| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.74 - 2.749 |
| Coverage Release Date | - Jan 29, 2010 |
| Published Date | Monday, February 01, 2010 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 17 | 9 | | High | 19 | 6 | | Medium | 6 | 4 | | Low | 3 | - | | Info | - | n/a | | Total | 45 | 19 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 19 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.749 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 10 )
Description:
This indicates an attack attempt to exploit a remote code-execution vulnerability in Adobe Shockwave Player which could be exploited by opening a specially crafted ".dir" file.
Affected Products:
Shockwave Player 11.5.2.602 and earlier versions for Windows and Macintosh
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a remote code-execution vulnerability in Adobe Shockwave Player.
The vulnerability is caused by an error when the vulnerable software handles a "DIR" file that includes an overly large integer value field. It can be exploited via a crafted ".dir" file, leading to remote code execution.
Affected Products:
Shockwave Player 11.5.2.602 and earlier versions for Windows and Macintosh
Reference IDs:
|
Description:
This indicates an attack attempt against a heap-based buffer-overflow vulnerability in Apple QuickTime on Windows.
The vulnerability is due to the software's inability to handle malformed Clipping Region (CRGN) atom types in a QuickTime movie file. A remote attacker may exploit this by sending a specially crafted movie file.
Affected Products:
Apple QuickTime before 7.6.2
Reference IDs:
|
Description:
This indicates a possible attack against a heap-based buffer-overflow vulnerability in Apple QuickTime.
The vulnerability is due to the software's inability to properly parse malformed JP2 images. A remote attacker may exploit this to execute arbitrary code or cause a denial-of-service condition.
Affected Products:
Apple QuickTime before 7.6.2
Reference IDs:
|
Description:
This signature is used to detect malformed PDF files which exploit critical vulnerabilities in Adobe products.
These vulnerabilities may allow remote attackers to execute arbitrary code in vulnerable systems.
Affected Products:
n/a
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a web page that includes script which contains a malicious event handler. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 in Windows 7 for 32-bit Systems
Internet Explorer 8 in Windows 7 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
Non-Affected Software
Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code.
Affected Products:
Microsoft Internet Explorer 6
Microsoft Internet Explorer 6 Service Pack 1
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software handles a web page that includes script which contains a malicious object handler. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for Windows XP Service Pack 2 and Windows XP Service Pack 3
Internet Explorer 6 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 Service Pack 2
Internet Explorer 6 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 6 for Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3
Internet Explorer 7 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 Service Pack 2
Internet Explorer 7 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Internet Explorer 7 in Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 8 for Windows XP Service Pack 2 and Windows XP Service Pack 3
Internet Explorer 8 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2
Internet Explorer 8 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Internet Explorer 8 in Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Internet Explorer 8 in Windows 7 for 32-bit Systems
Internet Explorer 8 in Windows 7 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft IE8.
The vulnerability is caused by an error when the vulnerable software handles a malicious web page. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Internet Explorer 8 for Windows XP Service Pack 2 and Windows XP Service Pack 3
Internet Explorer 8 for Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for Windows Server 2003 Service Pack 2
Internet Explorer 8 for Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Internet Explorer 8 in Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Internet Explorer 8 in Windows 7 for 32-bit Systems
Internet Explorer 8 in Windows 7 for x64-based Systems
Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems**
Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Torpig.Mebroot
Event ID: 18118 |
Release Date: Jan 22, 2010
IPS Definitions DB Version: 2.744 |
Description:
This indicates that the system might be infected by the Torpig trojan.
Affected Products:
Any unprotected Windows system is vulnerable to the attack.
Reference IDs:
|
High ( 7 )
Description:
This indicates a possible attack against a buffer-overflow vulnerability in BigAnt IM Server.
The vulnerability is due to the software's failure to perform adequate boundary checks on user input. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Huatu Software BigAnt IM Server 2.52 and prior
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in CA BrightStor ARCserve Backup.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted long message. It allows a remote attacker to execute arbitrary code.
Affected Products:
Computer Associates Server Protection Suite r2
Computer Associates Business Protection Suite for Microsoft SBS Std Ed r2
Computer Associates Business Protection Suite for Microsoft SBS Pre ed r2
Computer Associates Business Protection Suite r2
Computer Associates BrightStor Enterprise Backup 10.5
Computer Associates BrightStor ARCServe Backup for Windows 11.0
Computer Associates BrightStor ARCServe Backup 11.5
Computer Associates BrightStor ARCServe Backup 11.1
Computer Associates BrightStor ARCServe Backup 9.01
Reference IDs:
|
Description:
This indicates a possible attack against a format-string vulnerability in the HTTP service of HTTPDX HTTP server.
This vulnerability is due to the software's inability to properly handle specially crafted HTTP requests containing format specifiers. A remote attacker may exploit this to cause memory corruption or arbitrary code execution.
Affected Products:
HTTPDX server 1.5 and prior versions
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in
Mini_stream.
The vulnerability is caused by an error when the vulnerable software handles
a malicious PLS file. It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Mini-Stream 3.0.1.1
Reference IDs:
|
Description:
This indicates a possible attack against a buffer overflow vulnerability in NetTransport Download Manager which is a part of the NetXfer suite.
Affected Products:
Version 2.90.510 is affected, other versions may also be vulnerable.
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a buffer-overflow vulnerability
in Oracle Document Capture BlackIce.
The vulnerability may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition.
Affected Products:
Oracle Document Capture 10g version 10.1.3.5.0 and older version
Reference IDs:
|
Description:
This indicates an attack attempt against a directory-traversal vulnerability in the Pheap CMS web application.
A vulnerability has been reported in the Pheap CMS web application that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value. An attacker may read and modify arbitrary files by sending a crafted HTTP request.
Affected Products:
Pheap Pheap 2.0
Pheap Pheap 1.3
Pheap Pheap 1.1
Pheap Pheap 1.0
Reference IDs:
|
Medium ( 1 )
SMB.Response.DoS
Event ID: 17942 |
Release Date: Jan 19, 2010
IPS Definitions DB Version: 2.741 |
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Samba client.
The vulnerability is caused by improper bounds checking of incoming SMB packets. It may allow remote attackers to execute arbitrary code by sending a specially crafted SMB request to an SMB client. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition.
Affected Products:
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 62 )
High ( 59 )
Medium ( 24 )
Low ( 11 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 7 of 16 )
High ( 3 of 16 )
Medium ( 4 of 6 )
Low ( 0 of 2 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, February 01, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
