| Threat Type | Multiple Vulnerabilities |
IPS Definition
DB Versions | 2.796 - 2.805 |
| Coverage Release Date | Apr 27, 2010 - May 07, 2010 |
| Published Date | Monday, May 10, 2010 |
| Version # | 1 |
| |
| Severity | Number of
Vulnerabilities | Active
Exploitation |
| Critical | 20 | 7 | | High | 7 | 2 | | Medium | 4 | 3 | | Low | 2 | 1 | | Info | 1 | n/a | | Total | 34 | 13 |
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 13 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.805 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 13 )
Description:
This indicates an attack attempt to exploit a code execution vulnerability in Apple OS X.
The vulnerability is caused by an error when the vulnerable system is handling an internet enabled disk image files. It can be exploited via a crafted ".dmg" file
leading to remote code execution.
Affected Products:
Apple Mac OS X before 10.6.3
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a code-execution vulnerability in Apple QuickTime.
The vulnerability results from insecure code in the DLL responsible for parsing QuickTime media file with malformed "genl" atom. It can be exploited via a crafted ".mov" file, leading to remote code execution.
Affected Products:
QuickTime in Apple Mac OS X before 10.6.3
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a code-execution vulnerability in Apple QuickTime.
The vulnerability results from insecure code in the DLL responsible for parsing QuickTime media file. It can be exploited via a crafted ".3g2" file with malformed H.263 sample data, leading to remote code execution.
Affected Products:
QuickTime in Apple Mac OS X before 10.6.3
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a code execution vulnerability in Apple QuickTime.
The vulnerability results from insecure code in the DLL responsible for parsing QuickTime media file with malformed MJPEG sample dimensions data. It can be exploited via a crafted ".mov" file leading to remote code execution.
Affected Products:
QuickTime in Apple Mac OS X before 10.6.3
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in Apple QuickTime.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted MPEG-1 Audio stream. It allows a remote attacker to execute arbitrary code.
Affected Products:
Apple QuickTime 10.6.2 and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in
Apple QuickTime.
The vulnerability is caused by an error when the vulnerable software handles
a malicious PICT file. It allows a remote attacker to execute arbitrary code via sending a crafted file.
Affected Products:
QuickTime 7.6.4
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a code execution vulnerability in Apple QuickTime.
The vulnerability results from insecure code in the DLL responsible for parsing QuickTime media file with malformed QDMC/QDM2 atoms. It can be exploited via a crafted ".mov" file leading to remote code execution.
Affected Products:
QuickTime in Apple Mac OS X before 10.6.3
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in Apple QuickTime.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted .MOV file utilizing the RLE codec. It allows a remote attacker to execute arbitrary code.
Affected Products:
Apple QuickTime 10.6.2 and previous versions
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in
CA XOsoft Control Service.
The vulnerability is caused by an error when the vulnerable software handles a malicious request to entrypoint.aspx. It allows a remote attacker to execute
arbitrary code via sending a crafted request.
Affected Products:
CA XOsoft r12.0 and r12.5
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a code-execution vulnerability in Sun Java Deployment Toolkit.
The vulnerability is located in the Java Deployment Toolkit ActiveX control and plugin through misuse of the "Launch" method. It may allow remote attackers to execute arbitrary Java code in the context of the application using the affected ActiveX control.
Affected Products:
Sun Java Deployment Toolkit
Reference IDs:
|
Description:
This indicates an attack attempt against a remote code-execution vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted .XUL file. It allows a remote attacker to execute arbitrary code.
Affected Products:
Mozilla Firefox versions prior to 3.6.2
Mozilla Firefox versions prior to 3.5.9
Mozilla Firefox versions prior to 3.0.19
Reference IDs:
|
Description:
This indicates an attack attempt against a code-execution vulnerability in
Mozilla Firefox.
The vulnerability is caused by an error when the vulnerable software handles malicious use of "window.navigator.plugins" object . It allows a remote attacker to execute arbitrary code via sending a crafted web page.
Affected Products:
Mozilla Firefox before 3.0.19
Mozilla Firefox before 3.5.9
Mozilla Firefox before 3.6.2
Reference IDs:
|
Description:
This indicates an attempt to steal an FTP account by a trojan known as Kate.
Kate is classified as a trojan. It steals the FTP account when a victim computer accesses an FTP site on an infected system.
Affected Products:
N/A
|
High ( 3 )
Description:
This indicates an attack attempt to exploit a remote code-execution vulnerability in Adobe Photoshop.
The vulnerability is caused by an error when parsing a crafted TIFF image. A remote attacker may exploit this to execute arbitrary code.
Affected Products:
Adobe Photoshop CS4 version 11.0.0
Reference IDs:
|
Description:
This indicates an attack attempt to exploit a stack-overflow vulnerability
in HP Operations Manager.
The vulnerability is located in the "srcvw4.dll" ActiveX control through misuse of the "LoadFile()" or "SaveFile()" method. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a denial of service condition.
Affected Products:
HP Operations Manager version 8.16 and older
Reference IDs:
|
Description:
This indicates a possible attack against a stack-based buffer-overflow vulnerability in Steinberg MyMP3Player.
This vulnerability is due to the vulnerable software's inability to properly sanitize user input, which may lead to arbitrary code execution when successfully exploited.
Affected Products:
Steinberg MyMP3Player 3.0
Reference IDs:
|
Medium ( 4 )
Description:
DameWare Mini Remote Control is a server that runs on a user's desktop as SYSTEM for Microsoft Windows.
The remote host is using a version of DameWare Mini Remote Control below 3.73. Such versions suffer from several vulnerabilities, including a buffer overflow that allows an unauthenticated remote attacker to execute arbitrary code.
Affected Products:
DameWare Mini Remote Control before 3.73
Reference IDs:
|
Description:
This indicates an attempt to exploit a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server.
The vulnerability is due to the application's failure to properly sanitize user-supplied data before processing it. An attacker may exploit this to execute arbitrary code.
Affected Products:
Microsoft SharePoint Server 2007
Reference IDs:
|
Description:
This indicates an attempt to download a PDF file with a launch action which provides a way to launch a command and ultimately may run an executable.
Affected Products:
Adobe Reader
Foxit Reader
Reference IDs:
|
Description:
This indicates an attack attempt against a buffer overflow vulnerability in multiple ACDSee products.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted X Bitmap Graphic (XBM) file. It allows a remote attacker to execute arbitrary code.
Affected Products:
ACD Systems Inc ACDSee Photo Manager 9.0
ACD Systems Inc ACDSee Photo Manager 8.1
ACD Systems Inc ACDSee Photo Manager 10.0
ACD Systems Inc ACDSee Photo Editor 4.0
Reference IDs:
|
Low ( 1 )
Description:
This indicates an attack attempt to exploit an information-disclosure vulnerability in Microsoft IIS.
The vulnerability is caused by an error when the vulnerable software handles a backward slash "\" appended to an ASP in an HTTP request. As a result, a remote attacker can read the source code of the ASP file by sending a crafted HTTP request.
Affected Products:
Microsoft Site Server Commerce Edition 3.0 i386
Microsoft Site Server Commerce Edition 3.0 alpha
Microsoft Proxy Server 2.0
Microsoft IIS 5.0
Microsoft IIS 4.0 alpha
Microsoft IIS 4.0
Microsoft Commercial Internet System 2.5
Microsoft Commercial Internet System 2.0
Reference IDs:
|
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 7 )
High ( 5 )
Low ( 1 )
Info ( 2 )
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 7 of 20 )
High ( 1 of 6 )
Medium ( 3 of 4 )
Low ( 1 of 2 )
Top of Section
Document History
| Revision Date | Version Number | |
|---|
| Monday, May 10, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
