>
> *************************
> Widely Deployed Software
> *************************
>
>
> (1) HIGH: Firefox JavaScript Remote Code Execution Vulnerability
> Affected:
> Firefox version 1.5.0.2 and prior
>
> Description: Firefox reportedly contains a buffer overflow in handling
> the "iframe.contentWindow.focus()" JavaScript function. A specially
> crafted webpage can exploit this flaw to execute arbitrary code on a
> user's system. Proof-of-concept exploit code, which crashes
> Firefox, has
> been publicly posted.
>
> Status: Vendor has not confirmed, no patches available yet.
>
> References:
>
> PoC Exploit Code
>
> SecurityFocus BID
> Not yet available.
>
> *********************************************************************
>
> (2) MODERATE: Multiple Vendor DNS Implementation Vulnerabilities
> Affected:
> Multiple vendors including Juniper, ISC BIND, MyDNS, pdnsd,
> FITELnet, Axis, Delegate etc.
>
> Description: The Domain Name Service (DNS) protocol is one of the
> fundamental protocols supporting the Internet and a client
> implementation is virtually found on all networked systems. The DNS
> server is typically in the DMZ zone for most organizations and is
> exposed to the Internet. Multiple vulnerabilities have been
> reported in
> the DNS protocol implementation of many vendors. The flaws were
> discovered using the DNS PROTOS test suite that stresses a vendor's
> client or server DNS implementation by sending malformed DNS requests
> and responses. Successful exploitation of these flaws may cause a
> denial-of-service or result in arbitrary code execution on the
> system/device supporting the DNS protocol. The test suite is not
> publicly available yet.
>
> Status: Many vendors such as Juniper, MyDNS, pdnsd, Delegate and Axis
> have confirmed the vulnerabilities and released patches. Other vendors
> are still testing their products.
>
> References:
> UK NISCC Advisory
>
> CERT Advisory
>
> SecurityFocus BIDs
>
>
>
>
>
>
>
>
> **************************************************************
> *********
>
> (3) MODERATE: Internet Explorer Modal Dialog Code Execution
> Affected:
> Internet Explorer, all versions
>
> Description: A security researcher has reported a flaw in Internet
> Explorer that can be exploited to install arbitrary programs such as
> keystroke loggers, adware or spyware on a user's system with minimal
> user interaction. The problem arises because Internet
> Explorer contains
> a race condition in handling "modal dialogs". These dialogs
> are used to
> request user input for a security related action such as downloading a
> program. By exploiting this vulnerability, a maliciously
> crafted webpage
> can influence the modal dialog decision and compromise a
> client system.
> Exploit code has not been publicly posted.
>
> Status: Microsoft has fixed a particular attack vector for this
> vulnerability in MS05-054. However, according to the researcher, this
> patch does not fully address the vulnerability. Microsoft is aware of
> the flaw. No updates are available yet. A workaround is to set the
> security settings in Internet Explorer to either "enable" or "disable"
> rather than prompt. This will prevent opening of modal dialog boxes. A
> general workaround to prevent Internet Explorer from
> installing programs
> is to run Internet Explorer with limited privileges. Microsoft
> "DropMyRights" tool can be used for such purposes.
>
> References:
> Posting by Matt Murphy
>
> 0759.html
>
> Microsoft DropMyRights Tool
>
> 2004.asp
> Modal Dialog Box Reference
>
> thor/dhtml/reference/methods/showmodaldialog.asp
> SecurityFocus BIDs
>
>
> **************************************************************
> *********
>
> (4) MODERATE: PHP wordwrap() Function Buffer Overflow
> Affected:
> PHP version 4.4.2 and prior
> PHP version 5.1.2 and prior
>
> Description: PHP is a package installed on a large number of
> web servers
> and used by multiple content management and bulletin board software
> packages. The PHP "wordwrap()" function, which wraps a string to given
> number of characters using a string break character,
> reportedly contains
> a buffer overflow. Any PHP scripts that use this function and pass
> user-input to it are vulnerable. The flaw can be exploited to execute
> arbitrary code on the webserver hosting such scripts. Note
> that hosting
> sites should upgrade the PHP packages as soon as a fix is available.
>
> Status: Vendor not confirmed, no updates available.
>
> References:
> FrSIRT Advisory
>
> PHP wordwrap Function
>
>
> **************************************************************
> **********
>
> (5) UPDATE: Internet Explorer Nested Object Tag Memory Corruption
>
> Description: Secunia Research has verified that a variation of the
> publicly reported 0-day IE vulnerability can be exploited to execute
> arbitrary code on a fully patched Windows XP SP2 system. The technical
> details of this attack vector have not been publicly posted. Microsoft
> is reportedly working on a fix.
>
> References:
> Secunia Advisory
>
> Previous @RISK Newsletter Posting
>
>
> *********************************************************************
> *********************************************************************
>
> (8) HIGH: Ethereal Multiple Protocol Decoding Vulnerabilities
> Affected: Ethereal version 0.8.5 through 0.10.14
>
> Description: Ethereal is a very popular open source network
> sniffer and
> protocol analyzer for Unix and Windows platforms. The
> software contains
> one or more buffer overflow vulnerabilities in parsing COPS and ALCAP
> protocols as well as handling Network Instruments and NetXRay/Windows
> sniffer file. These buffer overflows can be exploited to execute
> arbitrary code with the privileges of the ethereal process (typically
> "root" when ethereal is being used as a sniffer). To exploit these
> flaws, an attacker has to either inject the malicious packets into the
> network traffic being sniffed by ethereal, or entice a client
> to open a
> specially crafted packet capture file. Note that any network
> applications based on ethereal protocol decoder modules may also be
> affected.
>
> Status: Vendor confirmed, upgrade to version 0.99.0, which
> also fixes a
> number of DoS vulnerabilities in parsing other protocols.
>
> References:
> Vendor Advisory
>
> SecurityFocus BID
>
>
> **************************************************************
> ______________________________________________________________________
>
> 06.17.1 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption
> Description: Microsoft Internet Explorer is prone to a memory
> corruption vulnerability. This issue is due to flawed handling of
> malformed HTML content. HTML content that contains nested <OBJECT>
> tags without corresponding </OBJECT> closure tags may trigger this
> issue. This issue reportedly causes a NULL pointer dereference in the
> "mshtml.dll" library, crashing Internet Explorer. An attacker could
> exploit this issue via a malicious web page to potentially execute
> arbitrary code in the context of the currently logged-in user.
> Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is
> reportedly vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.17.2 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Microsoft Internet Explorer Modal Dialog Manipulation
> Description: Internet Explorer is prone to a remote code execution
> vulnerability through exploiting a race condition when displaying
> modal security dialog boxes. This issue presents itself when web pages
> attempt to cause actions to be carried out that result in a modal
> security dialog to be displayed requesting permission for the action
> from users. Attackers may attempt to coerce users into clicking on an
> object, or pressing specific key sequences, while simultaneously
> attempting an action that will result in a dialog box being displayed.
> This issue may be exploited to cause users to inadvertently allow
> remote code to be executed.
> Ref:
>
> 0759.html
> ______________________________________________________________________
>
> 06.17.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer MHTML URI Handler Information Disclosure
> Description: Microsoft Internet Explorer is vulnerable to a cross
> domain information disclosure issue because the browser fails to
> correctly handle redirections with the "mhtml:" URI handler. See the
> reference for further details.
> Ref:
>
> ure_Vulnerability_Test/
>
> ______________________________________________________________________
> 06.17.30 CVE: Not Available
> Platform: Cross Platform
> Title: Mozilla Firefox iframe.contentWindow.focus Buffer Overflow
> Description: Mozilla Firefox is prone to a buffer overflow
> vulnerability. This issue occurs when the browser renders JavaScript
> using the "js320.dll" and "xpcom_core.dll'"libraries. Specifically, a
> malformed "iframe.contentWindow.focus()" call can cause an overflow to
> occur. This could lead to a failure of the browser or potential
> arbitrary code execution in the context of the current user. Firefox
> versions 1.5.0.2 and earlier running on Windows and Linux are
> affected.
> Ref:
> ______________________________________________________________________
>
> 06.17.32 CVE: CVE-2006-1932, CVE-2006-1933, CVE-2006-1934,
> CVE-2006-1935, CVE-2006-1936, CVE-2006-1937, CVE-2006-1938,
> CVE-2006-1939, CVE-2006-1940
> Platform: Cross Platform
> Title: Ethereal Multiple Protocol Dissector Vulnerabilities
> Description: Ethereal is a multi-platform network protocol sniffer and
> analyzer. Several vulnerabilities have been reported in various
> protocol dissectors. Ethereal could crash while reading a malformed
> sniffer capture, an invalid display filter and a specially-crafted
> statistics counter. These issues could allow remote attackers to
> execute arbitrary machine code in the context of the vulnerable
> application. Various vulnerabilities affect differing versions of
> Ethereal from 0.8.5 through to 0.10.14.
> Ref:
> ______________________________________________________________________
>
> 06.17.33 CVE: Not Available
> Platform: Cross Platform
> Title: ISC BIND TSIG Zone Transfer Denial of Service
> Description: ISC BIND is prone to a remote denial of service
> vulnerability. This issue is due to a failure in the application to
> properly handle malformed TSIG (Secret Key Transaction Authentication
> for DNS) replies. This issue is triggered when BIND is configured with
> TSIG enabled, and it attempts to parse malformed TSIG messages during
> zone transfers.
> Ref:
> ______________________________________________________________________
>
