| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.75 - 2.757 |
| Coverage Release Date | - Feb 12, 2010 |
| Published Date | Monday, February 15, 2010 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 21 | 7 | | High | 32 | 13 | | Medium | 12 | 6 | | Low | 4 | 1 | | Info | - | n/a | | Total | 69 | 27 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 27 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.757 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
 Critical ( 11 )
Description:
This indicates an attempt to exploit a code-execution vulnerability in AOL.
The vulnerability is located in the "Phobos.dll" ActiveX control through
misuse of the "Import" method. It may allow remote attackers to execute
arbitrary code in the context of the application using the affected ActiveX
control. Failed exploit attempts will likely cause the program to crash,
resulting in a denial-of-service condition.
Affected Products:
AOL 9.5
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft DirectShow.
The vulnerability is caused by an error when the vulnerable software opens a malformed AVI file. It may allow remote attackers to execute arbitrary code by sending a crafted AVI file.
Affected Products:
AVI Filter on Microsoft Windows 2000 Service Pack 4
AVI Filter on Windows XP Service Pack 2 and Windows XP Service Pack 3
AVI Filter on Windows XP Professional x64 Edition Service Pack 2
AVI Filter on Windows Server 2003 Service Pack 2
AVI Filter on Windows Server 2003 x64 Edition Service Pack 2
AVI Filter on Windows Server 2003 with SP2 for Itanium-based Systems
Quartz
Quartz on Microsoft Windows 2000 Service Pack 4
Quartz on Windows XP Service Pack 2 and Windows XP Service Pack 3
Quartz on Windows XP Professional x64 Edition Service Pack 2
Quartz on Windows Server 2003 Service Pack 2
Quartz on Windows Server 2003 x64 Edition Service Pack 2
Quartz on Windows Server 2003 with SP2 for Itanium-based Systems
Quartz on Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Quartz on Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Quartz on Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Quartz on Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Quartz on Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Quartz on Windows 7 for 32-bit Systems
Quartz on Windows 7 for x64-based Systems
Quartz on Windows Server 2008 R2 for x64-based Systems
Quartz on Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Office PowerPoint.
The vulnerability is caused by an error when the vulnerable software handles a .ppt file that includes a malicious "OEPlaceholderAtom" atom. It may allow remote attackers to execute arbitrary code by sending a crafted PPT file.
Affected Products:
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft Office.
The vulnerability is caused by an error when the "MSO.DLL" library handles a malicious ".xls" file. It may allow remote attackers to execute arbitrary code by sending a crafted XLS file.
Affected Products:
Microsoft Office XP Service Pack 3
Microsoft Office for Mac
Microsoft Office 2004 for Mac
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer-overflow vulnerability in Microsoft Paint.
The vulnerability is caused by an error when MS Paint decodes a malformed JPEG file. It may allow remote attackers to execute arbitrary code by sending a crafted JPEG file.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a privilege-escalation vulnerability in Oracle Database.
This vulnerability allows attackers to gain complete control of the database.
Affected Products:
Oracle Database 11g version 11.1.0.7 and earlier versions
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in RealPlayer.
The vulnerability is caused by an error when the vulnerable software handles
malicious "ASMRuleBook" structures. It allows a remote attacker to execute
arbitrary code via sending a video file.
Affected Products:
RealNetworks RealPlayer
Reference IDs:
|
Description:
This indicates an attempt to exploit a heap-overflow vulnerability in RealNetworks RealPlayer.
This issue is caused by an error when the vulnerable softare handles a GIF file that includes too many undefined blocks. It may allow remote attackers to execute arbitrary code or crash the vulnerable software by sending a special crafted GIF file.
Affected Products:
Real Networks RealPlayer SP 1.0.1
Real Networks RealPlayer SP 1.0
Real Networks RealPlayer Enterprise 1.7
Real Networks RealPlayer Enterprise 1.6
Real Networks RealPlayer Enterprise 1.5
Real Networks RealPlayer Enterprise 1.2
Real Networks RealPlayer Enterprise 1.1
Real Networks RealPlayer Enterprise
Real Networks RealPlayer 10 for Mac OS 10.0 503
Real Networks RealPlayer 10 for Mac OS 10.0 481
Real Networks RealPlayer 10 for Mac OS 10.0 412
Real Networks RealPlayer 10 for Mac OS 10.0 396
Real Networks RealPlayer 10 for Mac OS 10.0 352
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Mac OS
Real Networks RealPlayer 10 for Linux 10.1
Real Networks RealPlayer 10 for Linux 10.0.9
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10 for Linux 10.0.4
Real Networks RealPlayer 10 for Linux 10.0.3
Real Networks RealPlayer 10 for Linux 10.0.2
Real Networks RealPlayer 10 for Linux 10.0.1
Real Networks RealPlayer 10 for Linux
Real Networks RealPlayer 11.0.5
Real Networks RealPlayer 11.0.4
Real Networks RealPlayer 11.0.3
Real Networks RealPlayer 11.0.2
Real Networks RealPlayer 11.0.1
Real Networks RealPlayer 10.5 v6.0.12.1741
Real Networks RealPlayer 10.5 v6.0.12.1698
Real Networks RealPlayer 10.5 v6.0.12.1675
Real Networks RealPlayer 10.5 v6.0.12.1663
Real Networks RealPlayer 10.5 v6.0.12.1483
Real Networks RealPlayer 10.5 v6.0.12.1235
Real Networks RealPlayer 10.5 v6.0.12.1069
Real Networks RealPlayer 10.5 v6.0.12.1059
Real Networks RealPlayer 10.5 v6.0.12.1056
Real Networks RealPlayer 10.5 v6.0.12.1053
Real Networks RealPlayer 10.5 v6.0.12.1040
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 11
Reference IDs:
|
Description:
This indicates an attempt to exploit a heap-overflow vulnerability in RealNetworks RealPlayer.
This issue is caused by an error when the vulnerable software handles an ".rm" file that includes malicious SIPR data. It may allow remote attackers to execute arbitrary code or crash the vulnerable software by sending a special crafted RMFF file.
Affected Products:
Real Networks RealPlayer SP 1.0.1
Real Networks RealPlayer SP 1.0
Real Networks RealPlayer Enterprise 1.7
Real Networks RealPlayer Enterprise 1.6
Real Networks RealPlayer Enterprise 1.5
Real Networks RealPlayer Enterprise 1.2
Real Networks RealPlayer Enterprise 1.1
Real Networks RealPlayer Enterprise
Real Networks RealPlayer 10 for Mac OS 10.0 503
Real Networks RealPlayer 10 for Mac OS 10.0 481
Real Networks RealPlayer 10 for Mac OS 10.0 412
Real Networks RealPlayer 10 for Mac OS 10.0 396
Real Networks RealPlayer 10 for Mac OS 10.0 352
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0 .0.331
Real Networks RealPlayer 10 for Mac OS 10.0.0.325
Real Networks RealPlayer 10 for Mac OS 10.0.0.305
Real Networks RealPlayer 10 for Mac OS
Real Networks RealPlayer 10 for Linux 10.1
Real Networks RealPlayer 10 for Linux 10.0.9
Real Networks RealPlayer 10 for Linux 10.0.8
Real Networks RealPlayer 10 for Linux 10.0.7
Real Networks RealPlayer 10 for Linux 10.0.6
Real Networks RealPlayer 10 for Linux 10.0.5
Real Networks RealPlayer 10 for Linux 10.0.4
Real Networks RealPlayer 10 for Linux 10.0.3
Real Networks RealPlayer 10 for Linux 10.0.2
Real Networks RealPlayer 10 for Linux 10.0.1
Real Networks RealPlayer 10 for Linux
Real Networks RealPlayer 11.0.5
Real Networks RealPlayer 11.0.4
Real Networks RealPlayer 11.0.3
Real Networks RealPlayer 11.0.2
Real Networks RealPlayer 11.0.1
Real Networks RealPlayer 10.5 v6.0.12.1741
Real Networks RealPlayer 10.5 v6.0.12.1698
Real Networks RealPlayer 10.5 v6.0.12.1675
Real Networks RealPlayer 10.5 v6.0.12.1663
Real Networks RealPlayer 10.5 v6.0.12.1483
Real Networks RealPlayer 10.5 v6.0.12.1235
Real Networks RealPlayer 10.5 v6.0.12.1069
Real Networks RealPlayer 10.5 v6.0.12.1059
Real Networks RealPlayer 10.5 v6.0.12.1056
Real Networks RealPlayer 10.5 v6.0.12.1053
Real Networks RealPlayer 10.5 v6.0.12.1040
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.5
Real Networks RealPlayer 11
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in RealNetworks Realplayer.
The vulnerability is caused by an error when the vulnerable software handles
a malicious skin file. It allows a remote attacker to execute arbitrary code via sending a crafted file.
Affected Products:
RealNetworks RealPlayer 11 and earlier versions
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in RealNetworks RealPlayer.
The vulnerability is caused by an error when the vulnerable software handles
malicious RDT packets. It allows a remote attacker to execute
arbitrary code via sending crafted packets.
Affected Products:
RealNetworks RealPlayer
Reference IDs:
|
High ( 16 )
Adobe.0day.18162
Event ID: 18162 |
Release Date: Feb 02, 2010
IPS Definitions DB Version: 2.751 |
Description:
This indicates an attack attempt against a zero-day vulnerability discovered by the FortiGuard Global Security Research Team. This signature should help mitigate the zero-day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details about our discovery will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a zero-day (unpatched) vulnerability that has been discovered by the FortiGuard Global Security Research Team.
|
Adobe.0day.18163
Event ID: 18163 |
Release Date: Feb 02, 2010
IPS Definitions DB Version: 2.751 |
Description:
This signature has been released by the FortiGuard Global Security Research Team in order to protect against a zero-day vulnerability. This signature should help mitigate the zero-day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a zero-day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team.
|
Adobe.0day.18211
Event ID: 18211 |
Release Date: Feb 11, 2010
IPS Definitions DB Version: 2.756 |
Description:
This indicates an attack attempt against a zero-day vulnerability protected by the signature which has been released by Fortinet's FortiGuard Labs. This signature should help mitigate the zero-day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time.
Affected Products:
This is a Zero-Day (unpatched) vulnerability that is currently being investigated by Fortinet's FortiGuard Labs.
Reference IDs:
|
Aurora.Backdoor.CC
Event ID: 18128 |
Release Date: Feb 02, 2010
IPS Definitions DB Version: 2.751 |
Description:
This indicates an attempt from the Aurora Backdoor, used with the CVE-2010-0249 vulnerability, to contact their Command & Control Server.
Affected Products:
N/A
Reference IDs:
|
Description:
This indicates a possible unauthorized access to HP LaserJet printers.
The HP LaserJet printer may provide a shell without any authorization, which may be abused.
Affected Products:
HP LaserJet 4345mfp
HP Color LaserJet 4730mfp
HP LaserJet 9040mfp
HP LaserJet 9050mfp
HP 9200C Digital Sender
HP Color LaserJet 9500mfp
Reference IDs:
|
Imrabot.Botnet
Event ID: 18125 |
Release Date: Feb 05, 2010
IPS Definitions DB Version: 2.753 |
Description:
This indicates that the system might be infected by the Imrabot trojan.
Affected Products:
Any unprotected Windows system is vulnerable to the attack.
|
MS.0day.18176
Event ID: 18176 |
Release Date: Feb 05, 2010
IPS Definitions DB Version: 2.753 |
Description:
This indicates an attack attempt against an information-disclosure vulnerability in Microsoft Internet Explorer.
A remote attacker may exploit this vulnerability to get potentially sensitive information from local files via a specially crafted web page.
Affected Products:
Internet Explorer 5.01 SP4
Internet Explorer 6 SP1
Internet Explorer 7
Internet Explorer 8
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a remote command-execution vulnerability in Windows Script Host Runtime Library.
The vulnerability is located in the "wshom.ocx" ActiveX control through misuse of the "Exec" method. It may allow remote attackers to execute arbitrary command in the context of the application using the affected ActiveX control.
Affected Products:
Windows Script Host Runtime Library
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a memory-corruption vulnerability
in the IE framework.
The vulnerability is in an ActiveX control that is part of Microsoft Data Analyzer 3.5. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial-of-service condition.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 x64 Edition
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a memory-corruption vulnerability in Microsoft Office PowerPoint.
The vulnerability is caused by an error when the vulnerable software handles a .ppt file that includes a malicious "OEPlaceholderAtom" atom. It may allow remote attackers to execute arbitrary code by sending a crafted PPT file.
Affected Products:
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability
in IE.
It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a heap-based buffer-overflow
vulnerability in Samba client.
By sending a specially crafted SMB response to the SMB client, a remote attacker could overflow a buffer and execute arbitrary code on a vulnerable system.
Affected Products:
Windows Server 2008
Windows 7
Windows Server 2008 R2
Reference IDs:
|
Description:
This indicates an attack attempt against a remote-authenticated vulnerability in the Windows SMB server implementation.
The vulnerability is caused by insufficient checking of bounds when the vulnerable software copies user-supplied data to a buffer. It could allow a remote attacker to execute arbitrary code via a malformed SMB command.
Affected Products:
Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a weakness in the NTLM authentication used in Microsoft Windows SMB Server.
The vulnerability is caused by a cryptographic flaw. It may allow a remote attacker to gain privilege escalation.
Affected Products:
Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a stack-overflow vulnerability in
Oracle Secure backup.
The vulnerability is caused by an error when the vulnerable software handles
malicious DNS responses. It allows a remote attacker to execute arbitrary code via sending crafted DNS packets.
Affected Products:
Oracle Secure Backup version 10.2.0.3
Reference IDs:
|
Sasfis.Botnet
Event ID: 18124 |
Release Date: Feb 05, 2010
IPS Definitions DB Version: 2.753 |
Description:
This indicates that the system might be infected by the Sasfis trojan.
Affected Products:
Any unprotected Windows system is vulnerable to the attack.
|
Medium ( 7 )
Description:
This indicates an attack attempt to exploit an authentication-bypass vulnerability in 427BB.
The vulnerability is a result of the application's failure to properly check HTTP cookies. As a result, a remote attacker can send a crafted query to bypass authentication and gain administrative access on a vulnerable server.
Affected Products:
427BB 2.2 and 2.2.1
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a denial-of-service vulnerability
in Adobe Shockwave Flash. This vulnerability can be exploited via a crafted Flash file (SWF).
Affected Products:
Adobe Flash Player 10.0.42.34 and earlier versions
Adobe AIR version 1.5.3.1920 and earlier versions
Reference IDs:
|
Description:
This indicates an attempt to exploit a memory-corruption vulnerability in Windows Internet Explorer.
This issue is caused by an error when the vulernable software handles a script that includes misuse of the "createElement" method.It may allow remote attackers to execute arbitrary code or crash the vulnerable software by sending a specially crafted web page.
Affected Products:
Internet Explorer 6
Internet Explorer 7
Reference IDs:
|
Description:
This indicates an attack attempt against a vulnerability in the Kerberos authentication system on MS Windows, which could cause the Windows domain controller to reboot.
A remote attacker may exploit this by sending a malformed Kerberos TGS request to the target KDC.
Affected Products:
Windows 2000
Windows Server 2003
Windows Server 2008
Reference IDs:
|
Description:
This indicates an attack attempt against a denial-of-service vulnerability in Microsoft SMB Server.
The vulnerability is caused by insufficient bounds checking when the vulnerable software handles user-supplied data in a SMB packet. It can be exploited to cause denial of service on the remote system.
Affected Products:
Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Reference IDs:
|
Description:
This indicates an attack attempt against a directory-traversal vulnerability in the search engine for iPlanet web server and Netscape Enterprise Server.
A vulnerability has been reported in the search engine for iPlanet web server and Netscape Enterprise Server that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "NS-query-pat" parameter value. An attacker may browser arbitrary files by sending a crafted HTTP request.
Affected Products:
Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP1
Sun ONE Web Server 6.0
Sun ONE Web Server 4.1 SP10
Netscape Enterprise Server 3.6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 6.0
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server Enterprise Edition 4.1
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 6.0 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 6.0
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP9
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP8
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP7
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP6
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP5
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP4
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP3
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP2
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP10
iPlanet E-Commerce Solutions iPlanet Web Server 4.1 SP1
iPlanet E-Commerce Solutions iPlanet Web Server 4.1
Reference IDs:
|
Description:
This indicates an attack attempt against an SQL-injection vulnerability in Novell ZENworks Asset Management.
The vulnerability is caused by an error when the vulnerable software handles a malicious "Docfiiledownload" property. It allows a remote attacker to execute
SQL code on the remote backend server.
Affected Products:
Novell ZENworks Asset Management
Reference IDs:
|
Low ( 2 )
Description:
This indicates an attack attempt against a remote command-execution vulnerability in IP3 NetAccess web server.
A vulnerability has been reported in IP3 NetAccess web server that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value that is passed to "getfile.cgi". An attacker may browser arbitrary files by sending a crafted HTTP request.
Affected Products:
IP3 Networks NA 4.0
Reference IDs:
|
Description:
This indicates an attempt to exploit a heap-based buffer overflow vulnerability in Microsoft Internet Explorer.
The vulnerability is in the Javaprxy.dll COM object. It is a result of the IE browser's failure to sanitize embedded CLSIDs that reference certain COM objects in a web page. An attacker may plant a web page containing a malicious script, and persuade a victim to visit the web page by sending it as an HTML email or URL link. Successful exploitation allows the execution of arbitrary code, but requires that the file "javaprxy.dll" exist on the system.
Affected Products:
Internet Explorer 6.0 SP2 and earlier versions.
Reference IDs:
|
 Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 10 )
High ( 20 )
Medium ( 5 )
Low ( 2 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 7 of 21 )
High ( 12 of 31 )
Medium ( 6 of 12 )
Low ( 1 of 3 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, February 15, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
|
