| hp -- system_management_homepage | Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. | 2012-04-18 | 3.2 | CVE-2012-1993 |
| realnetworks -- helix_mobile_server | RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x store passwords in cleartext under adm_b_dbusers, which allows local users to obtain sensitive information by reading a database. | 2012-04-17 | 2.1 | CVE-2012-1923 |
| syndeocms -- syndeocms | Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action. | 2012-04-17 | 3.5 | CVE-2012-1979 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.