|
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 13 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.716 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 9 )
| Apple.QuickTime.FlashPix.File.Buffer.Overflow Event ID: 17721 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Apple QuickTime. The vulnerability is caused by an error when the vulnerable software handles a specially crafted FlashPix file. It allows a remote attacker to execute arbitrary code. Affected Products: Apple QuickTime Player 7.6.2 and previous versions Reference IDs: |
| Apple.QuickTime.H.264.Movie.File.Buffer.Overflow Event ID: 17862 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Apple QuickTime. The vulnerability is caused by an error when the vulnerable software handles a specially crafted H.264 movie file. It allows a remote attacker to execute arbitrary code. Affected Products: Apple QuickTime Player 7.6.2 and previous versions Reference IDs: |
| EasyMail.Objects.EMSMTP.DLL.ActiveX.Control.Access Event ID: 17881 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in the EasyMailSMTPObj ActiveX control in emsmtp.dll in the Quiksoft EasyMail SMTP Object. The vulnerability is caused by an error when the vulnerable software handles a specially crafted argument to the SubmitToExpress method. It allows a remote attacker to execute arbitrary code. Affected Products: Quiksoft EasyMail Objects 'emsmtp.dll' 6.0.1 PostCast PostCast Server Pro 3.0.61 Reference IDs: |
| Mozilla.Firefox.Frame.Constructor.Memory.Corruption Event ID: 17893 |
Release Date: Nov 16, 2009 IPS Definitions DB Version: 2.714 |
|
Description: This indicates an attack attempt against a memory-corruption vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox 2.0.4 and previous versions Reference IDs: |
| MS.Kernel.Font.Parsing.Integer.Overflow Event ID: 17923 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates a possible attack against an integer handling vulnerability in windows system, which could lead to Denial of Services or remote code execution. Affected Products: All current windows system. Reference IDs: |
| MS.License.Logging.Server.RPC.Code.Execution Event ID: 17919 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a buffer overflow vulnerability in Microsoft License Logging Server software. The vulnerability is caused by improper bounds checking when handling RPC packets. By sending a specially crafted RPC request to the RPC interface of the vulnerable software, a remote attacker could overflow a buffer and execute arbitrary code on a vulnerable system. Affected Products: Microsoft Windows 2000 Server Service Pack 4 Reference IDs: |
| MS.WSDAPI.Message.Handling.Memory.Corruption Event ID: 17929 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a memory corruption vulnerability in Microsoft WSDAPI service. The vulnerability is caused by an error when the vulnerable software handling HTTP request and response message. By sending a specially crafted HTTP request or response to the the vulnerable software, a remote attacker could execute arbitrary code on a vulnerable system. Affected Products: Windows Vista Windows Server 2008 Reference IDs: |
| OpenOffice.Word.Document.Table.Parsing.Heap.Overflow Event ID: 17859 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in OpenOffice. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Microsoft Word document. It allows a remote attacker to execute arbitrary code. Affected Products: OpenOffice.org versions 3.1.0 and previous versions OpenOffice.org versions 2.4.2 and previous versions Reference IDs: |
| OpenOffice.Word.Document.Table.Parsing.Integer.Underflow Event ID: 17858 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt against an integer-underflow vulnerability in OpenOffice. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Microsoft Word document. It allows a remote attacker to execute arbitrary code. Affected Products: OpenOffice.org versions 3.1.0 and previous versions OpenOffice.org versions 2.4.2 and previous versions Reference IDs: |
High ( 20 )
| AtHocGov.IWSAlerts.ActiveX.Buffer.Overflow Event ID: 17852 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt to exploit a memory-corruption vulnerability in AtHocGov IWSAlerts. The vulnerability is located in the "AtHocGovTBr.dll" ActiveX control through misuse of the "CompleteInstallation()" property. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Affected Products: AtHocGov IWSAlerts 6.1.4.36 Reference IDs: |
| EbCrypt.ActiveX.Control.SaveToFile.Arbitrary.File.Overwrite Event ID: 17882 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against an arbitrary-file-overwrite vulnerability in EB Design ebCrypt. The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to create or overwrite arbitrary files via the SaveToFile method. Affected Products: EB Design Pty Ltd ebCrypt 2.0 Reference IDs: |
| InterSystems.Cache.Argument.Buffer.Overflow Event ID: 17900 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in InterSystems Cache. The vulnerability is caused by an error when the vulnerable software handles a crafted GET request. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: InterSystems Cache version 2009.1 Reference IDs: |
| Lightweight.Calendar.Code.Execution Event ID: 17902 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt against a code-execution vulnerability in Lightweight calendar. The vulnerability is caused by an error when the vulnerable software handles a malicious GET request. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: Light Weight Calendar 1.x Reference IDs: |
| Lizard.CMS.Id.SQL.Injection Event ID: 17903 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt against an SQL-injection vulnerability in Lizard Cart CMS. The vulnerability is caused by an error when the vulnerable software handles a malicious GET request. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: Lizard Cart CMS 1.x Reference IDs: |
| LSASS.LDAP.Stack.Overflow Event ID: 17928 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a denial of service vulnerability in Microsoft Active Directory. The vulnerability is caused by an error when the vulnerable software handles a malicious LDAP request. It allows a remote attacker to cause DoS via sending crafted LDAP request. Affected Products: Active Directory: Microsoft Windows 2000 Server Service Pack 4 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2* Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2* Active Directory Application Mode (ADAM) Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Active Directory Lightweight Directory Service (AD LDS) Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2* Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2* Reference IDs: |
| Mozilla.Firefox.Javascript.Engine.Function.Integer.Overflow Event ID: 17899 |
Release Date: Nov 17, 2009 IPS Definitions DB Version: 2.715 |
|
Description: This indicates an attack attempt against an integer overflow vulnerability in the Javascript engine in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox 1.5.0.4 and previous versions Reference IDs: |
| Mozilla.Products.Overflow.Event.Handle.Memory.Corruption Event ID: 14922 |
Release Date: Nov 17, 2009 IPS Definitions DB Version: 2.715 |
|
Description: This indicates a vulnerability in several Mozilla products. The vulnerability is caused by an error that occurs when the vulnerable software handles an overflow event. It allows remote attackers to cause a denial of service via a malicious web page. Affected Products: Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, SeaMonkey 1.0.9 and 1.1.2 Reference IDs: |
| MS.Office.Excel.FeatHdr.BIFF.Record.Code.Execution Event ID: 17925 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.Office.Excel.Formula.Ptg.Code.Execution Event ID: 17930 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.Office.Excel.Formula.Record.Code.Execution Event ID: 17927 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.Office.Excel.Row.Record.Integer.Field.Code.Execution Event ID: 17926 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.Office.Excel.StartObject.Record.Code.Execution Event ID: 17932 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.Office.Excel.SXDB.Record.Type.Code.Execution Event ID: 17920 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.Office.Excel.SxView.Record.Code.Execution Event ID: 17924 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a remote code execution vulnerability in Microsoft Office Excel. The vulnerability is caused by an error when the vulnerable software handles a specially crafted Excel file. It allows a remote attacker to execute arbitrary code. Affected Products: Microsoft Office XP Service Pack 3 Microsoft Office 2003 Service Pack 3 Microsoft Office Excel 2007 Service Pack 1 Microsoft Office Excel 2007 Service Pack 2 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Microsoft Office Excel Viewer 2003 Service Pack 3 Microsoft Office Excel Viewer Service Pack 1 Microsoft Office Excel Viewer Service Pack 2 Reference IDs: |
| MS.SQL.Server.Payload.Execution Event ID: 17854 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt against a remote code-execution vulnerability in Microsoft SQL Server. The vulnerability is caused by improper bounds checking in the xp_cmdshell stored procedure. As a result, a remote attacker can send a crafted query to execute arbitrary code on a vulnerable server. Affected Products: Microsoft SQL Server 7.0 SP3 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP2 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 SP1 - Microsoft SQL Server 7.0 - Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 - Microsoft BackOffice 4.5 - Microsoft BackOffice 4.5 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0 Reference IDs: |
| MS.Word.Nfib.Memory.Corruption Event ID: 17933 |
Release Date: Nov 12, 2009 IPS Definitions DB Version: 2.713 |
|
Description: This indicates an attack attempt against a memory corruption vulnerability in Microsoft Office Word. The vulnerability is caused by an error when the vulnerable software handles a malicious .DOC file. It allows a remote attacker to execute arbitrary code by sending specially crafted Document file. Affected Products: Microsoft Office Word 2002 Service Pack 3 Microsoft Office Word 2003 Service Pack 3 Microsoft Office 2004 for Mac Microsoft Office 2008 for Mac Open XML File Format Converter for Mac Microsoft Office Word Viewer 2003 Service Pack 3 Microsoft Office Word Viewer Reference IDs: |
| Symantec.ConsoleUtilities.ActiveX.Control.Buffer.Overflow Event ID: 17897 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Symantecs ConsoleUtilities ActiveX Control (AeXNSConsoleUtilities.dll V6.0.0.1846), which could be exploited by sending an overly long string to the "BrowseAndSaveFile()" method. Affected Products: AeXNSConsoleUtilities.dll Version 6.0.0.1846 Reference IDs: |
| VEGO.Web.Forum.Theme.ID.SQL.Injection Event ID: 17905 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt to exploit an SQL-injection vulnerability in VEGO Web Forum. The vulnerability is a result of the application's failure to properly sanitize user input before using it in a SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. Affected Products: VEGO Web Forum 1.26 and the prior Reference IDs: |
| Venom.Board.Post.PHP3.Topic.ID.SQL.Injection Event ID: 17904 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt to exploit an SQL-injection vulnerability in Venom Board. The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. Affected Products: Venom Board 1.22 Reference IDs: |
Medium ( 6 )
| 427BB.Showthread.PHP.ForumID.Parameter.SQL.Injection Event ID: 17868 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt to exploit an SQL-injection vulnerability in 427BB. The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. Affected Products: 427BB 2.2 427BB 2.2.1 Reference IDs: |
| ADNForum.Index.PHP.FID.Parameter.SQL.Injection Event ID: 17867 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt to exploit an SQL-injection vulnerability in ADNForum. The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. Affected Products: ADNForum 1.0 Reference IDs: |
| Chimera.Web.Portal.Linkcategory.Id.Parameter.SQL.Injection Event ID: 17872 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt to exploit an SQL-injection vulnerability in Chimera Web Portal System. The vulnerability is a result of the application's failure to properly sanitize user input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server. Affected Products: Chimera Web Portal version 0.2 Reference IDs: |
| Mozilla.Firefox.GeckoActiveXObject.Race.Condition Event ID: 17895 |
Release Date: Nov 17, 2009 IPS Definitions DB Version: 2.715 |
|
Description: This indicates an attack attempt against a race-condition vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to execute arbitrary code. Affected Products: Mozilla Firefox version 1.5.0.4 and previous versions Reference IDs: |
| MS.IE.Temporary.Internet.Folder.Access Event ID: 17873 |
Release Date: Nov 10, 2009 IPS Definitions DB Version: 2.712 |
|
Description: This indicates an attack attempt against an information-disclosure vulnerability in Internet Explorer. The vulnerability is caused by an error when the vulnerable software handles a malicious web response. It allows a remote attacker to obtain user information via sending a crafted web page. Affected Products: Internet Explorer 5.01 through 6.0 Reference IDs: |
| SafeNet.SoftRemote.GROUPNAME.Buffer.Overflow Event ID: 17907 |
Release Date: Nov 19, 2009 IPS Definitions DB Version: 2.716 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in SafeNet SoftRemote Security Policy Editor. The vulnerability is caused by an error when the vulnerable software handles a malicious file (.spd). It allows a remote attacker to execute arbitrary code via sending a malicious file. Affected Products: SafeNet SoftRemote Security Policy Editor older than 10.8.5 Reference IDs: |
Low ( 1 )
| Mozilla.Firefox.Javascript.BOM.Characters.XSS Event ID: 17898 |
Release Date: Nov 17, 2009 IPS Definitions DB Version: 2.715 |
|
Description: This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in Mozilla Firefox. The vulnerability is caused by an error when the vulnerable software handles a specially crafted webpage. It allows a remote attacker to conduct XSS attacks. Affected Products: Mozilla Firefox 3.0.1 and previous versions Mozilla Firefox 2.0.0.16 and previous versions Reference IDs: |
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 9 )
| Event Name | Revision Notes |
|---|---|
| Adobe.Acrobat.U3D.Line.Set.Heap.Corruption | Detection Enhanced |
| CGI.WebBBS.Remote.Command.Execution | Detection Enhanced |
| Mozilla.Firefox.Frame.Constructor.Memory.Corruption | Detection Enhanced |
| MS.DirectX.MJPEG.Stream.Handling.Code.Execution | Default_action updated to 'pass Detection Enhanced |
| MS.Office.Web.Components.Invalid.Reference | Detection Enhanced |
| MS.PowerPoint.CurrentUserAtom.Remote.Code.Execution | Detection Enhanced |
| MS.PowerPoint.PSTExEmbed.Code.Execution | Default_action updated to 'pass Detection Enhanced |
| MS.PowerPoint.PSTSoundEntity.Code.Execution | Detection Enhanced |
| MS.Word.Malformed.Record.Memory.Corruption | Default_action updated to 'pass Detection Enhanced |
High ( 9 )
| Event Name | Revision Notes |
|---|---|
| CA.BrightStor.ARCserve.Backup.MediaSVR.EXE.Buffer.Overflow | Previous name: "CA.BrightStor.ARCserve.Backup.Medi... Detection Enhanced Detection Enhanced |
| DameWare.Mini.Remote.Control.Server.Buffer.Overflow | Detection Enhanced |
| Joomla.Upload.Code.Execution | Detection Enhanced |
| Mozilla.Browsers.JavaScript.Navigator.Object.Memory.Corruption | Default_action updated to 'pass Detection Enhanced |
| Mozilla.Firefox.NsTextFrame.ClearTextRun.Memory.Corruption | Detection Enhanced |
| MS.IE.OnBeforeUnload.Browser.Entrapment | Default_action updated to 'pass Detection Enhanced |
| MS.MSXML.Race.Condition.Memory.Corruption | Default_action updated to 'pass Detection Enhanced |
| MS.PowerPoint.File.Unspecified.Memory.Corruption | Detection Enhanced |
| MS.Windows.X509.OID.Spoofing | Detection Enhanced |
Medium ( 8 )
| Event Name | Revision Notes |
|---|---|
| Cybozu.Garoon.Workflow.SQL.Injection | Detection Enhanced |
| Cybozu.Share360.Arbitrary.File.Retrieval | Detection Enhanced |
| ExoPHPDesk.faq.php.Remote.SQL.Injection | Detection Enhanced |
| FG-VD-08-022-Apple | Detection Enhanced |
| ISC.Bind.Remote.Dynamic.Update.Message.DoS | Detection Enhanced |
| LCDproc.LCDd.Buffer.Overflow | Detection Enhanced |
| MS.IE.XMLHttpRequest.Http.Header.Overwritten | Default_action updated to 'pass Detection Enhanced |
| MS.IIS.WebDAV.Authentication.Bypass | Detection Enhanced |
Low ( 1 )
| Event Name | Revision Notes |
|---|---|
| MS.IE.Keystroke.Events.Handling.Arbitrary.File.Upload | Detection Enhanced |
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 6 of 17 )
High ( 3 of 29 )
Medium ( 4 of 14 )
Low ( 0 of 2 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| Mozilla.Firefox.Javascript.BOM.Characters.XSS | No | n/a |
| MS.IE.Keystroke.Events.Handling.Arbitrary.File.Upload | No | n/a |
Top of Section
Document History
| Revision Date | Version Number | |
|---|---|---|
| Monday, November 23, 2009 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
