| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.653 - 2.657 |
| Coverage Release Date | Jun 15, 2009 - Jun 25, 2009 |
| Published Date | Tuesday, June 30, 2009 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 21 | 4 | | High | 19 | 9 | | Medium | 15 | 10 | | Low | 3 | - | | Info | 8 | n/a | | Total | 66 | 23 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 23 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.657 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 9 )
Description:
This indicates an attack attempt to exploit a remote code-execution vulnerability in Apple Quicktime.
The vulnerability results from insecure code responsible for parsing malformed description atoms. It can be exploited via a crafted MOV file, leading to remote code execution.
Affected Products:
Apple QuickTime Player 7.6.1
Apple QuickTime Player 7.5.5
Apple QuickTime Player 7.4.5
Apple QuickTime Player 7.4.1
Apple QuickTime Player 7.3.1 .70
Apple QuickTime Player 7.3.1
Apple QuickTime Player 7.1.6
Apple QuickTime Player 7.1.5
Apple QuickTime Player 7.1.4
Apple QuickTime Player 7.1.3
Apple QuickTime Player 7.1.2
Apple QuickTime Player 7.1.1
Apple QuickTime Player 7.0.4
Apple QuickTime Player 7.0.3
Apple QuickTime Player 7.0.2
Apple QuickTime Player 7.0.1
Apple QuickTime Player 7.0
Apple QuickTime Player 6.5.2
Apple QuickTime Player 6.5.1
Apple QuickTime Player 6.5
Apple QuickTime Player 6.1
Apple QuickTime Player 5.0.2
Apple QuickTime Player 7.6
Apple QuickTime Player 7.5
Apple QuickTime Player 7.4
Apple QuickTime Player 7.4
Apple QuickTime Player 7.3
Apple QuickTime Player 7.2
Apple QuickTime Player 7.1
Apple QuickTime Player 6.4
Apple QuickTime Player 6
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in the Autonomy KeyView SDK.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted WordPerfect (WPD) file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Autonomy Keyview Viewer SDK 10.4
Autonomy Keyview Viewer SDK 10.3
Autonomy Keyview Viewer SDK 10
Autonomy Keyview Filter SDK 10.4
Autonomy Keyview Filter SDK 10.3
Autonomy Keyview Filter SDK 10
Autonomy Keyview Export SDK 10.4
Autonomy Keyview Export SDK 10.3
Autonomy Keyview Export SDK 10
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in BS Player.
The vulnerability is caused by an error when the vulnerable software handles a malicious .bsl playlist. It allows a remote attacker to execute arbitrary code via sending a crafted .bsl file.
Affected Products:
BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier
Reference IDs:
|
Description:
This indicates an attack attempt against a code execution vulnerability in
Apple Safari.
The vulnerability is caused by an error when the vulnerable software handles
some DHTML objects. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Apple Safari 3.1.2 for Windows
Reference IDs:
|
Description:
This indicates an attack attempt against an integer-overflow vulnerability in HP OpenView Network Node Manager software.
The vulnerability is caused by an error when the ovalarmsrv.exe server handles a specially crafted request. It allows a remote attacker to execute arbitrary code.
Affected Products:
HP OpenView Network Node Manager (OV NNM) version 7.01
HP OpenView Network Node Manager (OV NNM) version 7.51
HP OpenView Network Node Manager (OV NNM) version 7.53
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in the PowerPoint 4.0 converter which ships with PowerPoint 2000 through PowerPoint 2003.
The vulnerability is caused by a boundary error when the vulnerable software handles a specially crafted PowerPoint file. It may allow a remote attacker to execute arbitrary code.
Affected Products:
Microsoft PowerPoint 2003 SP3
Microsoft PowerPoint 2003 SP2
Microsoft PowerPoint 2003 SP1
Microsoft PowerPoint 2003
Microsoft PowerPoint 2002 SP3
Microsoft PowerPoint 2002 SP2
Microsoft PowerPoint 2002 SP1
Microsoft PowerPoint 2002
Microsoft PowerPoint 2000 SP3
Microsoft PowerPoint 2000 SP2
Microsoft PowerPoint 2000 SP1
Microsoft PowerPoint 2000
Reference IDs:
|
Description:
This indicates a possible attack against a stack-based overflow vulnerability in WordPerfect 6.x Converter in Microsoft Office Word 2000 SP3.
The vulnerability is caused by the inability of Microsoft Office Converter to properly check the length field in a WordPerfect 6.x file, leading to possible remote arbitrary code execution.
Affected Products:
WordPerfect 6.x Converter in Microsoft Office Word 2000 SP3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Symantec Alert Originator Service component shipped with Symantec Client Security software.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted packet. It allows a remote attacker to execute arbitrary code.
Affected Products:
Symantec AntiVirus Corporate Edition version 9.0 MR6 and prior
Symantec AntiVirus Corporate Edition version 10.0 (all versions)
Symantec AntiVirus Corporate Edition version 10.1 MR7 and prior
Symantec AntiVirus Corporate Edition version 10.2 MR1 and prior
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in UltraISO.
The vulnerability is caused by an error when the vulnerable software handles a malicious .ccd or .img file. It allows a remote attacker to execute arbitrary code via sending a crafted .ccd or .img file.
Affected Products:
UltraISO 9.3.3.2685 and earlier
Reference IDs:
|
High ( 5 )
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in ACDSee.
The vulnerability is caused by an error when the vulnerable software handles a malicious .tiff file. It allows a remote attacker to execute arbitrary code via sending a crafted .tiff file.
Affected Products:
ACDSee 9.x
ACDSee Photo Manager 10.x
ACDSee Photo Manager 2009 11.x
ACDSee Pro 2 Photo Manager 2.x
Reference IDs:
|
Description:
This indicates an attack attempt against a format string vulnerability in Oracle Application Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code.
Affected Products:
Oracle Application Server 10g 10.1.2.3
Reference IDs:
|
Description:
This indicates an attack attempt against an SQL-injection vulnerability in Oracle Database Server product.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted DBMS_AQADM_SYS packet. It allows a remote attacker to execute arbitrary SQL code within the security context of the database administrator.
Affected Products:
Oracle Database 11g 11.1.0.6
Oracle Database 11g 11.1.0.7
Oracle Database 10g Release 2 versions 10.2.0.3
Oracle Database 10g Release 2 versions 10.2.0.4
Oracle Database 10g 10.1.0.5
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a buffer-overflow vulnerability in SAP GUI.
The vulnerability is located in the "sapirrfc.dll" ActiveX control through
misuse of the "Access()" method. It may allow remote attackers to execute
arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition.
Affected Products:
SAP GUI Version 6.4
Reference IDs:
|
Description:
This indicates an attack attempt against a command-inject vulnerability in Ston3d Player.
The vulnerability is caused by an error when the vulnerable software handles a malicious lua script. It allows a remote attacker to execute arbitrary code via sending a crafted .stk file.
Affected Products:
Win32
S3DPlayer Web v1.6.0.0
S3DPlayer StandAlone v1.6.2.4
S3DPlayer StandAlone v1.7.0.1
MacOS
S3DPlayer Web v1.6.0.0
S3DPlayer StandAlone v1.6.2.4
Linux
S3DPlayer StandAlone v1.6.2.4
Reference IDs:
|
Medium ( 3 )
Description:
This indicates an attack attempt against a denial-of-service vulnerability in the Apache HTTP server SSL module, mod_ssl.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted encrypted communication. It allows a remote attacker to cause an Apache child process to enter an infinite loop.
Affected Products:
Apache HTTP Server 2.0
Apache HTTP Server 2.0.28
Apache HTTP Server 2.0.32
Apache HTTP Server 2.0.35
Apache HTTP Server 2.0.36
Apache HTTP Server 2.0.37
Apache HTTP Server 2.0.38
Apache HTTP Server 2.0.39
Apache HTTP Server 2.0.40
Apache HTTP Server 2.0.41
Apache HTTP Server 2.0.42
Apache HTTP Server 2.0.43
Apache HTTP Server 2.0.44
Apache HTTP Server 2.0.45
Apache HTTP Server 2.0.46
Apache HTTP Server 2.0.47
Apache HTTP Server 2.0.48
Apache HTTP Server 2.0.49
Apache HTTP Server 2.0.50
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Apple CUPS.
The vulnerability is caused by an error when the vulnerable software handles malformed attributes. It allows a remote attacker to cause a denial of service via sending a crafted IPP request.
Affected Products:
CUPS 1.1.17
CUPS 1.1.23
CUPS 1.3.6
CUPS 1.3.7
CUPS 1.3.8
CUPS 1.3.9
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Oracle Database Server.
The vulnerability is caused by an error when the TNS Listener component handles a specially crafted TNS data packet.
Affected Products:
Oracle Oracle9i 9.2.0.8
Oracle Oracle9i 9.2.0.8dv
Oracle Oracle10g 10.1.0.5
Oracle Oracle10g 10.2.0.4
Oracle Oracle11g 11.1.0.7
Reference IDs:
|
Low ( 1 )
Description:
This indicates an attack attempt against an information-disclosure vulnerability in the Application Express component in Oracle Database.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP reqeust. It allows an authenticated attacker obtain access to password hashes via certain database views.
Affected Products:
Oracle Oracle11g 11.1.0.7
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 17 )
High ( 17 )
Medium ( 14 )
Low ( 4 )
Info ( 8 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 4 of 21 )
High ( 9 of 19 )
Medium ( 10 of 14 )
Low ( 0 of 3 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Tuesday, June 30, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
