|
|
Foreword
The FortiGuard Global Threat Research Team has released new security content to cover multiple vulnerabilities. The FortiGuard Team has observed 11 active exploitations of these vulnerabilities to date.
For more information, visit the FortiGuard Center at www.fortiguardcenter.com.
Threat Remediation
Fortinet provides coverage for the vulnerabilities described below as of the 2.856 IPS Definitions database update. A brief description of each vulnerability is provided as follows, in order of severity.
Critical ( 16 )
| Adobe.0day.24150 Event ID: 24150 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24151 Event ID: 24151 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24153 Event ID: 24153 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24158 Event ID: 24158 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24159 Event ID: 24159 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24163 Event ID: 24163 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Apple.Webkit.Attribute.Child.Removal.Code.Execution Event ID: 23384 |
Release Date: Aug 17, 2010 IPS Definitions DB Version: 2.849 |
|
Description: This indicates an attack attempt against a use-after-free vulnerability in WebKit in Apple Safari. The vulnerability is caused by an error when the vulnerable software handles a specially crafted web page. It allows a remote attacker to execute arbitrary code. Affected Products: Apple Safari 4.0.5 Apple Safari 4.0.4 Apple Safari 4.0.3 Apple Safari 4.0.2 Apple Safari 4.0.1 Apple Safari 4 Beta Apple Safari 4 Reference IDs: |
| Apple.Webkit.SVG.FirstLetter.Style.Code.Execution Event ID: 24035 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates an attack attempt to exploit a code-execution vulnerability in Apple Webkit. This issue is caused by an error when the vulnerable software handles a web page with a malformed first-letter style in an SVG text element. It may allow remote attackers to execute arbitrary code by sending a crafted web page. Affected Products: Safari 4 (Mac OS X 10.4) Safari 5 (Windows) Safari 5 (Mac OS X 10.6) Safari 5 (Mac OS X 10.5) Reference IDs: |
| Apple.Webkit.SVG.ForeignObject.Rendering.Layout.Code.Execution Event ID: 24034 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates an attack attempt to exploit a code-execution vulnerability in Apple Webkit. This issue is caused by an error when the vulnerable software handles a particular tag used for embedding a foreign document. It may allow remote attackers to execute arbitrary code by sending a crafted web page. Affected Products: Safari 4 (Mac OS X 10.4) Safari 5 (Windows) Safari 5 (Mac OS X 10.6) Safari 5 (Mac OS X 10.5) Reference IDs: |
| CMultiLoader.Botnet Event ID: 20862 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates that the system might be infected by the CMultiLoader backdoor. Affected Products: Any unprotected Windows system is vulnerable to the attack. |
| Eleonore.Web.Exploit.Detection Event ID: 23159 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates that the system might be infected, and is sending requests to drop more malicious files. Affected Products: Any unprotected Windows system is vulnerable to the attack. |
| HP.OpenView.NNM.Ovutil.DLL.Code.Execution Event ID: 23444 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in HP OpenView Network Node Manager (OV NNM). The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code. Affected Products: HP OpenView Network Node Manager 7.53 HP OpenView Network Node Manager 7.51 Reference IDs: |
| Katusha.Botnet Event ID: 22934 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates that the system might be infected by the Katusha backdoor trojan. Affected Products: Any unprotected Windows system |
| MS.Windows.Insecure.Library.Loading.Code.Execution Event ID: 24217 |
Release Date: Aug 27, 2010 IPS Definitions DB Version: 2.856 |
|
Description: This indicates a possible attack against a remote code execution vulnerability in Microsoft Windows applications in the way the applications load external libraries. When the vulnerable application loads a DLL file without specifying a fully qualified path name, Windows will try to locate the DLL by searching a defined set of directories which could lead to arbitrary code execution. Affected Products: Microsoft Windows system with webclient service on Reference IDs: |
| Ozdok.Botnet Event ID: 23004 |
Release Date: Aug 26, 2010 IPS Definitions DB Version: 2.855 |
|
Description: This indicates that the system might be infected by the Ozdok trojan. Affected Products: Any unprotected Windows system |
| Power.Tab.Editor.PTB.Buffer.Overflow Event ID: 23948 |
Release Date: Aug 17, 2010 IPS Definitions DB Version: 2.849 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Power Tab Editor. The vulnerability is caused by an error when the vulnerable software handles a malicious .ptb file. It allows a remote attacker to execute arbitrary code via sending a crafted .ptb file. Affected Products: Power Tab Editor version 1.7.0 build 80. Other versions may also be affected. Reference IDs: |
High ( 15 )
| Adobe.0day.24152 Event ID: 24152 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24155 Event ID: 24155 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24160 Event ID: 24160 |
Release Date: Aug 20, 2010 IPS Definitions DB Version: 2.852 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24161 Event ID: 24161 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24164 Event ID: 24164 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates an attack attempt against a Zero-Day vulnerability protected by the signature which has been released by Fortinet's FortiGuard Labs. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by Fortinet's FortiGuard Labs. Reference IDs: |
| Adobe.0day.24165 Event ID: 24165 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| Adobe.0day.24166 Event ID: 24166 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates an attack attempt against a Zero-Day vulnerability protected by the signature which has been released by Fortinet's FortiGuard Labs. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in an advisory on our FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by Fortinet's FortiGuard Labs. Reference IDs: |
| Amlibweb.NetOpacs.Webquery.Dll.Stack.Overflow Event ID: 24002 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates a possible attack against a stack-overflow vulnerability in Amlib's Amlibweb Library Management System. The vulnerability is due to the vulnerable software's inability to properly handle malformed user input. A remote attacker may exploit this to execute arbitrary code by sending a malicious HTTP GET request. Affected Products: Amlibweb Library Management System |
| FG-VD-10-016-Adobe Event ID: 24154 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| FG-VD-10-017-Adobe Event ID: 24156 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| FreeType.CFF.Jailbreak.Apple.Device Event ID: 24118 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in FreeType Compact Font Format(CFF). CFF is supported in some popular document formats including PDF. This vulnerability is being exploited to jailbreak vulnerable Apple devices. Affected Products: FreeType 2.4 FreeType 2.3.6 FreeType 2.3.5 FreeType 2.3.4 FreeType 2.3.3 FreeType 2.2.10 FreeType 2.2.1 FreeType 2.2 FreeType 2.1.10 FreeType 2.1.9 FreeType 2.1.7 FreeType 2.0.9 FreeType 2.0.6 Reference IDs: |
| HP.OpenView.NNM.OvJavaLocale.Buffer.Overflow Event ID: 23976 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in HP OpenView NNM. The vulnerability is caused by an error when the vulnerable software handles a request with a malicious "OvJavaLocale" header. It allows a remote attacker to execute arbitrary code via sending a crafted HTTP query. Affected Products: HP OpenView NNM v.7.53 Reference IDs: |
| Novell.iManager.Classname.Buffer.Overflow Event ID: 23687 |
Release Date: Aug 17, 2010 IPS Definitions DB Version: 2.849 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Novell iManager. The vulnerability is caused by an error when the vulnerable software handles a malicious class name parameter. It allows a remote attacker to execute arbitrary code via sending a crafted web page. Affected Products: Prior to Novell iManager 2.7.4 Reference IDs: |
| Storm.Worm.2 Event ID: 22935 |
Release Date: Aug 20, 2010 IPS Definitions DB Version: 2.852 |
|
Description: This indicates that the system might be infected by the Storm Worm 2.0. Affected Products: Any unprotected Windows system is vulnerable to the attack. Reference IDs: |
| WM.Downloader.Buffer.Overflow Event ID: 24038 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates a possible attack against a stack-based buffer-overflow vulnerability in WM Downloader. The vulnerability is due to the vulnerable software's inability to properly handle malformed user input. An attacker may exploit this to execute arbitrary code by sending a malicious .m3u file. Affected Products: WM Downloader 3.1.2.2 is vulnerable. Other versions may also be affected. Reference IDs: |
Medium ( 9 )
| Apple.QuickTime.Player.Logging.Buffer.Overflow Event ID: 24117 |
Release Date: Aug 23, 2010 IPS Definitions DB Version: 2.853 |
|
Description: This indicates an attack attempt against a buffer-overflow vulnerability in Apple QuickTimeStreaming.qtx. This vulnerability is due to the vulnerable software's inability to properly handle malformed movie files. Successful exploit attempts will likely cause the program to crash, resulting in a denial of service condition. Affected Products: Apple QuickTime Player 7.6.6 (1671) Apple QuickTime Player 7.6.6 Apple QuickTime Player 7.6.5 Apple QuickTime Player 7.6.4 Apple QuickTime Player 7.6.2 Apple QuickTime Player 7.6.1 Apple QuickTime Player 7.5.5 Apple Mac OS X 10.4.9 Apple Mac OS X 10.3.9 Apple Mac OS X 10.5 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.5 Apple QuickTime Player 7.4.5 Apple Mac OS X 10.4.9 Apple Mac OS X 10.3.9 Apple Mac OS X 10.5 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.5 Apple QuickTime Player 7.4.1 Apple QuickTime Player 7.3.1 .70 Apple QuickTime Player 7.3.1 Apple QuickTime Player 7.1.6 Apple QuickTime Player 7.1.5 Apple QuickTime Player 7.1.4 Apple QuickTime Player 7.1.3 Apple QuickTime Player 7.1.2 Apple QuickTime Player 7.1.1 Apple QuickTime Player 7.0.4 Apple QuickTime Player 7.0.3 Apple QuickTime Player 7.0.2 Apple QuickTime Player 7.0.1 Apple QuickTime Player 7.0 Apple QuickTime Player 7.6 Apple QuickTime Player 7.5 Apple QuickTime Player 7.4 Apple QuickTime Player 7.3 Apple QuickTime Player 7.2 Apple QuickTime Player 7.1 Reference IDs: |
| FG-VD-10-018-Adobe Event ID: 24157 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This signature has been released by the FortiGuard Global Security Research Team in order to protect against a Zero-Day vulnerability. This signature should help mitigate the Zero-Day threat proactively - both prior to, and after an official fix is available from the vendor. Once this official fix is available, further details will be made available in our advisory on the FortiGuard Center (http://www.fortiguard.com). This signature and description will also be updated at this point in time. Affected Products: This is a Zero-Day (unpatched) vulnerability that is currently being investigated by the FortiGuard Global Security Research Team. Reference IDs: |
| MS.IE6.RDS.DataControl.ActiveX.Control.Access Event ID: 23037 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates an attack attempt to exploit a denial-of-service vulnerability in Microsoft Internet Explorer. The vulnerability is located in the RDS.DataControl ActiveX control through misuse of the "URL" property. It may allow remote attackers to crash the application using the affected ActiveX control. Affected Products: Microsoft Internet Explorer 6.0 SP2 - do not use Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Reference IDs: |
| MS.IIS.Basic.Authentication.Security.Bypass Event ID: 23752 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates an attack attempt against a security-bypass vulnerability in Microsoft Internet Information Services. The vulnerability is caused by an error when the vulnerable software handles basic authentication for directories. It may allow remote attackers to access or execute arbitrary ASP files in the vulnerable server. Affected Products: Microsoft Internet Information Services (IIS) version 5.x Reference IDs: |
| Novell.IManager.Tree.Name.DoS Event ID: 24037 |
Release Date: Aug 24, 2010 IPS Definitions DB Version: 2.854 |
|
Description: This indicates an attack attempt against a denial-of-service vulnerability in Novell iManager. The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to cause a denial of service. Affected Products: Novell iManager 2.7.3 Novell iManager 2.7.2 Novell iManager 2.7.1 Novell iManager 2.5 Novell iManager 2.0.2 Novell iManager 2.0 Novell iManager 1.5 Novell iManager 2.7.3 FTF2 Novell iManager 2.7.0 Novell iManager 2.6.0 Reference IDs: |
| Samba.Smbd.Flags2.Header.Parsing.DoS Event ID: 23853 |
Release Date: Aug 17, 2010 IPS Definitions DB Version: 2.849 |
|
Description: This indicates an attack attempt against a denial-of-service vulnerability in Samba server. The vulnerability is caused by an error when the vulnerable software handles a specially crafted SMB Flags2 header value. It allows a remote attacker to cause a denial of service. Affected Products: Samba Samba 3.5.1 Samba Samba 3.4.7 Samba Samba 3.4.6 Samba Samba 3.4.5 Samba Samba 3.4.2 Samba Samba 3.4.1 Samba Samba 3.5 Reference IDs: |
| Samba.Smbd.Session.Setup.AndX.Security.Blob.Length.DoS Event ID: 23767 |
Release Date: Aug 18, 2010 IPS Definitions DB Version: 2.850 |
|
Description: This indicates an attack attempt against a denial-of-service vulnerability in Samba. The vulnerability is caused by an error when the vulnerable software handles an uninitialized variable in a Session Setup AndX request. It allows a remote attacker to cause a denial of service. Affected Products: Samba Samba 3.5.1 Samba Samba 3.5 Samba Samba 3.4.7 Samba Samba 3.4.6 Samba Samba 3.4.5 Samba Samba 3.4.2 Samba Samba 3.4.1 Reference IDs: |
| VideoLan.VLC.ID3v2.Flags.DoS Event ID: 24124 |
Release Date: Aug 19, 2010 IPS Definitions DB Version: 2.851 |
|
Description: This indicates an attack attempt against a denial-of-service vulnerability in VideoLan VLC. The vulnerability is caused by an error when the vulnerable software handles a malicious ID3v2 tag. It allows a remote attacker to cause a denial of service via sending a crafted media file. Affected Products: VideoLAN VLC older than 1.1.3 Reference IDs: |
| VMware.SpringSource.Spring.Framework.ClassLoader.Code.Execution Event ID: 24098 |
Release Date: Aug 26, 2010 IPS Definitions DB Version: 2.855 |
|
Description: This indicates an attack attempt against a remote code-execution vulnerability in VMware SpringSource Spring Framework. The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code. Affected Products: VMware SpringSource Spring Framework 3.0.2 VMware SpringSource Spring Framework 3.0.1 VMware SpringSource Spring Framework 3.0 VMware SpringSource Spring Framework 2.6.6 VMware SpringSource Spring Framework 2.5.7 VMware SpringSource Spring Framework 2.5.6 VMware SpringSource Spring Framework 2.5.6 VMware SpringSource Spring Framework 2.5.5 VMware SpringSource Spring Framework 2.5.5 VMware SpringSource Spring Framework 2.5.4 VMware SpringSource Spring Framework 2.5.4 VMware SpringSource Spring Framework 2.5.3 VMware SpringSource Spring Framework 2.5.3 VMware SpringSource Spring Framework 2.5.2 VMware SpringSource Spring Framework 2.5.2 VMware SpringSource Spring Framework 2.5.1 VMware SpringSource Spring Framework 2.5.1 VMware SpringSource Spring Framework 2.5 VMware SpringSource Spring Framework 2.5 Reference IDs: |
Top of Section
Enhanced Coverage
The FortiGuard Threat Research team updates security content as new vectors of exploitation are discovered. The table below details the security content enhanced with this release.
Critical ( 36 )
High ( 54 )
Medium ( 9 )
| Event Name | Revision Notes |
|---|---|
| Adobe.Shockwave.Director.Lscm.Chunk.Code.DoS | Previous name: "FG-VD-10-018-Adobe" |
| Appian.Business.Process.Management.Suite.DoS | Default_action updated to 'drop' |
| Audio.Workstation.Pls.Buffer.Overflow | Default_action updated to 'drop' |
| Cisco.VPN3000.FTP.Access | Default_action updated to 'drop' |
| GAMSoft.Telsrv.DoS | Default_action updated to 'drop' |
| GNOME.Many.Products.SetArgv.Command.Execution | Default_action updated to 'drop' |
| IBM.DB2.Db2rcmd.Code.Execution | Default_action updated to 'drop' |
| MS.IE.RDS.DataControl.ActiveX.Control.Access | Previous name: "MS.IE6.RDS.DataControl.ActiveX.Con... |
| MyBB.Birthdayprivacy.Privilege.Escalation | Default_action updated to 'drop' |
Low ( 1 )
| Event Name | Revision Notes |
|---|---|
| Asprox.Botnet | Previous name: "Trojan.Asprox" |
Info ( 4 )
| Event Name | Revision Notes |
|---|---|
| Finger.Version.Query | Previous name: "Version.Query" |
| Freegate.Searching | Detection Enhanced |
| Google.Safe.Search.Off | Detection Enhanced |
| Ultrasurf.9.6+ | Detection Enhanced |
Top of Section
Active Exploitation
The FortiGuard Threat Research team uses globally distributed probes to monitor exploit activity. Vulnerabilities can be classified as active and given a magnitude level. The magnitude level is the rate of activity across the probes. The value of the magnitude is set to low, medium or high.
The table below lists the vulnerabilities discussed in this bulletin (specifically new and enhanced detection) and their corresponding exploit activity magnitude. The data below is as of this writing.
Critical ( 3 of 21 )
High ( 4 of 24 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| Adobe.0day.24152 | No | n/a |
| Adobe.0day.24155 | No | n/a |
| Adobe.0day.24160 | No | n/a |
| Adobe.0day.24161 | No | n/a |
| Adobe.0day.24164 | No | n/a |
| Adobe.0day.24165 | No | n/a |
| Adobe.0day.24166 | No | n/a |
| Amlibweb.NetOpacs.Webquery.Dll.Stack.Overflow | No | n/a |
| FG-VD-10-016-Adobe | No | n/a |
| FG-VD-10-017-Adobe | No | n/a |
| FreeType.CFF.Jailbreak.Apple.Device | Yes | Medium |
| HP.OpenView.NNM.OvJavaLocale.Buffer.Overflow | No | n/a |
| IDEAL.Administration.2009.IPJ.File.Buffer.Overflow | No | n/a |
| Koobface.Botnet | Yes | Medium |
| MS.Canonical.Display.Code.Execution | No | n/a |
| MS.Excel.RealTimeData.Record.IchSamePrefix.Memory.Corruption | No | n/a |
| MS.Excel.RealTimeData.Record.StTopic.Memory.Corruption | No | n/a |
| MS.Excel.Sxview.Record.Colfirst.Memory.Corruption | No | n/a |
| MS.Excel.Sxview.Record.iCache.Memory.Corruption | No | n/a |
| MS.Excel.WOpt.Record.Memory.Corruption | No | n/a |
| Novell.iManager.Classname.Buffer.Overflow | No | n/a |
| SSH.Client.Key.Exchange.Overflow | Yes | High |
| Storm.Worm.2 | Yes | Medium |
| WM.Downloader.Buffer.Overflow | No | n/a |
Medium ( 2 of 9 )
| Event Name | Active Exploitation Observed | Magnitude |
|---|---|---|
| Apple.QuickTime.Player.Logging.Buffer.Overflow | No | n/a |
| FG-VD-10-018-Adobe | No | n/a |
| MS.IE6.RDS.DataControl.ActiveX.Control.Access | No | n/a |
| MS.IIS.Basic.Authentication.Security.Bypass | Yes | Low |
| Novell.IManager.Tree.Name.DoS | No | n/a |
| Samba.Smbd.Flags2.Header.Parsing.DoS | Yes | Low |
| Samba.Smbd.Session.Setup.AndX.Security.Blob.Length.DoS | No | n/a |
| VideoLan.VLC.ID3v2.Flags.DoS | No | n/a |
| VMware.SpringSource.Spring.Framework.ClassLoader.Code.Execution | No | n/a |
Top of Section
Document History
| Revision Date | Version Number | |
|---|---|---|
| Monday, August 30, 2010 | 1 | Initial Documentation. |
About Fortinet ( www.fortinet.com )
Fortinet is the pioneer and leading provider of ASIC-accelerated unified threat management, or UTM, security systems, which are used by enterprises and service providers to increase their security while reducing total operating costs. Fortinet solutions were built from the ground up to integrate multiple levels of security protection--including firewall, antivirus, intrusion prevention, VPN, spyware prevention and anti-spam -- designed to help customers protect against network and content level threats. Leveraging a custom ASIC and unified interface, Fortinet solutions offer advanced security functionality that scales from remote office to chassis-based solutions with integrated management and reporting. Fortinet solutions have won multiple awards around the world and are the only security products that are certified in six programs by ICSA Labs: (Firewall, Antivirus, IPSec, SSL, Network IPS, and Anti-Spyware). Fortinet is privately held and based in Sunnyvale, California.
Disclaimer
Although Fortinet has attempted to provide accurate information in these materials, Fortinet assumes no legal responsibility for the accuracy or completeness of the information. Please note that no Fortinet statements herein constitute or contain any guarantee, warranty or legally binding representation. All materials contained in this publication are subject to change without notice, and Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Top of page
