>
> **************************************************************
> *****************
>
> (3) HIGH: OpenOffice.org TIFF Image Parsing Integer Overflow
> Affected:
> OpenOffice.org versions prior to 2.3
>
> Description: OpenOffice.org is a popular cross-platform open source
> office suite. OpenOffice.org fails to properly handle certain
> malformed
> Tagged Image File Format (TIFF) image files. A specially crafted TIFF
> image file could lead to an integer overflow. Successfully exploiting
> this overflow could lead to arbitrary code execution with the
> privileges
> of the current user. Note that this vulnerability may be exploited by
> image files embedded in other documents; such documents may be opened
> in OpenOffice.org without first prompting the user. OpenOffice.org is
> installed by default on many Unix, Unix-like, and Linux operating
> systems, and is commonly installed on Microsoft Windows systems.
> Technical details for this vulnerability are available via source code
> analysis.
>
> Status: OpenOffice.org confirmed, updates available.
>
> References:
> OpenOffice.org Security Advisory
>
> iDefense Security Advisory
> .
> php?id=593
> Product Home Page
>
> SecurityFocus BID
>
>
> **************************************************************
> *****************
>
> (4) HIGH: Sun Java Web Start ActiveX Control Buffer Overflow
> Affected:
> Sun Java Runtime Environment versions 1.6.0 and prior
>
> Description: Sun Java Web Start is a method of distributing Java-based
> applications via the web. Facilities for using Web Start are included
> in the Sun Java Runtime Environment. On Microsoft Windows, these
> facilities include an ActiveX control. This ActiveX control contains a
> buffer overflow in its "dnsResolve" method. A specially
> crafted web page
> that instantiates this control could exploit this vulnerability to
> execute arbitrary code with the privileges of the current
> user. The Sun
> Java Runtime Environment is very often installed on Microsoft Windows
> systems. A proof-of-concept for this vulnerability is publicly
> available.
>
> Status: Sun has not confirmed, no updates available. Users
> can partially
> mitigate the impact of this vulnerability by disabling the vulnerable
> control via Microsoft's "kil lbit" mechanism for CLSID
> "5852F5ED-8BF4-11D4-A245-0080C6F74284". Note that this will disable
> normal application functionality.
>
> References:
> Proof-of-Concept
>
> Microsoft Knowledge Base Article (details the "kill bit" mechanism)
>
> Product Home Page
>
> SecurityFocus BID
>
>
> **************************************************************
> *****************
>
> (5) MODERATE: Adobe Acrobat PDF Reader Undisclosed Vulnerability
> Affected:
> Adobe Acrobat PDF Reader
>
> Description: Adobe Acrobat PDF Reader, the most common
> Portable Document
> Format (PDF) reader application, contains an undisclosed code
> execution
> vulnerability. A specially crafted PDF document could exploit this
> vulnerability to execute arbitrary code with the privileges of the
> current user. PDF documents are generally opened without further
> prompting. Adobe has confirmed the existence of this
> vulnerability, and
> a proof-of-concept is present in the wild.
>
> Status: Adobe confirmed, no updates available.
>
> References:
> Blog Posting on GNUCITIZEN
>
> Proof-of-Concept Demonstration Video
>
> PC World Article
>
> Slashdot Thread
>
> SecurityFocus BID
>
>
> **************************************************************
> *****************
>
> (6) MODERATE: VMware Workstation DHCP Server Multiple Vulnerabilities
> Affected:
> VMware Workstation versions prior to 6.0.1 build 55017
>
> Description: VMware Workstation, VMware's popular virtualization
> product, contains multiple vulnerabilities in its Dynamic Host
> Configuration Protocol (DHCP) server, used to dynamically configure
> clients' network settings. A specially crafted DHCP request
> or web page
> could exploit these vulnerabilities to execute arbitrary code with the
> privileges of the vulnerable process. The exact exploitation
> vectors are
> currently undisclosed.
>
> Status: VMware confirmed, updates available.
>
> References:
> VMware Release Notes
>
> Wikipedia Article on DHCP
>
> SecurityFocus BID
>
>
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
> Week 39, 2007
>
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5549 unique vulnerabilities. For
> this special
> SANS community listing, Qualys also includes vulnerabilities
> that cannot
> be scanned remotely.
>
> ______________________________________________________________________
>
> 07.39.1 CVE: CVE-2007-4916
> Platform: Other Microsoft Products
> Title: Microsoft MFC Library CFileFind::FindFile Buffer Overflow
> Description: The CFileFind::FindFile method in the MFC library for
> Microsoft Windows is exposed to a buffer overflow issue due to a
> failure of the method to perform adequate boundary checks of
> user-supplied input. The MFC library included with Microsoft Windows
> XP SP2 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.39.18 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow
> Description: Mercury/32 is a Mail Transport System available for
> Microsoft Windows. The application is exposed to a remote stack-based
> buffer overflow issue because the application fails to perform
> adequate boundary checks on user-supplied data. Mercury/32 version
> 4.52 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.39.30 CVE: CVE-2007-2834
> Platform: Cross Platform
> Title: OpenOffice TIFF File Parser Buffer Overflow
> Description: OpenOffice is a multi-platform office suite. Tagged
> Image File Format (TIFF) is a variable-resolution bitmapped image
> format. The application is exposed to a remote heap-based buffer
> overflow issue because it fails to bounds check user-supplied data
> before copying it into an insufficiently sized buffer. The TIFF parser
> incorrectly relies on user-supplied values to calculate memory
> allocation.
> Ref:
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>
>
