| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.639 - 2.652 |
| Coverage Release Date | May 19, 2009 - Jun 12, 2009 |
| Published Date | Monday, June 15, 2009 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 36 | 12 | | High | 33 | 21 | | Medium | 16 | 8 | | Low | 8 | 6 | | Info | 3 | n/a | | Total | 96 | 47 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 47 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.652 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 22 )
Description:
This indicates an attack attempt against a remote code-execution vulnerability in the Adobe Flash Player.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted SWF file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Adobe Flash Player version 10.0.15.3 for Linux and prior
Adobe Flash Player version 10.0.12.36 and prior
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer overflow vulnerability in Baofeng Storm.
This vulnerability is caused by an error in the "MPS.dll" ActiveX control when processing overlong arguments passed to OnBeforeVideoDownload() method. It allows a remote attacker to execute arbitrary code via a crafted web page.
Affected Products:
Baofeng Storm versions 3.x
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in eZip Wizard.
The vulnerability is caused by an error when the vulnerable software handles a malicious .zip file. It allows a remote attacker to execute arbitrary code via sending a crafted .zip file.
Affected Products:
ediSys eZip Wizard 3.0
Reference IDs:
|
Description:
This indicates an attack attempt against Privileges Escalation vulnerability in JRE.
The vulnerability is caused by an error when the affected software handles process related to Deserializing Calendar Objects. It allows a remote attacker to escalate privileges such as reading, writing and running local files or application.
Affected Products:
JRE for Sun JDK and JRE 6 Update 10 and earlier
JDK and JRE 5.0 Update 16 and earlier
JRE 1.4.2_18 and earlier
Reference IDs:
|
Description:
This indicates an attempt to exploit a buffer-overflow vulnerability in libxml2.
This vulnerability is caused by an error in the xmlParseAttValueComplex function in parser.c when processing malformed entity names in XML file. It allows a remote attacker to execute arbitrary code via a crafted XML page.
Affected Products:
XMLSoft Libxml2 2.6.31
XMLSoft Libxml2 2.6.30
XMLSoft Libxml2 2.6.26
XMLSoft Libxml2 2.6.16
XMLSoft Libxml2 2.6.15
XMLSoft Libxml2 2.6.14
XMLSoft Libxml2 2.6.13
XMLSoft Libxml2 2.6.12
XMLSoft Libxml2 2.6.11
XMLSoft Libxml2 2.6.9
XMLSoft Libxml2 2.6.8
+ RedHat Fedora Core2
XMLSoft Libxml2 2.6.7
XMLSoft Libxml2 2.6.6
XMLSoft Libxml2 2.6.5
XMLSoft Libxml2 2.6.4
XMLSoft Libxml2 2.6.3
XMLSoft Libxml2 2.6.2
XMLSoft Libxml2 2.6.1
XMLSoft Libxml2 2.6 .0
XMLSoft Libxml2 2.5.11
XMLSoft Libxml2 2.5.10
XMLSoft Libxml2 2.5.8
XMLSoft Libxml2 2.5.4
XMLSoft Libxml2 2.5.1
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 10.0_x86
Sun Solaris 10
Sun OpenSolaris build snv_99
Sun OpenSolaris build snv_96
Sun OpenSolaris build snv_95
Sun OpenSolaris build snv_92
Sun OpenSolaris build snv_91
Sun OpenSolaris build snv_90
Sun OpenSolaris build snv_89
Sun OpenSolaris build snv_88
Sun OpenSolaris build snv_87
Sun OpenSolaris build snv_85
Sun OpenSolaris build snv_84
Sun OpenSolaris build snv_83
Sun OpenSolaris build snv_82
Sun OpenSolaris build snv_80
Sun OpenSolaris build snv_78
Sun OpenSolaris build snv_77
Sun OpenSolaris build snv_76
Sun OpenSolaris build snv_68
Sun OpenSolaris build snv_67
Sun OpenSolaris build snv_64
Sun OpenSolaris build snv_61
Sun OpenSolaris build snv_59
Sun OpenSolaris build snv_57
Sun OpenSolaris build snv_50
Sun OpenSolaris build snv_39
Sun OpenSolaris build snv_36
Sun OpenSolaris build snv_29
Sun OpenSolaris build snv_22
Sun OpenSolaris build snv_19
Sun OpenSolaris build snv_13
Sun OpenSolaris build snv_100
Sun OpenSolaris build snv_02
Sun OpenSolaris build snv_01
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. openSUSE 10.2
rPath rPath Linux 2
rPath rPath Linux 1
rPath Appliance Platform Linux Service 2
rPath Appliance Platform Linux Service 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
Nortel Networks Self-Service Peri Workstation 0
Nortel Networks Self-Service Peri Application 0
Nortel Networks Self-Service MPS 1000 0
Nortel Networks Self-Service - CCSS7 0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Linux Mandrake 2007.1 x86_64
MandrakeSoft Linux Mandrake 2007.1
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
Avaya Voice Portal 4.1
Avaya Voice Portal 4.0
Avaya Voice Portal 3.0
Avaya SIP Enablement Services 3.1.2
Avaya SIP Enablement Services 5.0
Avaya SIP Enablement Services 4.0
Avaya Proactive Contact 4.0
Avaya Proactive Contact 3.0
Avaya Proactive Contact 0
Avaya Messaging Storage Server MSS 3.0
Avaya Messaging Storage Server MM3.0
Avaya Messaging Storage Server 4.0
Avaya Messaging Storage Server 3.1
Avaya Messaging Storage Server 2.0
Avaya Messaging Storage Server 1.0
Avaya Messaging Storage Server
Avaya Message Networking MN 3.1
Avaya Message Networking 3.1
Avaya Message Networking
Avaya Meeting Exchange - Enterprise Edition
Avaya Meeting Exchange 5.0 .0.52
Avaya Meeting Exchange 5.0
Avaya Intuity AUDIX LX 2.0
Avaya EMMC 1.021
Avaya EMMC 1.017
Avaya EMMC 0
Avaya Communication Manager 4.0.3 SP1
Avaya Communication Manager 3.1.4 SP2
Avaya Communication Manager 5.1
Avaya Communication Manager 5.0 SP3
Avaya Communication Manager 5.0
Avaya Communication Manager 4.0
Avaya Communication Manager 3.1
Avaya CMS Server 13.0
Avaya CMS Server 15.0
Avaya CMS Server 14.1
Avaya CMS Server 14.0
Avaya CMS Server 13.1
Avaya AES 4.2.1
Avaya AES 3.1.6
Apple Safari 3.2.2 for Windows
Apple Safari 3.1.2 for Windows
Apple Safari 3.1.2
Apple Safari 3.1.1 for Windows
Apple Safari 3.1.1
Apple Safari 3.0.4 Beta for Windows
Apple Safari 3.0.3
Apple Safari 3.0.3
Apple Safari 3.0.2 Beta for Windows
Apple Safari 3.0.2 Beta
Apple Safari 3.0.1 Beta for Windows
Apple Safari 3.0.1 Beta
Apple Safari 4 Beta
Apple Safari 3.2
Apple Safari 3.1 for Windows
Apple Safari 3.1
Apple Safari 3 Beta for Windows
Apple Safari 3 Beta
Apple Safari 3
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in Active Directory on Microsoft Windows 2000 Server.
The vulnerability is caused by an error when the vulnerable software handles a crafted LDAP request. It allows a remote attacker to execute arbitrary code.
Affected Products:
Active Directory on Microsoft Windows 2000 Server Service Pack 4
Reference IDs:
|
Description:
This indicates an attempt to exploit a stack NULL byte overwrite vulnerability in Microsoft DirectShow.
The vulnerability is caused by an error that occurs when the affected software handles specially crafted QuickTime files. Successful exploitation may lead to remote code execution.
Affected Products:
DirectX 7.0 on Microsoft Windows 2000 Service Pack 4
DirectX 8.1 on Microsoft Windows 2000 Service Pack 4
DirectX 9.0* on Microsoft Windows 2000 Service Pack 4
DirectX 9.0* on Windows XP Service Pack 2 and Windows XP Service Pack 3
DirectX 9.0* on Windows XP Professional x64 Edition Service Pack 2
DirectX 9.0* on Windows Server 2003 Service Pack 2
DirectX 9.0* on Windows Server 2003 x64 Edition Service Pack 2
DirectX 9.0* on Windows Server 2003 with SP2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attempt to exploit a memory-corruption vulnerability in
Microsoft Excel.
The vulnerability is caused by a design error that occurs when the vulnerable software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Reference IDs:
|
Description:
This indicates an attempt to exploit a memory-corruption vulnerability in
Microsoft Excel.
The vulnerability is caused by a field sanitization issue that occurs when the vulnerable software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office for Mac 2004
Microsoft Office for Mac 2008
Microsoft Office Open XML File Converter for MAC
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Reference IDs:
|
Description:
This indicates an attempt to exploit a code-execution vulnerability in
Microsoft Excel.
The vulnerability is caused by an array-indexing error that occurs when the vulnerable software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office for Mac 2004
Microsoft Office for Mac 2008
Microsoft Office Open XML File Converter for MAC
Reference IDs:
|
Description:
This indicates an attempt to exploit an integer-overflow vulnerability in
Microsoft Excel.
The vulnerability is caused by a field sanitization issue that occurs when the vulnerable software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office for Mac 2004
Microsoft Office for Mac 2008
Microsoft Office Open XML File Converter for MAC
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (32-bit editions)
Microsoft Office SharePoint Server 2007 Service Pack 1 and Microsoft Office SharePoint Server 2007 Service Pack 2 (64-bit editions)
Reference IDs:
|
Description:
This indicates an attempt to exploit a code-execution vulnerability in
Microsoft Excel.
The vulnerability is caused by an error that occurs when the vulnerable
software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office Excel 2007 Service Pack 1
Microsoft Office Excel 2007 Service Pack 2
Microsoft Office for Mac 2004
Microsoft Office for Mac 2008
Microsoft Office Open XML File Converter for MAC
Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1 and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2
Reference IDs:
|
Description:
This indicates an attempt to exploit a stack-based overrun-vulnerability in
Microsoft Excel.
The vulnerability is caused by a string copy error that occurs when the vulnerable software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against an arbitrary code-execution vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by improper handling of DHTML functions. It may allow a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Microsoft Internet Explorer 6
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in
Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles
certain DOM manipulations. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Internet Explorer 5.01
Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer 7
Internet Explorer 8
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in
Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles
certain DOM operations. It allows a remote attacker to execute
arbitrary code via sending a crafted web page.
Affected Products:
Internet Explorer 5.01
Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer 7
Internet Explorer 8
Reference IDs:
|
Description:
This indicates a possible attack against a heap-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is due to the software's inability to properly handle accessing uninitialized or deleted objects. Remote attackers may exploit this to execute arbitrary code.
Affected Products:
Microsoft Internet Explorer 7.0
Other versions may also be infected
Reference IDs:
|
Description:
This indicates a possible attack against a heap-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is due to the software's inability to properly handle accessing of objects which do not exist. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Internet Explorer 7.0
Other versions may also be infected
Reference IDs:
|
Description:
This indicates an attempt to exploit a code-execution vulnerability in
Microsoft Excel.
The vulnerability is caused by an design error that occurs when the vulnerable
software handles an XLS file that includes malicious records. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Excel 2000 Service Pack 3
Microsoft Office Excel 2002 Service Pack 3
Microsoft Office Excel 2003 Service Pack 3
Microsoft Office for Mac 2004
Microsoft Office for Mac 2008
Microsoft Office Open XML File Converter for MAC
Microsoft Office Excel Viewer 2003 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft Office.
The vulnerability is caused by an error when the vulnerable software handles a malicious .wps file. It allows a remote attacker to execute arbitrary code via sending a crafted .wps file.
Affected Products:
Microsoft Office 2000 Service Pack 3
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 1
Microsoft Works 8.5
Microsoft Works 9
Reference IDs:
|
Description:
This indicates a possible attack against a buffer-overflow vulnerability in Microsoft Word.
The vulnerability is due to the software's inability to properly handle Word files that have a malformed record. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Word 2000-2007
Reference IDs:
|
Description:
This indicates a possible attack against a buffer-overflow vulnerability in Microsoft Word.
The vulnerability is due to the software's inability to properly handle Word files that have a malformed record. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft Office Word 2000-2007
Reference IDs:
|
High ( 9 )
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in AstonSoft DeepBurner.
The vulnerability is caused by an error when the vulnerable software handles a malicious .dbr file. It allows a remote attacker to execute arbitrary code via sending a crafted .dbr file.
Affected Products:
AstonSoft DeepBurner 1.8.0 and 1.9.0.228, prior versions may be affected as well.
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in Sun Microsystems' Java Web Start (JWS).
The vulnerability is caused by an error when the affected software handles a specially crafted GIF image file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Sun JRE 1.6.0 Update12 and prior
Sun JDK 1.6.0 Update12 and prior
Reference IDs:
|
Description:
This indicates an attack attempt against a security bypass vulnerability in Linux Kernel.
The vulnerability is caused by an error when the Linux kernel handles a specially crafted NFS request, MKNOD.
Affected Products:
Linux kernel 2.6.28 8 and prior
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the affected software handles a crafted HTML, which could allow remote attackers to execute arbitrary code.
Affected Products:
Firefox 3.0.9
Prior versions may also be affected
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted XUL tree. It allows a remote attacker to crash the software via sending a crafted web page.
Affected Products:
Mozilla Firefox 3.x before 3.0.4
Thunderbird 2.x before 2.0.0.18
SeaMonkey 1.x before 1.1.13
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is due to the software's handling of certain ActiveX Control calls. Attackers may exploit this to execute arbtirary code or cause denial of service.
Affected Products:
Microsoft Internet Explorer 6.0 and 7.0
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in the Windows Print Spooler.
The vulnerability is caused by the software's inability to properly handle malformed data. It allows a remote attacker to execute arbitrary code.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in RainbowPlayer.
The vulnerability is caused by an error when the vulnerable software handles a malicious .rpl file. It allows a remote attacker to execute arbitrary code via sending a crafted .rpl file.
Affected Products:
RainbowPlayer 0.91 is vulnerable,other versions may also be affected.
Reference IDs:
|
Description:
This indicates a possible attack toward a command-execution vulnerability in the Intel LANDesk Common Base Agent in Symantec Alert Management System 2, which is used in multiple Symantec products.
The vulnerability is due to the software's inability to properly handle malformed user-supplied input. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Symantec AntiVirus Corporate Edition 9.0 MR6 and earlier Update to SAV 9.0 MR7
Symantec Client Security 2.0 MR6 and earlier Update to SCS 2.0 MR7
Symantec Endpoint Protection 11.0 MR2 and earlier Update to SEP 11.0 MR3
Reference IDs:
|
Medium ( 9 )
Description:
This indicates an attack attempt against a command-execution vulnerability in GNOME Dia.
The vulnerability is caused by an error when the vulnerable software handles an empty search path. It allows a remote attacker to execute arbitrary commands via sending a malcious zip file.
Affected Products:
Dia 0.96.1
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in IBM DB2 Database Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted EXCSAT CONNECT request. It allows a remote attacker to cause a denial of service.
Affected Products:
IBM DB2 versions prior to 9.1 FP6a
IBM DB2 versions prior to 9.5 FP3a
IBM DB2 versions prior to 8 FP17a
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service (DoS) vulnerability in IBM DB2 Database Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted Distributed Relational Database Architecture (DRDA) data stream.
Affected Products:
IBM DB2 Universal Database 9.5 Fixpak 2
IBM DB2 Universal Database 9.5 Fix Pack 3a
IBM DB2 Universal Database 9.5 Fix Pack 1
IBM DB2 Universal Database 9.5
IBM DB2 Universal Database 9.1 Fix Pack 6a
IBM DB2 Universal Database 9.1 Fix Pack 6
IBM DB2 Universal Database 9.1 Fix Pack 4a
IBM DB2 Universal Database 9.1
IBM DB2 Universal Database 8.2
IBM DB2 Universal Database 8.1
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a memory-corruption vulnerability in Mozilla.
This vulnerability is caused by an error when the vulnerable software is parsing an XLS file that includes a malicious elment . It allows a remote attacker to crash the vulnerable software via sending a crafted XLS file.
Affected Products:
Mozilla Firefox before 3.0.8
Mozilla SeaMonkey before 1.1.16
Reference IDs:
|
Description:
This indicates a possible attack against a script-injection vulnerability in Microsoft Internet Explorer.
The vulnerability is due to the way the software handles its cached data. This could allow attackers to inject script and execute it in the privilege of the local domain.
Affected Products:
Windows XP SP3 and IE7
Other versions may also be affected
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an authentication-bypass vulnerability in Microsoft windows IIS server.
The vulnerability is caused by an error that occurs when the vulnerable
software handles a malicious Web DAV request. A remote attacker may exploit this to bypass the authentication via a crafted HTTP request.
Affected Products:
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1
Microsoft Internet Information Services 6.0
Reference IDs:
|
Description:
This indicates an attack attempt to exploit an authentication-bypass vulnerability in the Microsoft Windows IIS server.
The vulnerability is caused by an error that occurs when the vulnerable
software handles a malicious Web DAV request. A remote attacker may exploit this to bypass the authentication via a crafted HTTP request.
Affected Products:
Microsoft Internet Information Services 5.0
Reference IDs:
|
Description:
This indicates an attack attempt against an information-disclosure vulnerability in the Windows Print Spooler.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to load an arbitrary DLL to the spooler.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Reference IDs:
|
Description:
This indicates an exploit attempt against the sql injection vulnerability in Oracle database system.
The vulnerability lies in the SYS.LT.ROLLBACKWORKSPACE procedure of Oracle database. A specially crafted parameters could allow attacker to execute SQL statements with SYS or WMSYS privileges.
Affected Products:
Oracle 10g R1
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 39 )
High ( 44 )
Medium ( 15 )
Low ( 9 )
Info ( 3 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 10 of 33 )
High ( 13 of 24 )
Medium ( 3 of 10 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, June 15, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
