[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] ZDI Anything



Ah, more of the one-third disclosures, or somewhat-disclosed-but-not-really 
disclosure best of breed pony parade i see. Does nobody else find their posts 
tedious and annoying? I prefer mustlive any day


On 12/21/12 4:43 AM full-disclosure-request@xxxxxxxxxxxxxxxxx wrote:

Send Full-Disclosure mailing list submissions to

full-disclosure@xxxxxxxxxxxxxxxxx


To subscribe or unsubscribe via the World Wide Web, visit

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

or, via email, send a message with subject or body 'help' to

full-disclosure@xxxxxxxxxxxxxxxxx


You can reach the person managing the list at

full-disclosure@xxxxxxxxxxxxxxxxx


When replying, please edit your Subject line so it is more specific
than "Re: Contents of Full-Disclosure digest..."



Note to digest recipients - when replying to digest posts, please trim your 
post appropriately. Thank you.



Today's Topics:


1. ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event
Remote Code Execution Vulnerability (ZDI Disclosures)
2. ZDI-12-189 : Oracle Java WebStart Changing System Properties
Remote Code Execution Vulnerability (ZDI Disclosures)
3. ZDI-12-190 : Microsoft Internet Explorer Title Element Change
Remote Code Execution Vulnerability (ZDI Disclosures)
4. ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code
Execution Vulnerability (ZDI Disclosures)
5. ZDI-12-192 : Microsoft Internet Explorer insertRow Remote
Code Execution Vulnerability (ZDI Disclosures)
6. ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText
Remote Code Execution Vulnerability (ZDI Disclosures)
7. ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate
Event Remote Code Execution Vulnerability (ZDI Disclosures)
8. ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding
Remote Code Execution Vulnerability (ZDI Disclosures)
9. ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote
Code Execution Vulnerability (ZDI Disclosures)
10. ZDI-12-197 : Oracle Java java.beans.Statement Remote Code
Execution Vulnerability (ZDI Disclosures)


----------------------------------------------------------------------


Message: 1
Date: Fri, 21 Dec 2012 06:29:33 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-188 : Microsoft Internet Explorer
OnRowsInserted Event Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event Remote Code
Execution Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1881


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
Microsoft


- -- Affected Products:
Microsoft Internet Explorer


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User interaction
is required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists within the way Internet Explorer handles
'onrowsinserted' callback functions for certain elements. It is possible to
alter the document DOM tree in a onrowsinserted callback function which can
lead to a use-after-free condition when the function returns. This can
result in remote code execution under the context of the current process.


- -- Vendor Response:
Microsoft states:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* Anonymous


- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRWElVtgMGTo1scAQLRbQgAqGyxowWyS6ENL3tdOoUpU3QxweD2KGcW
rrYxmRKfZxIOw8dtXe/CPLw+ANGLy8y0IfMD2JAgTwqigzjOsLvxXJx77827jjkZ
D5FvAe4CWWXSiQQlN7b+VKDldvqH18FPSMSiKW+nAX5Pi6RwnK7xMdq4f/fyj1tu
0f/N271a4PB83wICFJT8GbB3xM2CEObMs5sEYd3GAF6i0snn9DZGHF+PVdaqmFXD
scBVoqVHGW2EeePeRkGWaVJIGG2b4kV0vzFoIXeyZ5e24cJ5fmeTQPsPOtcVDRec
eA6WqHdWSRGWPYSjTU3AQUTfaVdzXZmTFet4VvtO0/a6Qq3aPDh/PQ==
=EDil
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 2
Date: Fri, 21 Dec 2012 06:31:01 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-189 : Oracle Java WebStart Changing
System Properties Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-189 : Oracle Java WebStart Changing System Properties Remote Code
Execution Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1721


- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C


- -- Affected Vendors:
Oracle


- -- Affected Products:
Oracle Java Runtime



- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Oracle Java. User interaction is required to
exploit this vulnerability in that the target must visit a malicious page
or open a malicious file.


The specific flaw exists because it is possible to change system properties
through trusted JNLP files. If a JNLP file requests "<all-permissions/>"
and only references signed, trusted JAR files, it can set all System
properties. By referencing a trusted JNLP file from an untrusted one it is
possible to change System Properties that can lead to remote code execution
under the context of the current user.



- -- Vendor Response:
Oracle has issued an update to correct this vulnerability. More details can
be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

ml



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* Chris Ries


- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRWf1VtgMGTo1scAQL17Af+PLKQVLcU5Y6zbxi8z9zDy8lZV/qhycKN
nSRaC5SOh+aVBVN3hvRc8LkRpD1me4kWLk5uvfP4dV9yZToRCt1dZOvIFBgJOYdd
ztiOTFgQCGapxv4bdvI9VRvx9bUzO8Rl2k3L32xV1gLpe9UKiQbJw5qC8SbhYqWY
8j4JA03/66hyTZqT+M6tWKtB80P2lCuYp4aoF6kcIn//5tyS4h0RgPWRTaxzmBcU
p6V2m3rxDpaTyPRZxN7Q9c8JvN3ClWla1gcNdYAFsh7bnYgiOeI4cvk0vY6v312s
+3gKQKsU2w+Its1gekAIEk11tlyR3SRtd/mFnk4fEzvlhkSjytAvgQ==
=VL7/
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 3
Date: Fri, 21 Dec 2012 06:32:34 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-190 : Microsoft Internet Explorer
Title Element Change Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-190 : Microsoft Internet Explorer Title Element Change Remote Code
Execution Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1877


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
Microsoft


- -- Affected Products:
Microsoft Internet Explorer 9



- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12385.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User interaction
is required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists in the 'onpropertychange' user callback function
for the document.title. If the function changes the document in the
callback function by using, for example, a document.write call, this can
result in a use-after-free vulnerability. This can lead to remote code
execution under the context of the program.


- -- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details
can be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* Anonymous


- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRW21VtgMGTo1scAQKc7gf+OEjWyyQYkCYucuwZivLId/up2Px3MbYR
omQMFCjxijYj0rx77RRQGBcPC8ROhW6Gt9VEA+C86gi1hynG/zTEz+AA6iRxJVfp
6fUmWVL119kh6tcQml4Mz49vjz1tV9zaALpK/jv7V1EuQ7nS5oSbAi4H0M9oXmLX
Fht71iOmiFvrnWj+rSZOYJ7Ctd2+DHLGrR72kYEgtU2SLm3cGgJqiEHbbjq/Y7J6
Ba2Y8mHEJKvdpx3012zJ7BrU0ZOUKRhiiibtJj1A+KAX5fwc+TS5mGMGXgTY/WVe
sr7diAuRz+R1Uuv1n8ieiV3SuUNcy7NmPlvsXa4VJQsEvB7I9QQIXA==
=aqcy
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 4
Date: Fri, 21 Dec 2012 06:34:41 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-191 : Webkit HTMLMedia Element
beforeLoad Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution
Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2011-3071


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
WebKit.Org



- -- Affected Products:
WebKit.Org WebKit


- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12492.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Apple Safari Webkit. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists within the library's implementation of a HTMLMedia
element. After a source element is created, an attacker can catch the
beforeLoad event before the element is used, and delete the element. The
pointer to the source element will then be referenced causing a
use-after-free condition, which can lead to code execution under the
context of the application.


- -- Vendor Response:
WebKit.Org has issued an update to correct this vulnerability. More details
can be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* pa_kt / twitter.com/pa_kt



- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRXVlVtgMGTo1scAQL8swgAm/RnsOnH3MOpjeTII0WcvV9txZO0itaC
yRlwICYXXHUUVvuSxlN8KS7P6Wmf5F0gj+VQXP647KhCxIhXZsrx+DL+aZS+Fb17
pcHGwZFhntNNPn5Gwgy8c0cZeSBVmGByU5BBDT6e3ciGpyidlAzUOga63ahOKN22
HSi4uiwHn4WX4gxpLt0Yyd14Ro1fdtqi7puUc+KGuzVtBwWypv023ubuPz/qRZ85
L9R+n+SfoCHL/o2kEHaoM3xpRQeKiAkxRCwS7SVGq8ltnckI3kkdl38t3SfxmjIQ
yAsYkKbYIkZgHbFhFPfffNhBa8YSdcp4YTMjH2Cjqbrh2TElnhH7Jg==
=FjqC
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 5
Date: Fri, 21 Dec 2012 06:36:00 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-192 : Microsoft Internet Explorer
insertRow Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-192 : Microsoft Internet Explorer insertRow Remote Code Execution
Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1880


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
Microsoft


- -- Affected Products:
Microsoft Internet Explorer



- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12382.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User interaction
is required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists within the way Internet Explorer handles
consecutive calls to insertRow. When the number of rows reaches a certain
threshold the program fails to correctly relocate certain key objects. This
can lead to a use-after-free vulnerability which can result in remote code
execution under the context of the current process.


- -- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details
can be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* Anonymous



- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRXqlVtgMGTo1scAQIolwgAlfWawonK1BetraIK8viDhg/z4Eb5RTse
hOfWDOxNdY0glskLeI1ylrtr0nXJSvj+8q5T6DcsEaz48nEdsv/ObO+d6JREzwTL
3gUJ9fUeMWZubmUmm2cKkgdenmEkK0p8EZqQ5puUpuVffeFC/f8Dn679MGlwL73v
Zato0rHoJuBedfxOYsQ+UkYwre97ickYkw/dl0LMgce5IRxKROnsR3u4+yPUVOWt
Vqo0zEPXKGdPUY3L/AjgowwqvOGsf0OmQESBLZi+pGhO2PxWjb5aBm+gFPBkRpNl
ON1yduQfblrmsrCEHZf/od/A/r7YyLeI4dxkOGb0vR7FmBr2OcZfBA==
=/GjQ
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 6
Date: Fri, 21 Dec 2012 06:37:28 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-193 : Microsoft Internet Explorer
insertAdjacentText Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText Remote Code
Execution Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1879


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
Microsoft



- -- Affected Products:
Microsoft Internet Explorer



- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12383.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User interaction
is required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists within the way Internet Explorer handles repeated
calls to insertAdjacentText. When the size of the element reaches a certain
threshold Internet Explorer fails to correctly relocate key elements. An
unitialized variable in one of the function can cause memory corruption.
This can lead to remote code execution under the context of the program.


- -- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details
can be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory



- -- Credit:
This vulnerability was discovered by:
* Anonymous


- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRYAlVtgMGTo1scAQLIzwgAifwtcC6Rt0S7xdrcLHpBiw+vrM598Ccl
UBkbArcNGipQLDGVgW6sC3h0gPGayQbaQsyW8J1ar6MNUWmfKnEJetAUa24ZgDWl
cOATZkDyf0HYwV6a+gATJA4CVJk6cHYjf4Pn9vkguogBebsBMX3mGBLsrSfbcxQc
1tOfbV7VogCOHceFLNxVx8Ir8/rpHfbfduflYFPbSLcKgcERcLq5kGJOZkiNPRID
kRs8dd6vfjEyueO5/NwyPXi9mNaDqNCYgelRCGi3xF/FjabtuV3BVbS81NDoJ8Ak
O3VFfeHisnRN/ZvPs84fEdfWG5lDy5fzNgEtsTP4+zOMfws21I/7uA==
=2V0z
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 7
Date: Fri, 21 Dec 2012 06:39:02 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-194 : Microsoft Internet Explorer
OnBeforeDeactivate Event Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate Event Remote
Code Execution Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1878


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
Microsoft


- -- Affected Products:
Microsoft Internet Explorer



- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12388.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User interaction
is required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists within the way Internet Explorer handles the
onbeforedeactivate callback function for certain elements. During the
execution of the onbeforedeactivate callback function it is possible to
alter the DOM tree of the page which can lead to a use-after-free
vulnerability when the function returns. This can result in remote code
execution under the context of the current process.


- -- Vendor Response:
Microsoft has issued an update to correct this vulnerability. More details
can be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* Anonymous



- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRYXVVtgMGTo1scAQIroAgAt/563d86coSO3lzRBv3abXO4+lC1IhEJ
DOGYcqAPqJ7IIURCpFI6k+8CqRa6gG+HZIv7WrIyiZnya7HcC64Kb6stQjL2aaTw
lrAa9J5FsuWyOW7/1UM7nfJ06EXe0splcFFNYVjdjJlNSI0RClzQNYNreLtGbDbB
Gqve1qSbbGwmb8b9nxkfsgrd0nA1jNyJULfd0OLAg5WRZkoFyvKG3UXEBPPslUtH
uOBG1mb8S7l0zfweTVObNQlie23ccgr9Yd97HcH8lc3fUW4W/gROgk54J4gocmZz
Jk+xYyAlAa8p0ejV0Y7BY2VoBDYiYPSNH2Kz65b+ecK81BFera9xbA==
=dDcB
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 8
Date: Fri, 21 Dec 2012 06:40:48 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-195 : RealNetworks RealPlayer ATRAC
Sample Decoding Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding Remote Code
Execution Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-0928


- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P


- -- Affected Vendors:
RealNetworks


- -- Affected Products:
RealNetworks RealPlayer



- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12482.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of RealNetworks Real Player. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page or open a malicious file.


The specific flaw exists when the application attempts to decode an audio
sample that is encoded with the ATRAC codec. While parsing sample data, the
application will explicitly trust 2-bits as a loop counter which can be
used to write outside the bounds of the target buffer. This can lead to
code execution under the context of the application.


- -- Vendor Response:
RealNetworks has issued an update to correct this vulnerability. More
details can be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2011-10-28 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory



- -- Credit:
This vulnerability was discovered by:
* Andrzej Dyjak



- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRYylVtgMGTo1scAQIvqwf+InLpJWTUfaN65tPUF5tIc5bkT3QBCEe6
tkvHCcTDLyftl1dBgXSkiy8wtCYrcDp0pWaOHYXtlRTzOxOZA4hjf2Tn66EPYVBy
JPKFWnTrkHhlC6Bc/6l44LeVtV/LcygPtANr4J7FNqWfIUZ4eaV1NLqGra7tm4hJ
kW/Vn8Syno9+WICi1FbV23KLeSvooRqvHtiNCKhsrKqFOyOBfSQlMO6Gp+n0j8JF
Bl1XfWPEGRM6do4I/+1Sk9GuyKT6Smu8qcwT6X2334UHYfEHZLGDlHgNiAtB++XE
KAamtcf8JRIMxT05hwJl8T10U5LiKucuxTr/gVT86niHTDPG2+A0Cg==
=77vg
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 9
Date: Fri, 21 Dec 2012 06:42:25 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-196 : Novell Groupwise GWIA
ber_get_stringa Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote Code Execution
Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-0417


- -- CVSS:
10, AV:N/AC:L/Au:N/C:C/I:C/A:C


- -- Affected Vendors:
Novell


- -- Affected Products:
Novell Groupwise



- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12495.
For further product information on the TippingPoint IPS, visit:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Novell Groupwise. Authentication is not
required to exploit this vulnerability.


The flaw exists within the Groupwise Internet Agent component, specifically
the optional LDAP server which listens on tcp port 389. When parsing a BER
encoded parameter the specified size is used to allocate a destination
buffer. A properly encoded BER chunk could cause an integer size value to
wrap before buffer allocation. A remote attacker can exploit this
vulnerability to execute arbitrary code under the context of the SYSTEM
account.


- -- Vendor Response:


Novell has issued an update to correct this vulnerability. More details can
be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure



- -- Disclosure Timeline:
2011-10-21 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* Francis Provencher From Protek Research Lab's


- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRZJlVtgMGTo1scAQK79gf+JjzJEnHzMsddv86rxWEgVxgPaHb+Ih0N
2OT1aPxDpHIDBA3hZg6iAGMuQVYj8Ot623NsLWKyAM7dpdEcaHgifW8zgThyEhdP
m5eMslAOkuQ93NuqQqL4HAm0L6caNHQJ6Eqwn3Skg0UC5osJrH3SWmagLSGaiLJ1
SlfYD3CxbI/NeShIV93lSRqRXvqIf9wFsQrXNoJgw0shlJw3MBe+t4/NX5wt5fba
Vo/5BtmcpHZQawOd8FMmwoggvfhkoFc5BE1nncZSSfWCpeZ1raIUAmIFwZVj4THy
91GD++j9PKHc4QYJO2FVrlA0xJqXrSehz2XSLb/z9QZeCk3S1lKBGg==
=P609
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------


Message: 10
Date: Fri, 21 Dec 2012 06:43:39 -0600
From: ZDI Disclosures <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] ZDI-12-197 : Oracle Java
java.beans.Statement Remote Code Execution Vulnerability
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, BugTraq
<full-disclosure@xxxxxxxxxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Message-ID: <full-disclosure@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


ZDI-12-197 : Oracle Java java.beans.Statement Remote Code Execution
Vulnerability

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

December 21, 2012


- -- CVE ID:
CVE-2012-1682


- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C


- -- Affected Vendors:
Oracle


- -- Affected Products:
Oracle Java Runtime


- -- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Oracle Java. User interaction is required to
exploit this vulnerability in that the target must visit a malicious page
or open a malicious file.


The specific flaw exists within the java.beans.Expression class. Due to
unsafe handling of reflection of privileged classes inside the Expression
class it is possible for untrusted code to gain access to privileged
methods and properties. This can result in remote code execution under the
context of the current process.


- -- Vendor Response:
Oracle has issued an update to correct this vulnerability. More details can
be found at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure

15.html



- -- Disclosure Timeline:
2012-07-24 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory


- -- Credit:
This vulnerability was discovered by:
* James Forshaw (tyranid)



- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.


Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.


Our vulnerability disclosure policy is available online at:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


Follow the ZDI on Twitter:

https://lists.grok.org.uk/mailman/listinfo/full-disclosure


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8


wsBVAwUBUNRZdVVtgMGTo1scAQKYuAf8C4LTqhJ1Bk+usVtZ2mRjALe7+gTVvTk6
j/q9Zqy/XsimBYXIiJW2QRt+CJqS/9e/8M+xH14FkSmZRGhHDaVR0tZ8cTuHPopm
C3XnhzIJOk9XdoA8HdHVnMmd7vACA+ILyAX4n8feDHDHqUH7eTBZ3zdILxNTidQi
cZgB67wqsOtsl8shsblGivkRWzlcheIC5492M17wwCr+PgMcg9xtSp3uD7MbNsNL
BSOojIqMEhEhzDZ8P2wOBcSMN1EaSAxJYhHAI+ABfdp8LZ9IJt6GfIfoyzf34GQY
dE7XrJMm0BVfd6oHQaArEcH6sI6XPU7RlMVJNvXUH4XuJH9Qww/lRw==
=TyDY
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure

------------------------------

_______________________________________________

Full-Disclosure - We believe in it.
Charter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
Hosted and sponsored by Secunia - 
https://lists.grok.org.uk/mailman/listinfo/full-disclosure


End of Full-Disclosure Digest, Vol 94, Issue 27

***********************************************



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/