>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: IBM Lotus Notes and Domino Multiple Vulnerabilities
> Affected:
> Lotus Notes versions 7.0.2 and prior
>
> Description: IBM Lotus Notes, IBM's enterprise groupware solution,
> contains multiple vulnerabilities. Several of its built-in
> file viewers,
> used to view other files within the application, contain buffer
> overflows or other vulnerabilities. A specially crafted attachment to
> an email or other document could trigger one of these vulnerabilities
> when a user views the attachment, allowing an attacker to execute
> arbitrary code with the privileges of the current user.
> Additionally, a
> buffer overflow in the handling of HTML email messages could allow an
> attacker to execute arbitrary code with the privileges of the current
> user when the message is acted upon (e.g. replied to or copied to the
> clipboard). Other vulnerabilities could allow attachments to be
> automatically executed, or allow for information disclosure. Multiple
> proofs-of-concept and technical details are available for these
> vulnerabilities.
>
> Status: IBM confirmed, updates available.
>
> References:
> IBM Security Advisories
>
>
>
>
>
>
> Vuln.sg Advisories (includes proofs-of-concept)
>
>
>
>
> SecurityFocus BIDs
>
>
>
> *********************************
>
> (2) HIGH: Symantec Mail Security Multiple Vulnerabilities
> Affected:
> Symantec Mail Security for Domino
> Symantec Mail Security for SMTP
>
> Description: Symantec Mail Security is Symantec's enterprise mail
> analysis engine for viruses, malware, and spam. Symantec Mail Security
> contains multiple vulnerabilities in its handling of various document
> formats. Specially crafted documents could exploit these
> vulnerabilities
> to execute arbitrary code with the privileges of the
> vulnerable process
> or create a denial-of-service condition. These flaws may be related to
> the IBM Lotus Notes flaws discussed above. Note that no user
> interaction
> is necessary to exploit these vulnerabilities; a message
> transiting the
> server may exploit them.
>
> Status: Symantec confirmed, updates available.
>
> References:
> Product Home Pages
>
> 50&pvid=848_1
>
> 50&pvid=848_1
> Secunia Advisories
>
>
> SecurityFocus BID
>
>
> *********************************
>
> (3) HIGH: Real Networks RealPlayer Multiple Vulnerabilities
> Affected:
> Real Networks RealPlayer versions 10 and prior
> Helix Player versions 10 and prior
>
> Description: Real Networks RealPlayer is a popular,
> multi-platform media
> player. Helix Player is an open source media player based on code
> released by Real Networks. These applications contain flaws in their
> handling of various file formats. A specially crafted file
> opened by one
> of these applications could trigger a buffer overflow and allow an
> attacker to execute arbitrary code with the privileges of the current
> user. Depending upon configuration, the vulnerable file types may be
> opened automatically by one of the vulnerable applications. Technical
> details for these vulnerabilities are available via source
> code analysis
> and in various advisories. These vulnerabilities may be related to a
> vulnerability discussed in a previous edition of @RISK.
>
> Status: Real Networks confirmed, updates available.
>
> References:
> Real Networks Advisories
>
> Advisories by Piotr Bania
>
>
> Previous @RISK Entry
>
> Real Networks Home Page
>
> Helix Home Page
>
> SecurityFocus BID
>
>
> *********************************
>
> (4) HIGH: Sun Java Runtime Environment Multiple Applet Vulnerabilities
> Affected:
> Sun Java Runtime Environment versions prior to 6 Update 3
>
> Description: The Sun Java Runtime Environment contains multiple
> vulnerabilities in its sandboxing of Java applets and applications. A
> specially crafted applet or application could break the built in
> protection afforded by the runtime environment and read or write
> arbitrary files, or execute arbitrary commands, with the privileges of
> the current user. No technical details for these vulnerabilities are
> currently publicly available. Sun's Java Runtime Environment is
> installed by default on all Apple Mac OS X systems, many Microsoft
> Windows systems, and a number of Linux, Unix, and Unix-like systems.
>
> Status: Sun confirmed, updates available.
>
> References:
> Sun Security Advisories
>
>
> SecurityFocus BIDs
>
>
>
>
> 07.44.3 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: BitDefender Unspecified Arbitrary Code Execution
> Description: BitDefender is a computer security application for the
> Microsoft Windows operating platform. The application is exposed to an
> unspecified arbitrary code execution issue.
> Ref:
> ______________________________________________________________________
>
> 07.44.10 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox ParseFTPList Remote Denial of Service
> Description: Mozilla Firefox is a web browser available for multiple
> operating platforms. The application is exposed to a remote
> denial of service issue when parsing file listings on malicious FTP
> servers. User-supplied input can cause the "ParseFTPList.ccp" source
> file to use a "pos" parameter value that exceeds the number of indices
> in the "tokens" array, causing an invalid pointer reference. Firefox
> version 2.0.0.7 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.44.14 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox Malformed XBL Constructor Remote Denial of
> Service
> Description: Mozilla Firefox is a web browser available for multiple
> operating platforms. The application is exposed to a remote denial of
> service issue that occurs when handling HTML files with a
> malformed XML
> file. Specifically, when the XML binding language (XBL) is used, the
> application fails to handle malformed data contained in the
> constructor. Firefox 2.0.0.7 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.44.21 CVE: Not Available
> Platform: Cross Platform
> Title: wpa_supplicant ASN1_Get_Next Buffer Overflow
> Description: wpa_supplicant is a freely-available package designed to
> allow WPA and WPA2 wireless communications on many different operating
> systems. The application is exposed to a buffer overflow issue because
> it fails to perform adequate boundary checks on user-supplied data.
> wpa_supplicant version 0.5.8 is affected.
> Ref:
> ______________________________________________________________________
>
> 07.44.75 CVE: Not Available
> Platform: Network Device
> Title: Cisco Multiple Products Extensible Authentication Protocol
> Denial of Service
> Description: Extensible Authentication Protocol (EAP) an
> authentication framework for various Cisco devices. The application is
> exposed to a denial of service issue that exists in the Extensible
> Authentication Protocol (EAP). Specifically, the devices fail to
> handle specially crafted EAP Response Identity packets. The following
> devices are affected: Cisco Access Points and 1310 Wireless Bridges
> running Cisco IOS in autonomous mode, and all Cisco switches running
> vulnerable versions of Cisco IOS and Cisco CatOS.
> Ref:
> ______________________________________________________________________
>
> (c) 2007. All rights reserved. The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only. In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>
