Full Disclosure mailing list archives
Re: ZDI Anything
From: "g () 1337 io" <g () 1337 io>
Date: Fri, 21 Dec 2012 07:42:35 -0800
# grep ZDI header_checks /^From:.*tippingpoint.com.*/ REJECT ZDI SPAM On 12/21/12 6:21 AM, bl4kjeebus121 () gmail com wrote:
Ah, more of the one-third disclosures, or somewhat-disclosed-but-not-really disclosure best of breed pony parade i see. Does nobody else find their posts tedious and annoying? I prefer mustlive any day On 12/21/12 4:43 AM full-disclosure-request () lists grok org uk wrote: Send Full-Disclosure mailing list submissions to full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> To subscribe or unsubscribe via the World Wide Web, visit https://lists.grok.org.uk/mailman/listinfo/full-disclosure or, via email, send a message with subject or body 'help' to full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> You can reach the person managing the list at full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> When replying, please edit your Subject line so it is more specific than "Re: Contents of Full-Disclosure digest..." Note to digest recipients - when replying to digest posts, please trim your post appropriately. Thank you. Today's Topics: 1. ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability (ZDI Disclosures) 2. ZDI-12-189 : Oracle Java WebStart Changing System Properties Remote Code Execution Vulnerability (ZDI Disclosures) 3. ZDI-12-190 : Microsoft Internet Explorer Title Element Change Remote Code Execution Vulnerability (ZDI Disclosures) 4. ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability (ZDI Disclosures) 5. ZDI-12-192 : Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability (ZDI Disclosures) 6. ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability (ZDI Disclosures) 7. ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution Vulnerability (ZDI Disclosures) 8. ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding Remote Code Execution Vulnerability (ZDI Disclosures) 9. ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability (ZDI Disclosures) 10. ZDI-12-197 : Oracle Java java.beans.Statement Remote Code Execution Vulnerability (ZDI Disclosures) ---------------------------------------------------------------------- Message: 1 Date: Fri, 21 Dec 2012 06:29:33 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Cc: full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 -- CVE ID: CVE-2012-1881 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Microsoft -- Affected Products: Microsoft Internet Explorer -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles 'onrowsinserted' callback functions for certain elements. It is possible to alter the document DOM tree in a onrowsinserted callback function which can lead to a use-after-free condition when the function returns. This can result in remote code execution under the context of the current process. -- Vendor Response: Microsoft states: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 2 Date: Fri, 21 Dec 2012 06:31:01 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-189 : Oracle Java WebStart Changing System Properties Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-189 : Oracle Java WebStart Changing System Properties Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-1721 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: Oracle - -- Affected Products: Oracle Java Runtime - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists because it is possible to change system properties through trusted JNLP files. If a JNLP file requests "<all-permissions/>" and only references signed, trusted JAR files, it can set all System properties. By referencing a trusted JNLP file from an untrusted one it is possible to change System Properties that can lead to remote code execution under the context of the current user. - -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ml - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Chris Ries - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRWf1VtgMGTo1scAQL17Af+PLKQVLcU5Y6zbxi8z9zDy8lZV/qhycKN nSRaC5SOh+aVBVN3hvRc8LkRpD1me4kWLk5uvfP4dV9yZToRCt1dZOvIFBgJOYdd ztiOTFgQCGapxv4bdvI9VRvx9bUzO8Rl2k3L32xV1gLpe9UKiQbJw5qC8SbhYqWY 8j4JA03/66hyTZqT+M6tWKtB80P2lCuYp4aoF6kcIn//5tyS4h0RgPWRTaxzmBcU p6V2m3rxDpaTyPRZxN7Q9c8JvN3ClWla1gcNdYAFsh7bnYgiOeI4cvk0vY6v312s +3gKQKsU2w+Its1gekAIEk11tlyR3SRtd/mFnk4fEzvlhkSjytAvgQ== =VL7/ -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 3 Date: Fri, 21 Dec 2012 06:32:34 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-190 : Microsoft Internet Explorer Title Element Change Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-190 : Microsoft Internet Explorer Title Element Change Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-1877 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products: Microsoft Internet Explorer 9 - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12385. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the 'onpropertychange' user callback function for the document.title. If the function changes the document in the callback function by using, for example, a document.write call, this can result in a use-after-free vulnerability. This can lead to remote code execution under the context of the program. - -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRW21VtgMGTo1scAQKc7gf+OEjWyyQYkCYucuwZivLId/up2Px3MbYR omQMFCjxijYj0rx77RRQGBcPC8ROhW6Gt9VEA+C86gi1hynG/zTEz+AA6iRxJVfp 6fUmWVL119kh6tcQml4Mz49vjz1tV9zaALpK/jv7V1EuQ7nS5oSbAi4H0M9oXmLX Fht71iOmiFvrnWj+rSZOYJ7Ctd2+DHLGrR72kYEgtU2SLm3cGgJqiEHbbjq/Y7J6 Ba2Y8mHEJKvdpx3012zJ7BrU0ZOUKRhiiibtJj1A+KAX5fwc+TS5mGMGXgTY/WVe sr7diAuRz+R1Uuv1n8ieiV3SuUNcy7NmPlvsXa4VJQsEvB7I9QQIXA== =aqcy -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 4 Date: Fri, 21 Dec 2012 06:34:41 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2011-3071 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: WebKit.Org - -- Affected Products: WebKit.Org WebKit - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12492. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library's implementation of a HTMLMedia element. After a source element is created, an attacker can catch the beforeLoad event before the element is used, and delete the element. The pointer to the source element will then be referenced causing a use-after-free condition, which can lead to code execution under the context of the application. - -- Vendor Response: WebKit.Org has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * pa_kt / twitter.com/pa_kt - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRXVlVtgMGTo1scAQL8swgAm/RnsOnH3MOpjeTII0WcvV9txZO0itaC yRlwICYXXHUUVvuSxlN8KS7P6Wmf5F0gj+VQXP647KhCxIhXZsrx+DL+aZS+Fb17 pcHGwZFhntNNPn5Gwgy8c0cZeSBVmGByU5BBDT6e3ciGpyidlAzUOga63ahOKN22 HSi4uiwHn4WX4gxpLt0Yyd14Ro1fdtqi7puUc+KGuzVtBwWypv023ubuPz/qRZ85 L9R+n+SfoCHL/o2kEHaoM3xpRQeKiAkxRCwS7SVGq8ltnckI3kkdl38t3SfxmjIQ yAsYkKbYIkZgHbFhFPfffNhBa8YSdcp4YTMjH2Cjqbrh2TElnhH7Jg== =FjqC -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 5 Date: Fri, 21 Dec 2012 06:36:00 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-192 : Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-192 : Microsoft Internet Explorer insertRow Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-1880 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products: Microsoft Internet Explorer - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12382. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles consecutive calls to insertRow. When the number of rows reaches a certain threshold the program fails to correctly relocate certain key objects. This can lead to a use-after-free vulnerability which can result in remote code execution under the context of the current process. - -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRXqlVtgMGTo1scAQIolwgAlfWawonK1BetraIK8viDhg/z4Eb5RTse hOfWDOxNdY0glskLeI1ylrtr0nXJSvj+8q5T6DcsEaz48nEdsv/ObO+d6JREzwTL 3gUJ9fUeMWZubmUmm2cKkgdenmEkK0p8EZqQ5puUpuVffeFC/f8Dn679MGlwL73v Zato0rHoJuBedfxOYsQ+UkYwre97ickYkw/dl0LMgce5IRxKROnsR3u4+yPUVOWt Vqo0zEPXKGdPUY3L/AjgowwqvOGsf0OmQESBLZi+pGhO2PxWjb5aBm+gFPBkRpNl ON1yduQfblrmsrCEHZf/od/A/r7YyLeI4dxkOGb0vR7FmBr2OcZfBA== =/GjQ -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 6 Date: Fri, 21 Dec 2012 06:37:28 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-1879 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products: Microsoft Internet Explorer - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12383. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles repeated calls to insertAdjacentText. When the size of the element reaches a certain threshold Internet Explorer fails to correctly relocate key elements. An unitialized variable in one of the function can cause memory corruption. This can lead to remote code execution under the context of the program. - -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRYAlVtgMGTo1scAQLIzwgAifwtcC6Rt0S7xdrcLHpBiw+vrM598Ccl UBkbArcNGipQLDGVgW6sC3h0gPGayQbaQsyW8J1ar6MNUWmfKnEJetAUa24ZgDWl cOATZkDyf0HYwV6a+gATJA4CVJk6cHYjf4Pn9vkguogBebsBMX3mGBLsrSfbcxQc 1tOfbV7VogCOHceFLNxVx8Ir8/rpHfbfduflYFPbSLcKgcERcLq5kGJOZkiNPRID kRs8dd6vfjEyueO5/NwyPXi9mNaDqNCYgelRCGi3xF/FjabtuV3BVbS81NDoJ8Ak O3VFfeHisnRN/ZvPs84fEdfWG5lDy5fzNgEtsTP4+zOMfws21I/7uA== =2V0z -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 7 Date: Fri, 21 Dec 2012 06:39:02 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate Event Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-1878 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Microsoft - -- Affected Products: Microsoft Internet Explorer - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12388. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Internet Explorer handles the onbeforedeactivate callback function for certain elements. During the execution of the onbeforedeactivate callback function it is possible to alter the DOM tree of the page which can lead to a use-after-free vulnerability when the function returns. This can result in remote code execution under the context of the current process. - -- Vendor Response: Microsoft has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2012-03-14 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Anonymous - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRYXVVtgMGTo1scAQIroAgAt/563d86coSO3lzRBv3abXO4+lC1IhEJ DOGYcqAPqJ7IIURCpFI6k+8CqRa6gG+HZIv7WrIyiZnya7HcC64Kb6stQjL2aaTw lrAa9J5FsuWyOW7/1UM7nfJ06EXe0splcFFNYVjdjJlNSI0RClzQNYNreLtGbDbB Gqve1qSbbGwmb8b9nxkfsgrd0nA1jNyJULfd0OLAg5WRZkoFyvKG3UXEBPPslUtH uOBG1mb8S7l0zfweTVObNQlie23ccgr9Yd97HcH8lc3fUW4W/gROgk54J4gocmZz Jk+xYyAlAa8p0ejV0Y7BY2VoBDYiYPSNH2Kz65b+ecK81BFera9xbA== =dDcB -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 8 Date: Fri, 21 Dec 2012 06:40:48 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-0928 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: RealNetworks - -- Affected Products: RealNetworks RealPlayer - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12482. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks Real Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application attempts to decode an audio sample that is encoded with the ATRAC codec. While parsing sample data, the application will explicitly trust 2-bits as a loop counter which can be used to write outside the bounds of the target buffer. This can lead to code execution under the context of the application. - -- Vendor Response: RealNetworks has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Andrzej Dyjak - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRYylVtgMGTo1scAQIvqwf+InLpJWTUfaN65tPUF5tIc5bkT3QBCEe6 tkvHCcTDLyftl1dBgXSkiy8wtCYrcDp0pWaOHYXtlRTzOxOZA4hjf2Tn66EPYVBy JPKFWnTrkHhlC6Bc/6l44LeVtV/LcygPtANr4J7FNqWfIUZ4eaV1NLqGra7tm4hJ kW/Vn8Syno9+WICi1FbV23KLeSvooRqvHtiNCKhsrKqFOyOBfSQlMO6Gp+n0j8JF Bl1XfWPEGRM6do4I/+1Sk9GuyKT6Smu8qcwT6X2334UHYfEHZLGDlHgNiAtB++XE KAamtcf8JRIMxT05hwJl8T10U5LiKucuxTr/gVT86niHTDPG2+A0Cg== =77vg -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 9 Date: Fri, 21 Dec 2012 06:42:25 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-0417 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Novell - -- Affected Products: Novell Groupwise - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12495. For further product information on the TippingPoint IPS, visit: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise. Authentication is not required to exploit this vulnerability. The flaw exists within the Groupwise Internet Agent component, specifically the optional LDAP server which listens on tcp port 389. When parsing a BER encoded parameter the specified size is used to allocate a destination buffer. A properly encoded BER chunk could cause an integer size value to wrap before buffer allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM account. - -- Vendor Response: Novell has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure - -- Disclosure Timeline: 2011-10-21 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Francis Provencher From Protek Research Lab's - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRZJlVtgMGTo1scAQK79gf+JjzJEnHzMsddv86rxWEgVxgPaHb+Ih0N 2OT1aPxDpHIDBA3hZg6iAGMuQVYj8Ot623NsLWKyAM7dpdEcaHgifW8zgThyEhdP m5eMslAOkuQ93NuqQqL4HAm0L6caNHQJ6Eqwn3Skg0UC5osJrH3SWmagLSGaiLJ1 SlfYD3CxbI/NeShIV93lSRqRXvqIf9wFsQrXNoJgw0shlJw3MBe+t4/NX5wt5fba Vo/5BtmcpHZQawOd8FMmwoggvfhkoFc5BE1nncZSSfWCpeZ1raIUAmIFwZVj4THy 91GD++j9PKHc4QYJO2FVrlA0xJqXrSehz2XSLb/z9QZeCk3S1lKBGg== =P609 -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ Message: 10 Date: Fri, 21 Dec 2012 06:43:39 -0600 From: ZDI Disclosures <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Subject: [Full-disclosure] ZDI-12-197 : Oracle Java java.beans.Statement Remote Code Execution Vulnerability To: Full Disclosure <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, BugTraq <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>>, full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk> Message-ID: <full-disclosure () lists grok org uk <mailto:full-disclosure () lists grok org uk>> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-197 : Oracle Java java.beans.Statement Remote Code Execution Vulnerability https://lists.grok.org.uk/mailman/listinfo/full-disclosure December 21, 2012 - -- CVE ID: CVE-2012-1682 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - -- Affected Vendors: Oracle - -- Affected Products: Oracle Java Runtime - -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.beans.Expression class. Due to unsafe handling of reflection of privileged classes inside the Expression class it is possible for untrusted code to gain access to privileged methods and properties. This can result in remote code execution under the context of the current process. - -- Vendor Response: Oracle has issued an update to correct this vulnerability. More details can be found at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure 15.html - -- Disclosure Timeline: 2012-07-24 - Vulnerability reported to vendor 2012-12-21 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * James Forshaw (tyranid) - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Follow the ZDI on Twitter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 10.2.0 (Build 1950) Charset: utf-8 wsBVAwUBUNRZdVVtgMGTo1scAQKYuAf8C4LTqhJ1Bk+usVtZ2mRjALe7+gTVvTk6 j/q9Zqy/XsimBYXIiJW2QRt+CJqS/9e/8M+xH14FkSmZRGhHDaVR0tZ8cTuHPopm C3XnhzIJOk9XdoA8HdHVnMmd7vACA+ILyAX4n8feDHDHqUH7eTBZ3zdILxNTidQi cZgB67wqsOtsl8shsblGivkRWzlcheIC5492M17wwCr+PgMcg9xtSp3uD7MbNsNL BSOojIqMEhEhzDZ8P2wOBcSMN1EaSAxJYhHAI+ABfdp8LZ9IJt6GfIfoyzf34GQY dE7XrJMm0BVfd6oHQaArEcH6sI6XPU7RlMVJNvXUH4XuJH9Qww/lRw== =TyDY -----END PGP SIGNATURE----- -------------- next part -------------- An HTML attachment was scrubbed... URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure ------------------------------ _______________________________________________ Full-Disclosure - We believe in it. Charter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure Hosted and sponsored by Secunia - https://lists.grok.org.uk/mailman/listinfo/full-disclosure End of Full-Disclosure Digest, Vol 94, Issue 27 *********************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: ZDI Anything bl4kjeebus121 (Dec 21)
- Re: ZDI Anything g () 1337 io (Dec 21)