>
> *****************************
> Widely Deployed Software
> *****************************
> ***************************************************************
>
> (2) HIGH: Adobe AcroPDF ActiveX Control Multiple Vulnerabilities
> Affected:
> Adobe Reader versions 7.0.0 - 7.0.8
> Adobe Acrobat Standard and Professional versions 7.0.0 - 7.0.8
>
> Description: The AcroPDF ActiveX control, included with Adobe
> Reader and
> Adobe Acrobat contains multiple vulnerabilities in its
> "setPageMode()",
> "setLayoutMode()", "setNamedDest()", and "LoadFile()" methods. A web
> page that instantiates this control and calls one of these
> methods could
> exploit these vulnerabilities and execute arbitrary code with the
> privileges of the current user. Users can mitigate the impact of this
> vulnerability by disabling the affected ActiveX control via
> Microsoft's
> "kill bit" mechanism for CLSID
> "{CA8A9780-280D-11CF-A24D-444553540000}".
>
> Status: Adobe confirmed, no updates available.
>
> Council Site Actions: All responding council sites are waiting on
> additional information from the vendor. Almost all sites rely on the
> automatic update feature for their clients.
>
> References:
> Adobe Security Advisory
>
> FrSIRT Advisory
>
> Microsoft Knowledge Base Article detailing the "kill bit" mechanism
>
> SecurityFocus BID
>
>
> ***************************************************************
>
> (3) MODERATE: Novell Netware Client Print Provider Buffer Overflow
> Affected:
> Novell Netware Client 4.91 SP0/SP1/SP2
>
> Description: The Novell Netware Client, used to provide access to
> Netware services (including shared files and printers) for Microsoft
> Windows systems contains a buffer overflow in its print provider
> subsystem. By passing overly long arguments to the "EnumPrinters()" or
> "OpenPrinter()" functions, an attacker could exploit this buffer
> overflow and execute arbitrary code with SYSTEM privileges. These
> functions are accessible without authentication via the
> "spoolss" named
> pipe.
>
> Status: Novell confirmed, updates available. As a workaround,
> users are
> advised to block the TCP ports 139 and 445 at the network perimeter.
>
> Council Site Actions: Only one of the responding council
> sites is using
> the affected software and only in one department on a small number of
> servers. That department is still investigating the impact of the
> vulnerability.
>
> References:
> Zero Day Initiative Advisory
>
> Novell Support Document
>
> MSDN Page on Microsoft Remote Procedure Call
>
> SecurityFocus BID
>
>
>
>
> 06.48.1 CVE: Not Available
> Platform: Microsoft Office
> Title: Microsoft Office HTMLMARQ.OCX Library Denial of Service
> Description: The Microsoft Office HTMLMARQ.OCX library is prone to a
> denial of service vulnerability that can be exploited by tricking a
> victim user into opening a malicious "MarqueeLib" object file, which
> causes Office to stop responding. Office 97 for Windows is reportedly
> vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.48.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Windows Media Player ASX PlayList File Denial of Service
> Description: Windows Media Player is vulnerable to a denial of service
> issue due to insufficient handling of long play list file names.
> Windows Media Player version 10.00.00.4036 is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.48.4 CVE: CVE-2006-6076
> Platform: Third Party Windows Apps
> Title: BrightStor ARCserve Backup Tape Engine Remote Buffer Overflow
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection. A remote buffer overflow
> vulnerability exists because the Tape Engine application "TAPEENG.EXE"
> fails to handle malformed RPC requests to TCP port 6502. Computer
> Associates BrightStore ARCserver Backup version 11.5 is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.48.21 CVE: Not Available
> Platform: Cross Platform
> Title: Net-SNMP Unspecified Malformed TCP Packet Remote Denial Of
> Service
> Description: Net-SNMP is an SNMP package. It is prone to a remote
> denial of service vulnerability. The issue is exposed when Net-SNMP is
> configured to communicate over TCP. The exact versions affected are
> currently unknown.
> Ref:
> ______________________________________________________________________
>
> 06.48.23 CVE: CVE-2006-6077
> Platform: Cross Platform
> Title: Mozilla Firefox 2 Password Manager Information Disclosure
> Description: Mozilla Firefox password manager is vulnerable to an
> information disclosure weakness because it fails to properly notify
> users of automatic form field population in disparate URLs deriving
> from the same domain. Firefox versions 2 and earlier are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.48.24 CVE: Not Available
> Platform: Cross Platform
> Title: Business Objects Crystal Reports XI Professional File Handling
> Buffer Overflow
> Description: Business Objects Crystal Reports XI Professional is a
> suite of reporting tools that supports web integration and server
> based applications. It is exposed to a buffer overflow issue because
> it fails to handle unspecified specially crafted ".RTP" files.
> Ref:
> ______________________________________________________________________
>
> 06.48.28 CVE: CVE-2006-6169
> Platform: Cross Platform
> Title: GnuPG Remote Buffer Overflow
> Description: GNU Privacy Guard (GnuPG) is an open source encryption
> application. It is vulnerable to a remote buffer overflow issue in the
> "ask_outfile_name" function in "openfile.c" when running
> interactively. GnuPG versions 1.4.5 and 2.0.0 are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.48.30 CVE: Not Available
> Platform: Cross Platform
> Title: ProFTPD MOD_TLS Remote Buffer Overflow
> Description: ProFTPD is an FTP server. It is prone to a remote buffer
> overflow vulnerability because the "tls_x509_name_oneline" function of
> "mod_tls.c" does not perform boundary checks prior to copying
> user-supplied data. ProFTPD versions 1.3.0a and prior are vulnerable
> to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.48.85 CVE: CVE-2006-6125
> Platform: Network Device
> Title: NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow
> Description: NetGear WG311v1 Wireless device is vulnerable to a heap
> based buffer overflow issue when the driver attempts to process a
> malformed probe response frame containing an excessively long "SSID"
> field. Version 2.3.1.10 of the WG311v1ND5.SYS driver is vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.48.86 CVE: Not Available
> Platform: Network Device
> Title: GNU Radius SQLLog Remote Format String
> Description: GNU Radius is a free implementation of a Radius server.
> It is vulnerable to a remote format string issue due to improper
> passing of data to the variable argument function "sqllog()". GNU
> Radius versions 1.2 and 1.3 are vulnerable.
> Ref:
> ______________________________________________________________________
