Vulnerability Summary for the Week of July 9, 2012
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cisco -- telepresence_multipoint_switch_software | The Cisco Discovery Protocol (CDP) implementation on Cisco TelePresence Multipoint Switch before 1.9.0, Cisco TelePresence Immersive Endpoint Devices before 1.9.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server before 1.8.1 allows remote attackers to execute arbitrary code by leveraging certain adjacency and sending a malformed CDP packet, aka Bug IDs CSCtz40953, CSCtz40947, CSCtz40965, and CSCtz40953. | 2012-07-12 | 8.3 | CVE-2012-2486 |
f5 -- big-ip_application_security_manager | F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, and Enterprise Manager before 2.1.0-HF2, 2.2.x before 2.2.0-HF1, and 2.3.x before 2.3.0-HF3, use a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins via the PubkeyAuthentication option. | 2012-07-09 | 7.8 | CVE-2012-1493 |
hp -- operations_agent | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325. | 2012-07-11 | 10.0 | CVE-2012-2019 |
hp -- operations_agent | Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326. | 2012-07-11 | 10.0 | CVE-2012-2020 |
microsoft -- windows_2003_server | The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability." | 2012-07-10 | 9.3 | CVE-2012-0175 |
microsoft -- internet_explorer | Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability." | 2012-07-10 | 9.3 | CVE-2012-1522 |
microsoft -- internet_explorer | Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability." | 2012-07-10 | 9.3 | CVE-2012-1524 |
microsoft -- windows_7 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability." | 2012-07-10 | 7.2 | CVE-2012-1890 |
microsoft -- data_access_components | Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability." | 2012-07-10 | 9.3 | CVE-2012-1891 |
microsoft -- windows_7 | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability." | 2012-07-10 | 7.2 | CVE-2012-1893 |
netsweeper -- netsweeper | Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447. | 2012-07-09 | 10.0 | CVE-2012-3859 |
php -- php | Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow. | 2012-07-07 | 7.5 | CVE-2012-2386 |
pidgin -- pidgin | Buffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message. | 2012-07-07 | 7.5 | CVE-2012-3374 |
synel -- sy-780/a_time_&_attendance_terminal | The Synel SY-780/A Time & Attendance terminal allows remote attackers to cause a denial of service (device hang) via network traffic to port (1) 1641, (2) 3734, or (3) 3735. | 2012-07-09 | 7.8 | CVE-2012-2970 |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- org.apache.sling.servlets.post | The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. | 2012-07-09 | 5.0 | CVE-2012-2138 |
astaro -- security_gateway_software | Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field. | 2012-07-09 | 4.3 | CVE-2012-3238 |
digium -- asterisk | Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox. | 2012-07-09 | 4.0 | CVE-2012-3812 |
digium -- asterisk | channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses. | 2012-07-09 | 4.0 | CVE-2012-3863 |
elitecore -- cyberoam_unified_threat_management | ** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key." | 2012-07-09 | 5.8 | CVE-2012-3372 |
hazama -- mt4i | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2644. | 2012-07-07 | 4.3 | CVE-2012-2642 |
hazama -- mt4i | Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642. | 2012-07-07 | 4.3 | CVE-2012-2644 |
kent-web -- yy-board | Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before 6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted form entry. | 2012-07-07 | 4.3 | CVE-2012-2643 |
microsoft -- office | Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. | 2012-07-10 | 6.9 | CVE-2012-1854 |
microsoft -- office_web_apps | Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability." | 2012-07-10 | 4.3 | CVE-2012-1859 |
microsoft -- office_web_apps | Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." | 2012-07-10 | 5.5 | CVE-2012-1860 |
microsoft -- office_web_apps | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability." | 2012-07-10 | 4.3 | CVE-2012-1861 |
microsoft -- sharepoint_server | Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability." | 2012-07-10 | 6.8 | CVE-2012-1862 |
microsoft -- office_sharepoint_server | Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability." | 2012-07-10 | 4.3 | CVE-2012-1863 |
microsoft -- windows_7 | The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability." | 2012-07-10 | 4.3 | CVE-2012-1870 |
microsoft -- office | Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability." | 2012-07-10 | 6.9 | CVE-2012-1894 |
moodle -- moodle | Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. | 2012-07-11 | 6.8 | CVE-2011-4298 |
moodle -- moodle | Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. | 2012-07-11 | 4.3 | CVE-2011-4299 |
moodle -- moodle | The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | 2012-07-11 | 5.0 | CVE-2011-4300 |
moodle -- moodle | The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. | 2012-07-11 | 5.0 | CVE-2011-4301 |
moodle -- moodle | mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate. | 2012-07-11 | 6.8 | CVE-2011-4302 |
moodle -- moodle | lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. | 2012-07-11 | 4.3 | CVE-2011-4303 |
moodle -- moodle | The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | 2012-07-11 | 4.0 | CVE-2011-4304 |
moodle -- moodle | message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | 2012-07-11 | 4.0 | CVE-2011-4305 |
moodle -- moodle | Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | 2012-07-11 | 4.3 | CVE-2011-4306 |
moodle -- moodle | Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | 2012-07-11 | 4.3 | CVE-2011-4307 |
moodle -- moodle | mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | 2012-07-11 | 4.0 | CVE-2011-4308 |
moodle -- moodle | Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. | 2012-07-11 | 5.0 | CVE-2011-4309 |
netsweeper -- netsweeper | Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action. | 2012-07-09 | 4.3 | CVE-2012-2446 |
netsweeper -- netsweeper | Cross-site request forgery (CSRF) vulnerability in accountmgr/adminupdate.php in the WebAdmin Portal in Netsweeper allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts via an add action. | 2012-07-09 | 6.8 | CVE-2012-2447 |
nullsoft -- winamp | The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a .IT file. | 2012-07-11 | 6.8 | CVE-2012-3889 |
nullsoft -- winamp | The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file. | 2012-07-11 | 6.8 | CVE-2012-3890 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.