CIRC's latest security bulletins. http://www.doecirc.energy.gov/index.html Buffer and Integer Overflow Vulnerabilities in the Java Runtime Environment http://www.doecirc.energy.gov/bulletins/t-267.shtml 6 Nov 2009 17:00 GMT New Bulletin Sun Solaris SCTP 'sctp(7P)' and SDP 'sdp(7D)' Sockets Local Denial Of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-266.shtml 5 Nov 2009 20:00 GMT New Bulletin BlackBerry Desktop Manager ActiveX Control Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-265.shtml 4 Nov 2009 15:00 GMT New Bulletin VMware Products Directory Traversal Vulnerability http://www.doecirc.energy.gov/bulletins/t-264.shtml 3 Nov 2009 15:00 GMT New Bulletin KDE Multiple Input Validation Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-263.shtml 2 Nov 2009 14:00 GMT New Bulletin Drupal Workflow Module Multiple HTML Injection Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-262.shtml 30 Oct 2009 13:00 GMT New Bulletin Solaris Trusted Extensions Weakness May Let Users Gain Elevated Privileges http://www.doecirc.energy.gov/bulletins/t-261.shtml 29 Oct 2009 15:00 GMT New Bulletin Mozilla Firefox and SeaMonkey MFSA 2009-52 through -64 Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-260.shtml 28 Oct 2009 14:00 GMT New Bulletin Linux Kernel 'kernel/signal.c' Local Information Disclosure Vulnerability http://www.doecirc.energy.gov/bulletins/t-259.shtml 27 Oct 2009 13:00 GMT New Bulletin Multiple Security Vulnerabilities in Adobe Reader and Acrobat http://www.doecirc.energy.gov/bulletins/t-258.shtml 26 Oct 2009 13:00 GMT New Bulletin MapServer Multiple Security Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-257.shtml 23 Oct 2009 15:00 GMT New Bulletin Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-256.shtml 22 Oct 2009 13:00 GMT New Bulletin Oracle Critical Patch Update Advisory http://www.doecirc.energy.gov/bulletins/t-255.shtml 21 Oct 2009 14:00 GMT New Bulletin Cisco IOS Software Authentication Proxy Vulnerability http://www.doecirc.energy.gov/bulletins/t-254.shtml 20 Oct 2009 14:00 GMT New Bulletin Cisco Unified Presence Denial of Service Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-253.shtml 19 Oct 2009 13:00 GMT New Bulletin Xpdf Multiple Integer Overflow Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-252.shtml 16 Oct 2009 14:00 GMT New Bulletin Linux Kernel 'clear_child_tid()' Local Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-251.shtml 15 Oct 2009 15:00 GMT New Bulletin Microsoft Patch Tuesday Reminder http://www.doecirc.energy.gov/bulletins/t-250.shtml 14 Oct 2009 13:00 GMT New Bulletin Sun VirtualBox VBoxNetAdpCtl Configuration Tool Local Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-249.shtml 13 Oct 2009 16:00 GMT New Bulletin Adobe Acrobat Reader Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-248.shtml 9 Oct 2009 15:00 GMT New Bulletin Multiple HP JetDirect Printers Multiple Cross Site Scripting Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-247.shtml 8 Oct 2009 14:00 GMT New Bulletin IBM AIX 'nfs_portmon' Authentication Bypass Vulnerability http://www.doecirc.energy.gov/bulletins/t-246.shtml 6 Oct 2009 14:00 GMT New Bulletin VMware Fusion vmx86 Kernel Extension Bugs Let Local Host OS Users Gain Elevated Privileges and Deny Service on the Host http://www.doecirc.energy.gov/bulletins/t-245.shtml 5 Oct 2009 13:00 GMT New Bulletin Solaris IP(7P) Module and STREAMS Framework Denial of Service Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-244.shtml 2 Oct 2009 15:00 GMT New Bulletin Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-243.shtml 1 Oct 2009 14:00 GMT New Bulletin Adobe Photoshop Elements Active File Monitor Service Local Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-242.shtml 30 Sep 2009 15:00 GMT New Bulletin Blackberry OS NULL Character Flaw in Common Name Field Lets Remote Users Spoof Certficiates http://www.doecirc.energy.gov/bulletins/t-241.shtml 29 Sep 2009 13:00 GMT New Bulletin OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Remote Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-240.shtml 28 Sep 2009 14:00 GMT New Bulletin Linux Kernel KVM 'kvm_emulate_hypercall()' Local Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-239.shtml 25 Sep 2009 14:00 GMT New Bulletin Cisco Unified Communications Manager SIP Message Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-238.shtml 24 Sep 2009 14:00 GMT New Bulletin Squid Web Proxy Cache Authentication Header Parsing Remote Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-237.shtml 23 Sep 2009 15:00 GMT New Bulletin OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-236.shtml 22 Sep 2009 15:00 GMT New Bulletin IBM Lotus Notes RSS Reader Widget HTML Injection Vulnerability http://www.doecirc.energy.gov/bulletins/t-235.shtml 21 Sep 2009 15:00 GMT New Bulletin Linux Kernel 'perf_counter_open()' Local Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-234.shtml 18 Sep 2009 15:00 GMT New Bulletin Wireshark 1.2.1 Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-233.shtml 17 Sep 2009 13:00 GMT New Bulletin VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-232.shtml 16 Sep 2009 15:00 GMT New Bulletin HP StorageWorks Remote Management Interface Vulnerability http://www.doecirc.energy.gov/bulletins/t-231.shtml 15 Sep 2009 14:00 GMT New Bulletin Solaris Heap Overflow Vulnerability in w(1) Utility http://www.doecirc.energy.gov/bulletins/t-230.shtml 14 Sep 2009 14:00 GMT New Bulletin Mozilla Firefox MFSA 2009-47, -48, -49, -50, -51 Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-229.shtml 11 Sep 2009 16:00 GMT New Bulletin Microsoft Windows SMB2 '_Smb2ValidateProviderCallback()' Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-228.shtml 10 Sep 2009 14:00 GMT New Bulletin Microsoft Patch Tuesday Reminder http://www.doecirc.energy.gov/bulletins/t-227.shtml 9 Sep 2009 15:00 GMT New Bulletin Debian devscripts 'uscan' Input Validation Vulnerability http://www.doecirc.energy.gov/bulletins/t-226.shtml 8 Sep 2009 14:00 GMT New Bulletin Sun Java Runtime Environment XML Parsing Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-225.shtml 4 Sep 2009 14:00 GMT New Bulletin OpenOffice Word Document Table Parsing Multiple Heap Based Buffer Overflow Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-224.shtml 3 Sep 2009 13:00 GMT New Bulletin Autonomy KeyView Module Excel Document Processing Buffer Overflow http://www.doecirc.energy.gov/bulletins/t-223.shtml 2 Sep 2009 14:00 GMT New Bulletin Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-222.shtml 1 Sep 2009 14:00 GMT New Bulletin Multiple Browser HTTP Resource in HTTPS Context Security Bypass Vulnerability http://www.doecirc.energy.gov/bulletins/t-221.shtml 31 Aug 2009 15:00 GMT New Bulletin Sun Java System Access Manager Debug Files Local Information Disclosure Vulnerability http://www.doecirc.energy.gov/bulletins/t-220.shtml 28 Aug 2009 13:00 GMT New Bulletin Sun Virtual Desktop Infrastructure (VDI) Secure LDAP Vulnerability http://www.doecirc.energy.gov/bulletins/t-219.shtml 27 Aug 2009 14:00 GMT New Bulletin Cisco Lightweight Access Point Over-the-Air Provisioning Manipulation Vulnerability http://www.doecirc.energy.gov/bulletins/t-218.shtml 26 Aug 2009 14:00 GMT New Bulletin Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-217.shtml 25 Aug 2009 15:00 GMT New Bulletin Multiple Vulnerabilities With Adobe Flash Player, Adobe Reader and Acrobat http://www.doecirc.energy.gov/bulletins/t-216.shtml 24 Aug 2009 14:00 GMT New Bulletin Libpurple msn_slplink_process_msg() Arbitrary Write Vulnerability http://www.doecirc.energy.gov/bulletins/t-215.shtml 21 Aug 2009 14:00 GMT New Bulletin Solaris Kernel Filesystem and Virtual Memory Subsystems Vulnerability http://www.doecirc.energy.gov/bulletins/t-214.shtml 20 Aug 2009 13:00 GMT New Bulletin Cisco IOS XR Software Border Gateway Protocol Vulnerability http://www.doecirc.energy.gov/bulletins/t-213.shtml 19 Aug 2009 14:00 GMT New Bulletin Linux Kernel 'sock_sendpage()' NULL Pointer Dereference Vulnerability http://www.doecirc.energy.gov/bulletins/t-212.shtml 18 Aug 2009 13:00 GMT New Bulletin Memcached Multiple Heap Based Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-211.shtml 17 Aug 2009 13:00 GMT New Bulletin Mozilla Firefox 3.5.1/3.0.12 Multiple Memory Corruption Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-210.shtml 14 Aug 2009 12:00 GMT New Bulletin NTP 'ntpq' Stack Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-209.shtml 13 Aug 2009 12:00 GMT New Bulletin Apple has released Safari 4.0.3 for Windows and Mac OS X to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or spoof a website. http://www.doecirc.energy.gov/bulletins/t-208.shtml 12 Aug 2009 New Bulletin http://www.doecirc.energy.gov/bulletins/t-207.shtml 12 Aug 2009 00:00 GMT New Bulletin Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability http://www.doecirc.energy.gov/bulletins/t-206.shtml 10 Aug 2009 15:00 GMT New Bulletin Mozilla Firefox Flash Player Unloading Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-205.shtml 7 Aug 2009 12:00 GMT New Bulletin Apple Mac OS X 2009-003 Multiple Security Vulnerabilities. Apple Mac OS X Code Execution and Security Bypass Vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-204.shtml 06 August 2009 New Bulletin Sun Java Runtime Environment Audio System Privilege Escalation Vulnerability. Sun Java Runtime Environment (JRE) is prone to a privilege-escalation vulnerability. http://www.doecirc.energy.gov/bulletins/t-203.shtml 05 August 2009 New Bulletin Mozilla Firefox Error Page Address Bar URL Spoofing Vulnerability http://www.doecirc.energy.gov/bulletins/t-202.shtml 4 Aug 2009 12:00 GMT New Bulletin Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-201.shtml 3 Aug 2009 12:00 GMT New Bulletin Absolute Software Computrace LoJack for Laptops Security Bypass Vulnerability http://www.doecirc.energy.gov/bulletins/t-200.shtml 31 July 2009 New Bulletin Mozilla Firefox NULL Character CA SSL Certificate Validation Security Bypass Vulnerability. Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. http://www.doecirc.energy.gov/bulletins/t-199.shtml 31 July 2009 New Bulletin Squid Multiple Remote Denial of Service Vulnerabilities. Squid proxy server contains multiple remote denial of service vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-198.shtml 30 July 09 New Bulletin ISC BIND Denial of Service Vulnerability. ISC BIND has a vulnerability that could allow remote unauthenticated users to cause a denial of service. http://www.doecirc.energy.gov/bulletins/t-197.shtml 29 July 09 New Bulletin Critical Cumulative Security Update for Internet Explorer http://www.doecirc.energy.gov/bulletins/t-196.shtml 29 Jul 2009 13:00 GMT New Bulletin Remote Jail Breakout Vulnerability via Symlink Traversal in NcFTPd http://www.doecirc.energy.gov/bulletins/t-195.shtml 28 Jul 2009 12:00 GMT New Bulletin Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers For Public Release 2009 July 27 1600 UTC (GMT) - --------------------------------------------------------------------- Summary Multiple vulnerabilities exist in the Cisco Wireless LAN Controller (WLC) platforms. This security advisory outlines the details of the following vulnerabilities: * Malformed HTTP or HTTPS authentication response denial of service vulnerability * SSH connections denial of service vulnerability * Crafted HTTP or HTTPS request denial of service vulnerability * Crafted HTTP or HTTPS request unauthorized configuration modification vulnerability Cisco has released free software updates that address these vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-194.shtml 27 July 2009 New Bulletin Sun Solaris Auditing Extended File Attributes (fsattr(5)) Local Denial Of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-193.shtml 24 Jul 2009 16:00 GMT New Bulletin Microsoft Office Web Components ActiveX Control 'msDataSourceObject' is vulnerable to Code Execution http://www.doecirc.energy.gov/bulletins/t-192.shtml 24 Jul 2009 13:00 GMT New Bulletin Vulnerability in Adobe Acrobat, Reader, and Flash Player http://www.doecirc.energy.gov/bulletins/t-191.shtml 23 Jul 2009 13:00 GMT New Bulletin Buffer Overflow in NASA Common Data Format (CDF) Library http://www.doecirc.energy.gov/bulletins/t-190.shtml 22 Jul 2009 12:00 GMT New Bulletin Directory Traversal Vulnerability in the Administration Interface in Cisco Customer Response Solutions http://www.doecirc.energy.gov/bulletins/t-189.shtml 21 Jul 2009 13:00 GMT New Bulletin Linked XSS Vulnerability found in Oracle BEA Weblogic Server http://www.doecirc.energy.gov/bulletins/t-188.shtml 20 Jul 2009 20:00 GMT New Bulletin Security Vulnerability in Solaris NFSv4 Kernel Module May Panic an NFSv4 Client System http://www.doecirc.energy.gov/bulletins/t-187.shtml 17 Jul 2009 18:00 GMT New Bulletin Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-186.shtml 17 Jul 2009 13:00 GMT New Bulletin Two Remote Code Execution Vulnerabilities in Firefox. Firefox has vulnerabilities in the Unicode Data and Tracemonkey components. Successful exploit of either could result in the attacker running code in the context of the logged in user. http://www.doecirc.energy.gov/bulletins/t-185.shtml 16 July 2009 New Bulletin Microsoft Monthly Updates. Microsoft has released updates that address vulnerabilities in, Microsoft Windows, Windows Server, DirectShow, Virtual PC and Server, Office Publisher, and ISA Server. http://www.doecirc.energy.gov/bulletins/t-184.shtml 15 July 2009 New Bulletin Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution http://www.doecirc.energy.gov/bulletins/t-183.shtml 14 Jul 2009 12:00 GMT New Bulletin Nagios 'statuswml.cgi' Remote Arbitrary Shell Command Injection Vulnerability. Nagios is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. http://www.doecirc.energy.gov/bulletins/t-182.shtml 13 June 2009 New Bulletin Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Vulnerability http://www.doecirc.energy.gov/bulletins/t-181.shtml 10 Jul 2009 12:00 GMT New Bulletin Citrix XenCenterWeb Multiple Input Validation Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-180.shtml 09 July 2009 New Bulletin Ubuntu Linux TIFF Image Library Vulnerability http://www.doecirc.energy.gov/bulletins/t-179.shtml 8 Jul 2009 13:00 GMT New Bulletin Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability http://www.doecirc.energy.gov/bulletins/t-178.shtml 7 Jul 2009 13:00 GMT New Bulletin FCKeditor input sanitization errors http://www.doecirc.energy.gov/bulletins/t-177.shtml 6 Jul 2009 12:00 GMT New Bulletin Sun Kernel udp(7p) Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-176.shtml 6 Jul 2009 12:00 GMT New Bulletin Pidgin OSCAR Protocol Web Message Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-175.shtml 02 July 2009 New Bulletin MIT Kerberos fails to handle an error condition which allows for memory corruption. http://www.doecirc.energy.gov/bulletins/t-174.shtml 01 July 2009 New Bulletin phpMyAdmin 'db' Parameter Cross Site Scripting Vulnerability http://www.doecirc.energy.gov/bulletins/t-173.shtml 30 June 2009 New Bulletin Linux Kernel 'e1000/e1000_main.c' Remote Denial of Service Vulnerability. The Linux kernel is vulnerable to a denial of service attack. http://www.doecirc.energy.gov/bulletins/t-172.shtml 29 June 2009 New Bulletin Samba Format String And Security Bypass Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-171.shtml 26 June 2009 New Bulletin Cisco Physical Access Gateway Malformed Packet Remote Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-170.shtml 25 June 2009 New Bulletin Adobe Shockwave Player Unspecified Security Vulnerability http://www.doecirc.energy.gov/bulletins/t-169.shtml 24 June 2009 New Bulletin IrfanView 'TIFF' File Handling Remote Integer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-168.shtml 23 June 2009 New Bulletin OpenSSL Multiple Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-167.shtml 22 June 2009 New Bulletin FreeBSD Direct Pipe Writes Information Disclosure Vulnerability http://www.doecirc.energy.gov/bulletins/t-166.shtml 19 June 2009 New Bulletin Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability. http://www.doecirc.energy.gov/bulletins/t-165.shtml 18 June 2009 New Bulletin Sun Java Runtime Environment Aqua Look and Feel Privilege Escalation Vulnerability. Apple Java CColourUIResource Pointer Dereference Code Execution Vulnerability. http://www.doecirc.energy.gov/bulletins/t-164.shtml 18 June 2009 New Bulletin Linux Kernel NFS 'MAY_EXEC' Security Bypass Vulnerability. Linux Kernel is vulnerable to security bypass via "NFS MAY_EXEC". http://www.doecirc.energy.gov/bulletins/t-163.shtml 17 June 2009 New Bulletin Drupal Views Module Multiple Security Bypass and HTML Injection Vulnerabilities. Drupal Views Module lets attackers bypass security and inject HTML and scripts into pages. http://www.doecirc.energy.gov/bulletins/t-162.shtml 16 June 2009 New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities. The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey. http://www.doecirc.energy.gov/bulletins/t-161.shtml 15 June 2009 New Bulletin Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability. Remote exploitation of a stack buffer overflow vulnerability in Windows 2000 print spooler. http://www.doecirc.energy.gov/bulletins/t-160.shtml 12 June 2009 New Bulletin Adobe Reader and Acrobat 9.1.1 and Prior Multiple Remote Vulnerabilities. Adobe Reader and Acrobat are prone to multiple remote vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-159.shtml 11 June 2009 New Bulletin HP OpenView Network Node Manager SNMP and MIB Unspecified Remote Code Execution Vulnerability. HP OpenView Network Node Manager (NNM) is prone to a remote code-execution vulnerability. http://www.doecirc.energy.gov/bulletins/t-158.shtml 10 June 2009 New Bulletin Apple Safari Prior to 4.0 Multiple Security Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-157.shtml 09 June 2009 New Bulletin GNOME Evolution S/MIME Email Signature Verification Vulnerability. GNOME Evolution contains a vulnerability that allows an attacker to change a signed S/MIME message without detection. http://www.doecirc.energy.gov/bulletins/t-156.shtml 08 June 2009 New Bulletin OpenSSL 'ChangeCipherSpec' DTLS Packet Denial of Service Vulnerability. OpenSSL is prone to a denial-of-service vulnerability caused by a NULL-pointer dereference condition. http://www.doecirc.energy.gov/bulletins/t-155.shtml 05 June 2009 New Bulletin Sun Solaris Kerberos Credential Management Security Bypass Vulnerability. Solaris Kerberos is prone to a security-bypass vulnerability that affects the Kerberos credential cache management. http://www.doecirc.energy.gov/bulletins/t-154.shtml 05 June 2009 New Bulletin Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness http://www.doecirc.energy.gov/bulletins/t-153.shtml 04 June 2009 New Bulletin Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-152.shtml 04 June 2009 New Bulletin Microsoft Windows Desktop Wall Paper System Parameter Local Denial Of Service Vulnerability. Microsoft Windows Desktop Wall Paper System contains a local denial of service vulnerability. http://www.doecirc.energy.gov/bulletins/t-151.shtml 03 June 2009 New Bulletin VMware Hosted products and ESX and ESXi security issues http://www.doecirc.energy.gov/bulletins/t-150.shtml 02 June 2009 New Bulletin Apache 'Options' and 'AllowOverride' Security Directives Vulnerability http://www.doecirc.energy.gov/bulletins/t-149.shtml 01 June 2009 New Bulletin Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-148.shtml 29 May 2009 New Bulletin OpenSSL 'dtls1_retrieve_buffered_fragment()' DTLS Packet Denial of Service Vulnerability http://www.doecirc.energy.gov/bulletins/t-147.shtml 29 May 2009 New Bulletin BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities. BlackBerry Attachment Service PDF Distiller Multiple Unspecified Security Vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-146.shtml 28 May 2009 New Bulletin Linux Kernel 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability http://www.doecirc.energy.gov/bulletins/t-145.shtml 28 May 2009 New Bulletin FreeBSD 'telnetd' Daemon Remote Code Execution Vulnerability. FreeBSD 'telnetd' Daemon allows remote code execution. http://www.doecirc.energy.gov/bulletins/t-144.shtml 27 May 2009 New Bulletin Pidgin Multiple Buffer Overflow Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-143.shtml 26 May 2009 New Bulletin Basic Analysis and Security Engine Cross-Site Scripting Vulnerability http://www.doecirc.energy.gov/bulletins/t-142.shtml 26 May 2009 New Bulletin Novell GroupWise Buffer Overflow and Cross Site Scripting Vulnerabilities Multiple vulnerabilities have been identified in Novell GroupWise, which could be exploited by remote attackers to bypass security restrictions, conduct phishing attacks, cause a denial of service or compromise a vulnerable system. http://www.doecirc.energy.gov/bulletins/t-141 22 May 2009 New Bulletin CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability http://www.doecirc.energy.gov/bulletins/t-140.shtml 21 May 2009 New Bulletin Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-139.shtml 20 May 2009 New Bulletin NTP 'ntpd' Autokey and ntpq Stack Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-138.shtml 19 May 2009 New Bulletin Microsoft IIS 6.0 WebDAV Remote Authentication Bypass http://www.doecirc.energy.gov/bulletins/t-137.shtml 18 May 2009 New Bulletin Apple Mac OS X PICT Image Handling Integer Overflow Vulnerability. Apple Mac OS X is prone to an integer-overflow vulnerability when handling PICT image files. http://www.doecirc.energy.gov/bulletins/t-136.shtml 15 May 2009 New Bulletin Apple Mac OS X Help Viewer HTML Document Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-135.shtml 14 May 2009 New Bulletin Microsoft PowerPoint Notes Container Heap Memory Corruption Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-134.shtml 13 May 2009 New Bulletin Little CMS Monochrome Profiles Null Pointer Dereference Denial of Service Vulnerability. Little CMS is prone to a remote denial-of-service vulnerability. http://www.doecirc.energy.gov/bulletins/t-133.shtml 12 May 2009 New Bulletin Multiple Trend Micro Products RAR/ZIP Files Scan Evasion Vulnerability. Multiple Trend Micro products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://www.doecirc.energy.gov/bulletins/t-132.shtml 12 May 2009 New Bulletin Multiple AVG Products RAR/ZIP Files Scan Evasion Vulnerability. Multiple AVG products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://www.doecirc.energy.gov/bulletins/t-131.shtml 12 May 2009 New Bulletin F-PROT Products CAB File Scan Evasion Vulnerability. Multiple F-Prot products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://www.doecirc.energy.gov/bulletins/t-130.shtml 12 May 2009 New Bulletin HP OpenView Network Node Manager 'ovalarmsrv.exe' Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-129.shtml 8 May 2009 New Bulletin Adobe Flash Media Server Unspecified RPC Call Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-128.shtml 08 May 2009 New Bulletin Multiple F-Secure Products RAR/ZIP Files Scan Evasion Vulnerability. Multiple F-Secure products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://www.doecirc.energy.gov/bulletins/t-127.shtml 07 May 2009 New Bulletin Release Date: 2009-05-05 Last Updated: 2009-05-05 Potential Security Impact: Multiple remote vulnerabilities in Nagios Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with Insight Control suite for Linux (ICE-LX) running Nagios. The vulnerabilities could be remotely exploited via cross-site request forgery (CSRF) and remote authentication bypass. http://www.doecirc.energy.gov/bulletins/t-126.shtml 06 May 2009 New Bulletin The Linux kernel is prone to a local privilege-escalation vulnerability via ptrace_attach(). Currently we are not aware of any working exploits. A fix is available in the GIT repository. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=d84f4f992cbd76e8f39c488cf0c5d123843923b1 http://www.doecirc.energy.gov/bulletins/t-125.shtml 05 May 2009 Linux Kernel 'FWD-TSN' Chunk Remote Buffer Overflow Vulnerability http://www.doecirc.energy.gov/bulletins/t-124.shtml 04 May 2009 New Bulletin A remote attacker can exploit a buffer overflow to gain apache privileges, or cause a denial of service. CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities. Refer to the References section for a list of resolved issues by CVE identifier. http://www.doecirc.energy.gov/bulletins/t-123.shtml 01 May 2009 New Bulletin http://www.doecirc.energy.gov/bulletins/t-122.shtml 30 Apr 09 This is a root compromise, privilege escalation exploit. A local attacker can exploit this issue to execute arbitrary code with superuser privileges. http://www.doecirc.energy.gov/bulletins/t-121.shtml 29 April 2009 New Bulletin Adobe Reader 'spell.customDictionaryOpen()' JavaScript Function Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-120.shtml 28 APR 2009 New Bulletin Symantec Brightmail Gateway Appliance Cross-site Scripting and Elevation of Privilege. Symantec Brightmail Gateway is prone to a remote privilege-escalation vulnerability. Remote authorized attackers who have access to the targeted host's local network can exploit this issue to gain elevated access. Successful exploits may compromise the affected computer and may aid in other attacks. http://www.doecirc.energy.gov/bulletins/t-119.shtml 28 April 2009 New Bulletin GNOME glib Base64 Encoding and Decoding Multiple Integer Overflow Vulnerabilities. The GNOME glib library is prone to multiple integer-overflow vulnerabilities related to encoding and decoding Base64 data. http://www.doecirc.energy.gov/bulletins/t-118.shtml 27 April 2009 New Bulletin Sun Java System Delegated Administrator HTTP Response Splitting Vulnerability http://www.doecirc.energy.gov/bulletins/t-117.shtml 24 APR 2009 New Bulletin Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities. This vulnerability can cause Denial of service via network. http://www.doecirc.energy.gov/bulletins/t-xxx.shtml 24 Apr 09 Multiple vulnerabilities in Firefox, Thunderbird and Seamonkey: Multiple newly disclosed vulnerabilities in Firefox, Thunderbird and Seamonkey could result in disclosure of information, crashing the application or the running of inserted javascript. One vulnerability results in memory corruption and could conceivably be used to run arbitrary code. http://www.doecirc.energy.gov/bulletins/t-115.shtml 23 Apr 09 New Bulletin Xpdf JBIG2 Processing Multiple Security Vulnerabilities. Failed exploit attempts will likely cause denial-of-service conditions. Currently we are not aware of any working exploits. Updates are available. Please see the references for more information. http://www.doecirc.energy.gov/bulletins/t-114.shtml 22 April 2009 udev Netlink Message Validation Local Privilege Escalation Vulnerability. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. http://www.doecirc.energy.gov/bulletins/t-113.shtml 21 April 2009 New Bulletin CUPS Integer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/t-112.shtml 17 Apr 2009 New Bulletin Oracle April 2009 Critical Patch Update Multiple Vulnerabilities. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-111.shtml 16 Apr 2009 16:00 GMT New Bulletin OpenBSD PF Remote Denial Of Service Vulnerability Exploiting this issue allows remote attackers to cause a kernel panic on affected computers, denying further service to legitimate users. OpenBSD 002_pf.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch OpenBSD OpenBSD 4.4 OpenBSD 002_pf.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch OpenBSD OpenBSD 4.5 OpenBSD 002_pf.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.5/common/002_pf.patch http://www.doecirc.energy.gov/bulletins/t-110.shtml 16 Apr 09 New Bulletin Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances. http://www.doecirc.energy.gov/bulletins/t-109.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759) This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE). http://www.doecirc.energy.gov/bulletins/t-108.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. http://www.doecirc.energy.gov/bulletins/t-107.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) This security update resolves a privately reported and a publicly disclosed vulnerability. http://www.doecirc.energy.gov/bulletins/t-106.shtml 15 Mar 2009 New Bulletin Cumulative Security Update for Internet Explorer (963027) This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. http://www.doecirc.energy.gov/bulletins/t-105.shtml 15 Mar 2009 New Bulletin Vulnerabilities in Windows HTTP services could allow remote code execution http://www.doecirc.energy.gov/bulletins/t-104.shtml 15 Apr 2009 New Bulletin Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution. This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. http://www.doecirc.energy.gov/bulletins/t-103.shtml 15 Apr 09 New Bulletin Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution http://www.doecirc.energy.gov/bulletins/t-102.shtml 15 Apr 2009 New Bulletin Vmware Flaw in Multiple Products Allows Compromise of Host System. A local user can exploit a flaw in the virtual machine display function to execute arbitrary code on the target host system. http://www.doecirc.energy.gov/bulletins/t-101.shtml 14 April 2009 New Bulletin Tor Security Bypass And Privilege Escalation Weaknesses. Tor is prone to multiple weaknesses that may allow attackers to exploit other vulnerabilities that facilitate privilege-escalation and security-bypass attacks. http://www.doecirc.energy.gov/bulletins/t-100.shtml 13 April 2009 New Bulletin Linux Kernel CIFS Remote Buffer Overflow Vulnerability. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. http://www.doecirc.energy.gov/bulletins/t-099.shtml 10 April 2009 New Bulletin Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances. Cisco has announced multiple vulnerabilities in its ASA Adaptive Security Appliance and PIX Security Appliance. Most result in DoS, to allow an attacker to bypass VPN authentication or bypass ACL rules. http://www.doecirc.energy.gov/bulletins/t-098.shtml 09 April 2009 New Bulletin Novell Client/NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution Vulnerability ZDI-09-016: April 6th, 2009 CVE ID. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. A valid IPC$ connection must be established in order to exploit this vulnerability. http://www.doecirc.energy.gov/bulletins/t-097.shtml 06 April 2009 New Bulletin Clam AV 0.94 and below Rar Evasion Vulnerability. ClamAV AntiVirus is prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. http://www.doecirc.energy.gov/bulletins/t-096.shtml 07 April 2009 New Bulletin Microsoft Office PowerPoint code execution vulnerability. Unspecified vulnerability in MS Powerpoint could allow a remote attacker to execute arbitrary code on the system. http://www.doecirc.energy.gov/bulletins/t-095.shtml 06 April 2009 New Bulletin Wireshark could allow a remote attacker to execute arbitrary code on the system, caused by a format string vulnerability in the PN-DCP dissector. http://www.doecirc.energy.gov/bulletins/t-094.shtml 02 Apr 2009 New Bulletin Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities. Security Vulnerabilities in the Java Runtime Environment (JRE) LDAP Implementation may Allow a Denial of Service (DoS) and Malicious Code to be Executed Vulnerability affects LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier. http://www.doecirc.energy.gov/bulletins/t-093.shtml 01 Apr 2009 New Bulletin Mozilla Firefox '_moveToEdgeShift' Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. http://www.doecirc.energy.gov/bulletins/t-092.shtml 31 March 2009 New Bulletin Conficker Worm Targets Microsoft Windows Systems. Public reports indicate a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a network if the host is not patched with MS08-067. http://www.doecirc.energy.gov/bulletins/t-091.shtml 30 Mar 2009 New Bulletin Squid Web Proxy Cache HTTP Version Number Parsing Denial of Service Vulnerability. Squid is prone to a remote denial-of-service vulnerability because the proxy server fails to handle certain HTTP requests. http://www.doecirc.energy.gov/bulletins/t-090.shtml 27 Mar 2009 New Bulletin pam-krb5 Local Privilege Escalation Vulnerability. pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application. http://www.doecirc.energy.gov/bulletins/t-089.shtml 26 Mar 2009 New Bulletin HP-UX VERITAS File System and VERITAS Oracle Disk Manager Local Privilege Escalation Vulnerability HP-UX is prone to a local privilege-escalation vulnerability affecting VERITAS File System (VRTSvxfs) and VERITAS Oracle Disk Manager (VRTSodm). http://www.doecirc.energy.gov/bulletins/t-088.shtml 25 Mar 2009 New Bulletin http://www.doecirc.energy.gov/bulletins/t-087.shtml 24 March 2009 New Bulletin Linux Kernel 'readlink' Local Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-086.shtml 23 March 2009 New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009 -07 -08 -09 and -11 Multiple Remote Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-085.shtml 20 March 2009 New Bulletin Tasklist Drupal Module Unspecified SQL Injection Vulnerability http://www.doecirc.energy.gov/bulletins/t-084.shtml 19 March 2009 New Bulletin Sun Java Runtime Environment and Java Development Kit Multiple Security Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-083.shtml 18 March 2009 New Bulletin Opera Web Browser HTML Parsing Heap-Based Remote Code Execution Vulnerability http://www.doecirc.energy.gov/bulletins/t-082.shtml 17 March 2009 New Bulletin The 'libpng' library is prone to multiple memory-corruption vulnerabilities because it fails to properly initialize data structures. http://www.doecirc.energy.gov/bulletins/t-081.shtml 16 Mar 2009 New Bulletin Hewlett-Packard WMI Mapper for HP Systems Insight Manager Unauthorized Access Vulnerabilities http://www.doecirc.energy.gov/bulletins/t-080.shtml 13 March 2009 New Bulletin Cisco Unified Communications Manager IP Phone Personal Address Book Synchronizer Privilege Escalation Vulnerability http://www.doecirc.energy.gov/bulletins/t-079.shtml 12 March 2009 New Bulletin Vulnerabilities in Windows Kernel Could Allow Remote Code Execution http://www.doecirc.energy.gov/bulletins/t-078.shtml 11 March 2009 New Bulletin A security vulnerability exists in the IBM Tivoli Storage Manager (TSM) HSM for Windows client. http://www.doecirc.energy.gov/bulletins/t-077.shtml 10 March 2009 New Bulletin OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability http://www.doecirc.energy.gov/bulletins/t-076.shtml 09 March 2009 New Bulletin VMware Server and Workstation are prone to an unauthorized-access vulnerability and multiple privilege-escalation and denial-of-service vulnerabilitie http://www.doecirc.energy.gov/bulletins/t-075.shtml 06 March 2009 New Bulletin XML Data Theft Via RDFXML DataSource and Cross-Domain Redirect http://www.doecirc.energy.gov/bulletins/t-074.shtml 05 March 2009 New Bulletin Two SQL injection vulnerabilities have been found in proftpd, a virtual-hosting FTP daemon. http://www.doecirc.energy.gov/bulletins/t-073.shtml 04 March 2009 New Bulletin Adobe Flash Player Invalid Object Reference Bug Lets Remote Users Execute Arbitrary Code http://www.doecirc.energy.gov/bulletins/t-072.shtml 03 March 2009 New Bulletin A remotely exploitable vulnerability has been discovered in the iMonitor component of Novell eDirectory. http://www.doecirc.energy.gov/bulletins/t-071.shtml 02 Mar 2009 New Bulletin Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability http://www.doecirc.energy.gov/bulletins/t-070.shtml 27 Feb 2009 New Bulletin Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). http://www.doecirc.energy.gov/bulletins/t-069.shtml 26 Feb 2009 New Bulletin Microsoft Windows includes an AutoRun feature, which can automatically run code when removable devices are connected to the computer. http://www.doecirc.energy.gov/bulletins/t-068.shtml 25 Feb 2009 New Bulletin Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution http://www.doecirc.energy.gov/bulletins/t-067.shtml 24 Feb 2009 New Bulletin Multiple HTTP Proxy HTTP Host Header Incorrect Relay Behavior Vulnerability http://www.doecirc.energy.gov/bulletins/t-066.shtml 23 Feb 2009 New Bulletin Adobe Acrobat and Reader are prone to a remote code-execution vulnerability. http://www.doecirc.energy.gov/bulletins/t-065.shtml 20 Feb 2009 New Bulletin RIM BlackBerry Application Web Loader is prone to multiple stack-based buffer overflows. http://www.doecirc.energy.gov/bulletins/t-064.shtml 19 Feb 2009 New Bulletin Apple Mac OS X is prone to a buffer-overflow vulnerability that occurs in the SMB component. http://www.doecirc.energy.gov/bulletins/t-063.shtml 18 Feb 2009 New Bulletin Unspecified vulnerablility in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service. http://www.doecirc.energy.gov/bulletins/t-062.shtml 17 Feb 2009 New Bulletin pam-krb5 'KRB5CCNAME' Environment Variable Local Privilege Escalation Vulnerability. pam-krb5 is prone to a local privilege-escalation vulnerability because of a failure to properly handle setuid processes. http://www.doecirc.energy.gov/bulletins/t-061.shtml 13 Feb 2009 New Bulletin Cumulative Security Update for Internet Explorer 7. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. http://www.doecirc.energy.gov/bulletins/t-060.shtml 12 Feb 2009 New Bulletin Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution http://www.doecirc.energy.gov/bulletins/t-059.shtml 11 Feb 2009 New Bulletin Some vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a vulnerable system. http://www.doecirc.energy.gov/bulletins/t-058.shtml 10 Feb 2009 New Bulletin A potential security vulnerability has been identified with certain HP LaserJet printers, HP Color LaserJet printers and HP Digital Senders. The vulnerability could be exploited remotely to gain unauthorized access to files. http://www.doecirc.energy.gov/bulletins/t-057 09 Feb 2009 New Bulletin RealNetworks RealPlayer IVR File Parsing Multiple Vulnerabilities. RealPlayer 11 is affected; other versions may also be vulnerable. http://www.doecirc.energy.gov/bulletins/t-056 06 Feb 2009 New Bulletin Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. http://www.doecirc.energy.gov/bulletins/t-055.shtml 05 Feb 2009 New Bulletin Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities bypass same-origin restrictions. http://www.doecirc.energy.gov/bulletins/t-054.shtml 04 Feb 2009 New Bulletin Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server allows unauthorized disclosure of information, unauthorized modification, or a disruption of service. http://www.doecirc.energy.gov/bulletins/t-053.shtml 03 Feb 2009 New Bulletin A vulnerability in Sun Solaris could be exploited by attackers to conduct spoofing attacks. http://www.doecirc.energy.gov/bulletins/t-052.shtml.shtml 02 Feb 2009 New Bulletin A weakness in Sun Java System Access Manager can be exploited by remote unprivileged users to identify valid user accounts. http://www.doecirc.energy.gov/bulletins/t-051.shtml 30 Jan 2009 New Bulletin A vulnerability in Sun Solaris could cause a denial of service. http://www.doecirc.energy.gov/bulletins/t-050.shtml 29 Jan 2009 New Bulletin A vulnerability in Sun Solaris could be exploited by a remote attacker to cause a denial of service condition. http://www.doecirc.energy.gov/bulletins/t-049.shtml 28 Jan 2009 New Bulletin Vulnerabilities in various CA products could allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file. http://www.doecirc.energy.gov/bulletins/t-048.shtml 28 Jan 2009 New Bulletin A vulnerability in Sun Solaris could be exploited by a remote attacker to cause a Denial of Service. http://www.doecirc.energy.gov/bulletins/t-047.shtml 28 Jan 2009 New Bulletin Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. http://www.doecirc.energy.gov/bulletins/t-046.shtml 27 Jan 2009 New Bulletin Linux Kernel dell_rbu Denial of Service Security Issues Summary: Two security issues in the Linux Kernel could be exploited by malicious, local users to cause a DoS (Denial of Service). Versions 2.6.27.13 and 2.6.28.2 are available to address these issues. http://www.doecirc.energy.gov/bulletins/t-045 26 Jan 2009 4:45 PM New Bulletin Apple has published an advisory for an input validation error in the Quicktime MPEG-2 Playback Component for Windows. http://www.doecirc.energy.gov/bulletins/t-044.shtml 23 Jan 2009 New Bulletin Multiple vulnerabilities in Apple QuickTime 7.5 and prior could allow remote attackers to cause a Denial of Service http://www.doecirc.energy.gov/bulletins/t-043.shtml 22 Jan 2009 New Bulletin A local denial of service vulnerability has been discovered in the Linux kernel http://www.doecirc.energy.gov/bulletins/t-042.shtml 21 Jan 2009 New Bulletin A vulnerability in Symantec AppStream Client could allow malicious files to be downloaded and saved to arbitrary locations on an affected computer. http://www.doecirc.energy.gov/bulletins/t-041.shtml 20 Jan 2009 New Bulletin A vulnerability in certain Sun SPARC Enterprise servers could allow a remote attacker to gain root access on the target system. http://www.doecirc.energy.gov/bulletins/t-040.shtml 20 Jan 2009 New Bulletin A vulnerability and security issue in Sun Java System Access Manager could be exploited by an attacker to gain escalated privileges, or disclose sensitive information. http://www.doecirc.energy.gov/bulletins/t-039.shtml 16 Jan 2009 New Bulletin Certain Cisco Platforms contain a vulnerability when processing TCP traffic streams that may result in a reload of the device control card. http://www.doecirc.energy.gov/bulletins/t-038.shtml 15 Jan 2009 New Bulletin Oracle has released the January 2009 critical patch update. The update addresses 41 vulnerabilities. http://www.doecirc.energy.gov/bulletins/t-037.shtml 14 Jan 2009 New Bulletin This security update resolves two privately reported vulnerabilities and one publicly disclosed vulnerability in Microsoft Server Message Block (SMB) Protocol. http://www.doecirc.energy.gov/bulletins/t-036.shtml 13 Jan 2009 New Bulletin A Microsoft RPC vulnerability was patched in an out-of-band release in October, but organizations slow to deploy the update are learning the hard way how fast various RPC worm variants can spread through corporate networks. http://www.doecirc.energy.gov/bulletins/t-035.shtml 13 Jan 2009 New Bulletin Athos has discovered a vulnerability in XOOPS, which can be exploited by malicious people to compromise a vulnerable system. http://www.doecirc.energy.gov/bulletins/t-034.shtml 09 Jan 2009 New Bulletin A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to conduct spoofing attacks. http://www.doecirc.energy.gov/bulletins/t-033.shtml 08 Jan 2009 New Bulletin New xterm packages fix regression, there was a design flaw http://www.doecirc.energy.gov/bulletins/t-032.shtml 07 Jan 2009 New Bulletin Ehsan_Hp200 has reported a vulnerablility in SolucionWeb, which can be exploited by malicious people to conduct SQL injection attacks. http://www.doecirc.energy.gov/bulletins/t-031.shtml 06 Jan 2009 New Bulletin The regular expression engine of Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a denial of service condition (CVE-2008-3443). http://www.doecirc.energy.gov/bulletins/t-030.shtml 05 Jan 2009 New Bulletin It was discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, no would it (under proper conditions) prevent two databases from using the same paths for data or index files. The risk is LOW. This permits an authenticated user with authoriziation to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations. http://www.ciac.org/bulletins/s-346.shtml 28 Jul 2008 19:00 GMT New Bulletin A vulnerability in the Java Runtime Environment Virtual Machine may allow an untrusted application or applet that is downloaded from a website to elevate its privileges. The risk is MEDIUM. The application or applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application or applet. http://www.ciac.org/bulletins/s-345.shtml 28 Jul 2008 19:00 GMT New Bulletin Multiple interger overflows to a heap overflow were discovered in the array- and string-handling code used by Ruby. The risk is MEDIUM. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. http://www.ciac.org/bulletins/s-344.shtml 28 Jul 2008 19:00 GMT New Bulletin Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitary code on a vulnerable system. The risk is MEDIUM. By convincing a user to visit a specially crafted web page with Apple Safari on Windows, an attacker mey be able to execute arbitrary code on a vulnerable system. http://www.ciac.org/bulletins/s-343.shtml 28 Jul 2008 19:00 GMT New Bulletin It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object. The risk is MEDIUM. http://www.ciac.org/bulletins/s-342.shtml 28 Jul 2008 19:00 GMT New Bulletin Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. The risk is HIGH. Successful exploitation of the vulnerability described in this document may result in invalid hostname-to-IP address mappings in the cache of an affected DNS server. This may lead of this DNS server to contact with wrong provider of network services. http://www.ciac.org/bulletins/s-341.shtml 28 Jul 2008 19:00 GMT New Bulletin A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to gain unauthorized access to data. The risk is LOW. The vulnerability could be exploited remotely to gain unauthorized access to data. http://www.ciac.org/bulletins/s-340.shtml 8 Jul 2008 19:00 GMT New Bulletin There is a cross-site scripting vulnerability in the affected versions of Outlook Web Access (OWA) for Exchange Server. Exploitation of the vulnerability could lead to elevation of privilege on individual OWA clients connecting to Outlook Web Access for Exchange Server. The risk is LOW. To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted e-mail that would run malicious script from within an individual OWA client. If the malicious script is executed, the script would run inthe security context of the user's OWA session and could perform any action that user could perform such as reading, sending, and deleting e-mail as the logged-on user. http://www.ciac.org/bulletins/s-339.shtml 8 Jul 2008 19:00 GMT New Bulletin The Apple Webkit contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. The risk is MEDIUM. A remote, unauthenticated attacker may be able to execute arbitrary code. http://www.ciac.org/bulletins/s-338.shtml 8 Jul 2008 18:00 GMT New Bulletin Microsoft is investigating active, targeted attacks leveraging a potential vulnerability in the ActiveX control for the Snapshot Viewer for Microsoft Access. An attacker could exploit the vulnerability by constructing a specially crafted Web page. The risk is MEDIUM. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. http://www.ciac.org/bulletins/s-337.shtml 8 Jul 2008 18:00 GMT New Bulletin It was discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. The risk is MEDIUM. May encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading the arbitrary code execution. http://www.ciac.org/bulletins/s-336.shtml 8 Jul 2008 18:00 GMT New Bulletin Cross-Site Scripting has become an increasingly prevalent attack vector that can be leveraged to perform a wide range of compromises. These compromises can range from simple popup displays within a user's browser to session and cookie capture that are used for information and identity theft. As these attacks become more mature, as well as obscure, it is imperative that we understand how they happen, how they propagate, and the ways to prevent them. By understanding the different vectors of attack and realizing and implementing simple security measures against them, we can better protect ourselves and our users now, and in the future. http://www.ciac.org/ciac/techbull/CIACTech08-003.shtml 3 Jun 2008 17:00 GMT New Bulletin Windows hash dumping tools are often spotlighted as hacker tools that can somehow magically extract windows hashes and allow an intruder access to a system. In actuality, the hashes are there, in memory, where any admin or system level user can get at them. The tools just grab them and print them out. This paper will describe how Windows hashes are created, how the hash dumpers get at them, and what can be done with the hashes. http://www.ciac.org/ciac/techbull/CIACTech08-002.shtml 21 May 2008 23:00 GMT New Bulletin Many websites use the PHP programming language to build web pages on the fly from individual files and from values obtained from a database. PHP based websites are widely used to create Wikis such as MediaWiki used for Wikipedia. If the PHP programs that generate the web pages are not carefully crafted to check user input before it is used, an intruder could inject code into a page and get it executed. http://www.ciac.org/ciac/techbull/CIACTech08-001.shtml 29 Jan 2008 18:00 GMT New Bulletin A common cyber attack is to send a user an Office document (Word, Excel, PowerPoint) containing malicious code that infects the user's computer and proceeds to do the miscreant's bidding. Targeting of users has gotten so sophisticated that advice such as "don't open files from people you don't know" is no longer effective. MOICE, the Microsoft Office Isolated Conversion Environment opens Office documents before the Office application, converts it to a format that does not "support" malcode and then invokes the application with the newly cleaned document. Properly implemented, this could mitigate attacks using email-borne Office malcode. http://www.ciac.org/ciac/techbull/CIACTech07-001.shtml 22 May 2007 23:00 GMT New Revised Bulletin SQL injection is a real threat that is being used to exploit company systems and data. This threat can be reduced by a combination of good programming practice, application firewalls, and scanning. http://www.ciac.org/ciac/techbull/CIACTech06-001.shtml 6 Sep 2006 21:00 GMT 28 Apr 2008 21:00 GMT Revised Bulletin Many sites have detected large numbers of udp packets directed at the DNS port (53). These packets contain a lot of structure and there is concern that they are exploit or remote control packets. It turns out that they are discovery packets being sent to random IP addresses by the Sinit Calypso worm. They are invalid DNS packets and should be ignored by DNS servers. http://www.ciac.org/ciac/techbull/CIACTech05-001.shtml 15 Nov 2004 20:00 GMT Before systems containing the MyDoom.A worm can be cleaned, they must be detected. As running a scanner on each system can be difficult and time consuming, a method of remote scanning for infected machines is needed. http://www.ciac.org/ciac/techbull/CIACTech04-001.shtml 30 Jan 2004 23:00 GMT New Bulletin A spam engine has been released that uses the Windows Messenger Service (not the MSN Messenger instant messaging program) to send spam messages to users. The Messenger service is active on most Windows platforms. http://www.ciac.org/ciac/techbull/CIACTech03-001.shtml 29 Oct 2002 24:00 GMT New Bulletin Several online articles have worried the problem of file capture using Microsoft Word field codes. The articles have gone so far as suggesting that Word be banned from company computers until this is changed. These articles have created undue worry among computer users about what is a relatively low risk vulnerability. http://www.ciac.org/ciac/techbull/CIACTech02-005.shtml 27 Sep 2002 24:00 GMT New Bulletin Programs are being intentionally packaged with legitimate software to display advertising on your screen, gather information on your browsing habits, and to sell your unused CPU cycles and disk space. Current applications are relatively benign but could easily be used for an invasion of privacy or other malicious purposes. http://www.ciac.org/ciac/techbull/CIACTech02-004.shtml 11 Nov 2002 23:00 GMT New Bulletin Microsoft Office for Macintosh OS X has an antipiracy mechanism that secretly opens network service ports on a Macintosh system and broadcasts version information to other systems on a single subnet. The problem is that open network services provide attack points for intruders and need to be controlled by users. http://www.ciac.org/ciac/techbull/CIACTech02-003.shtml 26 Apr 2002 00:00 GMT New Bulletin Browser Helper Objects (BHO) are Microsoft's way of attaching add-ins to Internet Explorer 4 and later. In addition to legitimate uses, BHOs are used to attach spyware to a user's web browser to secretly send a user's browsing habits to a marketing site and could be used for malicious code. The problems are that there is no simple way to know what BHOs are attached to a system and no simple way to control the attachment of new ones. http://www.ciac.org/ciac/techbull/CIACTech02-002.shtml 2 Apr 2002 23:00 GMT New Bulletin In recent months, many servers running ssh have been compromised using the SSH CRC32 Compensation Attack Detector. Compromised machines have either not been upgraded to SSH protocol 2 or have not disabled drop back to SSH protocol 1. Use of this attack allows a remote user to gain root access on a server. http://www.ciac.org/ciac/techbull/CIACTech02-001.shtml 9 May 2002 19:00 GMT New Bulletin A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). This vulnerability could be exploited remotely to execute arbitrary code or to create a Denial of Service (DoS). The risk is MEDIUM. The vulnerability could be exploited remotely execute arbitrary code or to create a Denial of Service (DoS). http://www.ciac.org/bulletins/s-317.shtml 19 Jun 2008 16:00 GMT 8 Jul 2008 16:00 GMT Revised Bulletin A buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code. The risk is MEDIUM. Could lead to denial of service and potentially the execution of arbitrary code. http://www.ciac.org/bulletins/s-164.shtml 11 Feb 2008 18:00 GMT 27 Jun 2008 18:00 GMT Revised Bulletin A remote code execution vulnerability exists in Microsoft XML Core Services that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-onuser. The risk is MEDIUM. If the user is logged on with administrative user rights, an attacker could take complete control of the affected system. http://www.ciac.org/bulletins/r-316.shtml 14 Aug 2007 18:00 GMT 27 Jun 2008 18:00 GMT Revised Bulletin A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The risk is MEDIUM. This vulnerability could be exploited remotely to execute arbitrary code. http://www.ciac.org/bulletins/s-232.shtml 27 Mar 2008 14:00 GMT 27 Jun 2008 14:00 GMT Revised Bulletin A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows because the Bluetooth stack does not correctly handle a large nubmer of service description requests. The risk is MEDIUM. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulenrability could take complete contorl of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. http://www.ciac.org/bulletins/s-314.shtml 12 Jun 2008 14:00 GMT 27 Jun 2008 14:00 GMT Revised Bulletin PHP contains a path translation vulnerability that may allow an attacker to execute arbitrary code. The risk is MEDIUM. An attacker may be able to execute arbitrary code in the context of an application that uses the vulnerable function. The scope of the impact depends on how the affected application works. Applications that process filename input from the network, such as public-facing web applications, would be vulnerable to a remote attacker. http://www.ciac.org/bulletins/s-286.shtml 9 May 2008 15:00 GMT 27 Jun 2008 15:00 GMT Revised Bulletin A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. The risk is MEDIUM. A malicious Samba server could run arbitrary code on a Samba client as the Samba client user. Alternately, a malicious client could run arbitrary code on a Samba server with the permissions of the Samba server. http://www.ciac.org/bulletins/s-301.shtml 30 May 2008 12:00 GMT 27 Jun 2008 12:00 GMT Revised Bulletin A remote code execution exists in Outlook. The risk is MEDIUM. The vulnerability could allow remote code execution if Outlook is passed a specially crafted malito URI. http://www.ciac.org/bulletins/s-226.shtml 14 Mar 2008 17:00 GMT 5 Jun 2008 17:00 GMT Revised Bulletin A remote code execution vulnerability exists in the way Microsoft Publisher validates object header data. An attacker could exploit the vulnerability by sending a specially crafted Publisher file which could be an e-mail attachment, or hosted on a specially crafted or compromised Web site. The risk is MEDIUM. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.ciac.org/bulletins/s-289.shtml 13 May 2008 20:00 GMT 5 Jun 2008 19:00 GMT Revised Bulletin A buffer overfun vulnerability exists in the Microsoft Jet Database Engine (JET) that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system. The risk is MEDIUM. An attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.ciac.org/bulletins/s-290.shtml 13 May 2008 19:00 GMT 5 Jun 2008 19:00 GMT Revised Bulletin Several flaws werer reported in the way libvorbis processed audio data. The risk is MEDIUM. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. http://www.ciac.org/bulletins/s-294.shtml 15 May 2008 20:00 GMT 5 Jun 2008 20:00 GMT Revised Bulletin Remote code vulnerabilities exist in the way Excel: 1) processes data validation records when loading Excel files into memory; 2) handles data when importing files into Excel; 3) Style record data when opening Excel files; 4) handles malformed formulas; 5) handles rich text values when loading application data into memory; 6) handles conditional formatting values; and 7) handles macros when opening specially crafted Excel files. The risk is MEDIUM. An attacker could exploit the vulnerabilities by sending malformed files which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment. http://www.ciac.org/bulletins/s-227.shtml 14 Mar 2008 17:00 GMT 5 Jun 2008 17:00 GMT Revised Bulletin The Speex library was found to not properly validate input values read from the Speex files headers, which could allow arbitrary code execution. The risk is MEDIUM. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. http://www.ciac.org/bulletins/s-272.shtml 25 Apr 2008 12:00 GMT 29 May 2008 12:00 GMT Revised Bulletin The libxslt library did not properly process long "transformation match" conditions in the XSL stylesheet files. The risk is MEDIUM. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations. http://www.ciac.org/bulletins/s-297.shtml 22 May 2008 13:00 GMT 29 May 2008 13:00 GMT Revised Bulletin Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The risk is MEDIUM. Could result in denial of service and potentially the execution of arbitary code. http://www.ciac.org/bulletins/s-163.shtml 11 Feb 2008 18:00 GMT 20 May 2008 18:00 GMT Revised Bulletin A remote code execution vulnerability exists in the way that Microsoft Word handle specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. The risk is MEDIUM. An attacker who successfully exploited this vulnerability could take complete control of an attected system. http://www.ciac.org/bulletins/s-288.shtml 13 May 2008 19:00 GMT 20 May 2008 19:00 GMT Revised Bulletin Remote code execution vulnerabilities exist in the way Microsoft Office Web Components manages memory resources. The risk is MEDIUM. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allos remote code execution. http://www.ciac.org/bulletins/s-224.shtml 14 Mar 2008 17:00 GMT 15 May 2008 17:00 GMT Revised Bulletin There are several security issues in PCRE library which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. The risk is LOW. Could potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions. http://www.ciac.org/bulletins/s-037.shtml 7 Nov 2007 15:00 GMT 8 May 2008 15:00 GMT Revised Bulletin A remote code execution vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. The risk is HIGH. A remote code execution vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. http://www.ciac.org/bulletins/r-295.shtml 10 Jul 2007 20:00 GMT 8 May 2008 20:00 GMT Revised Bulletin There is a flaw in the way kpdf displayed malformed fonts embedded in PDF files which could potentially execute arbitrary code. The risk is MEDIUM. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially, execute arbitrary code when opened. http://www.ciac.org/bulletins/s-269.shtml 25 Apr 2008 11:00 GMT 8 May 2008 11:00 GMT Revised Bulletin Potential security vulnerabilities have been identified with HP-UX running WBEM Services that could remotely execute arbitrary code or gain extended privileges. The risk is MEDIUM. These vulnerabilities could be exploited remotely to execute arbitrary code or to gain extended privileges. http://www.ciac.org/bulletins/s-282.shtml 1 May 2008 15:00 GMT 7 May 2008 15:00 GMT Revised Bulletin Several vulnerabilities have been discovered in GNU Tar. The risk is MEDIUM. May lead to arbitrary code execution when processing maliciously crafted archives. http://www.ciac.org/bulletins/s-100.shtml 3 Jan 2008 22:00 GMT 7 May 2008 22:00 GMT Revised Bulletin There are several vulnerabilities in PHP. The risk is MEDIUM. Could possibly execute arbitrary code as the apache user. http://www.ciac.org/bulletins/r-355.shtml 20 Sep 2007 20:00 GMT 07 May 2008 18:00 GMT Revised Bulletin A flaw was found in the processing of malformed JavaScript content which could lead to the execution of arbitrary code. The risk is MEDIUM. A web page containing such maliciuos content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. http://www.ciac.org/bulletins/s-270.shtml 25 Apr 2008 11:00 GMT 2 May 2008 11:00 GMT Revised Bulletin There are remote code execution vulnerabilities that exist in the way Microsoft Office handles specially crafted Excel files and processes malformed Office files. The risk is MEDIUM. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. http://www.ciac.org/bulletins/s-225.shtml 14 Mar 2008 17:00 GMT 1 May 2008 17:00 GMT Revised Bulletin A remote code execution vulnerability exists in the way Microsoft Office handles a specially crafted drawing object. The risk is MEDIUM. Code runs in the context of the user. http://www.ciac.org/bulletins/r-232.shtml 9 May 2007 12:00 GMT 1 May 2008 12:00 GMT Revised Bulletin Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets. The risk is LOW. Successful exploitation of these vulnerabilities may result in the reload of the device or memory leaks, leading to a DoS condition. http://www.ciac.org/bulletins/s-241.shtml 27 Mar 2008 19:00 GMT 28 Apr 2008 19:00 GMT Revised Bulletin Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. The risk is MEDIUM. Could lead to the potential execution of arbitrary code. http://www.ciac.org/bulletins/s-092.shtml 21 Dec 2007 21:00 GMT 28 Apr 2008 21:00 GMT Revised Bulletin A remote code execution vulnerability exists in Internet Explorer because of the way that it processes data streams. An attacker could exploit the vulnerability by constructing a specially crafted Web page. The risk is MEDIUM. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. http://www.ciac.org/bulletins/s-257.shtml 9 Apr 2008 20:00 GMT 24 Apr 2008 20:00 GMT Revised Bulletin Several remote code execution vulnerabilities exists in the way Microsoft Visio validates: 1) object header data in specially crafted file; and 2) memory allocations when loading specially-crafted .DXF files from disk into memory. The risk is MEDIUM. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. http://www.ciac.org/bulletins/s-252.shtml 9 Apr 2008 19:00 GMT 24 Apr 2008 19:00 GMT Revised Bulletin