I am sure this will be on the news soon, but it looks like a slew of
security problems on windows were reported lately (I was going to
write a ripping blog, but I windows guys on this list may want to
know). There is also a firefox one (I think it's a new one) - The DLL
(any) are a bit concerning...
21. Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer in
the procesing of URLs in Channel Definition Format (CDF) files. A
remote user can cause scripting code to be executed in an arbitrary
security zone.
Impact: Disclosure of user information
Alert: http://securitytracker.com/alerts/2005/Feb/1013126.html
22. Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer in
the processing of DHTML methods. A remote user can cause arbitrary
code to be executed on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013125.html
23. Microsoft Internet Explorer (IE)
Vendor: Microsoft
A vulnerability was reported in Microsoft Internet Explorer in
the processing of certain encoded URLs. A remote user can spoof a
link to a different web site and cause scripting code to be
executed in an arbitrary security zone.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Feb/1013124.html
24. Windows DLL (Any)
Vendor: Microsoft
Two vulnerabilities were reported in Microsoft Windows. A
remote user can execute arbitrary code on the target system. A
remote authenticated user can gain elevated privileges. Microsoft
Exchange Server, Microsoft Office, and other applications that use
OLE are also affected.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013120.html
25. Microsoft Hyperlink Object Library
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows Hyperlink
Object Library. A remote user can cause arbitrary code to be
executed on the target system with the privileges of the target user.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013119.html
26. Microsoft License Logging Service
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows License
Logging Service. A remote user can execute arbitrary code on the
target system with System level privileges or cause the License
Logging Service to crash.
Impact: Denial of service via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013117.html
27. Windows Media Player
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows Media Player
in the processing of PNG files. A remote user can execute
arbitrary code on the target user's system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013115.html
28. Windows Server Message Block
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows Server
Message Block (SMB). A remote user can execute arbitrary code on
the target system with System level privileges
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013114.html
29. Windows DLL (Any)
Vendor: Microsoft
A vulnerability was reported in Microsoft Windows XP in the
processing of named pipes. A remote user can determine certain
usernames on the target system.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Feb/1013112.html
30. Microsoft SharePoint
Vendor: Microsoft
An input validation vulnerability was reported in Microsoft
Windows SharePoint Services and SharePoint Team Services. A remote
user can conduct cross-site scripting attacks and spoofing attacks.
Impact: Disclosure of authentication information
Alert: http://securitytracker.com/alerts/2005/Feb/1013111.html
31. Microsoft Office
Vendor: Microsoft
A vulnerability was reported in Microsoft Office XP. A remote
user can cause arbitrary code to be executed on the target system.
Impact: Execution of arbitrary code via network
Alert: http://securitytracker.com/alerts/2005/Feb/1013110.html
+========== FIREFOX =============+
32. Mozilla Firefox
Vendor: Mozilla.org
Michael Krax reported several vulnerabilities in Mozilla
Firefox. A remote user may be able to cause a target user to
execute arbitrary operating system commands in certain situations.
A remote user may be able to access content from other windows,
including the 'about:config' settings.
Impact: Disclosure of system information
Alert: http://securitytracker.com/alerts/2005/Feb/1013108.html
35. Mozilla Firefox
Vendor: Mozilla.org
A vulnerability was reported in Mozilla Firefox in the
'run-mozilla.sh' script. A local user may be able to obtain
elevated privileges.
Impact: Modification of system information
Alert: http://securitytracker.com/alerts/2005/Feb/1013105.html
+=========== LINUX ==========+
I like how the only linux one was process a windows file system hehehehe
46. Linux Kernel
Vendor: kernel.org
A vulnerability was reported in the Linux kernel in the
processing of NTFS file system errors. A user may be able to cause
denial of service conditions.
Impact: Denial of service via local system
Alert: http://securitytracker.com/alerts/2005/Feb/1013094.html
--
~Blog~
http://www.robrohan.com
~The cfml plug-in for eclipse~
http://cfeclipse.tigris.org
~open source xslt IDE~
http://treebeard.sourceforge.net
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble
Ticket application
http://www.houseoffusion.com/banners/view.cfm?bannerid=48
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:194531
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
