# grep ZDI header_checks /^From:.*tippingpoint.com.*/ REJECT ZDI SPAM On 12/21/12 6:21 AM, [email protected] wrote: > Ah, more of the one-third disclosures, or > somewhat-disclosed-but-not-really disclosure best of breed pony parade i > see. Does nobody else find their posts tedious and annoying? I prefer > mustlive any day > > > On 12/21/12 4:43 AM [email protected] wrote: > > Send Full-Disclosure mailing list submissions to > [email protected] <mailto:[email protected]> > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > or, via email, send a message with subject or body 'help' to > [email protected] <mailto:[email protected]> > > You can reach the person managing the list at > [email protected] <mailto:[email protected]> > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Full-Disclosure digest..." > > > Note to digest recipients - when replying to digest posts, please trim > your post appropriately. Thank you. > > > Today's Topics: > > 1. ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event > Remote Code Execution Vulnerability (ZDI Disclosures) > 2. ZDI-12-189 : Oracle Java WebStart Changing System Properties > Remote Code Execution Vulnerability (ZDI Disclosures) > 3. ZDI-12-190 : Microsoft Internet Explorer Title Element Change > Remote Code Execution Vulnerability (ZDI Disclosures) > 4. ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code > Execution Vulnerability (ZDI Disclosures) > 5. ZDI-12-192 : Microsoft Internet Explorer insertRow Remote > Code Execution Vulnerability (ZDI Disclosures) > 6. ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText > Remote Code Execution Vulnerability (ZDI Disclosures) > 7. ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate > Event Remote Code Execution Vulnerability (ZDI Disclosures) > 8. ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding > Remote Code Execution Vulnerability (ZDI Disclosures) > 9. ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote > Code Execution Vulnerability (ZDI Disclosures) > 10. ZDI-12-197 : Oracle Java java.beans.Statement Remote Code > Execution Vulnerability (ZDI Disclosures) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 21 Dec 2012 06:29:33 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-188 : Microsoft Internet Explorer > OnRowsInserted Event Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>> > Cc: [email protected] > <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event Remote Code > Execution Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > -- CVE ID: > CVE-2012-1881 > > -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > -- Affected Vendors: > Microsoft > > -- Affected Products: > Microsoft Internet Explorer > > -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Microsoft Internet Explorer. User interaction > is required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the way Internet Explorer handles > 'onrowsinserted' callback functions for certain elements. It is possible to > alter the document DOM tree in a onrowsinserted callback function which can > lead to a use-after-free condition when the function returns. This can > result in remote code execution under the context of the current process. > > -- Vendor Response: > Microsoft states: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > -- Credit: > This vulnerability was discovered by: > * Anonymous > > -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 2 > Date: Fri, 21 Dec 2012 06:31:01 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-189 : Oracle Java WebStart Changing > System Properties Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-189 : Oracle Java WebStart Changing System Properties Remote Code > Execution Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-1721 > > - -- CVSS: > 9, AV:N/AC:L/Au:N/C:P/I:P/A:C > > - -- Affected Vendors: > Oracle > > - -- Affected Products: > Oracle Java Runtime > > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Oracle Java. User interaction is required to > exploit this vulnerability in that the target must visit a malicious page > or open a malicious file. > > The specific flaw exists because it is possible to change system properties > through trusted JNLP files. If a JNLP file requests "<all-permissions/>" > and only references signed, trusted JAR files, it can set all System > properties. By referencing a trusted JNLP file from an untrusted one it is > possible to change System Properties that can lead to remote code execution > under the context of the current user. > > > - -- Vendor Response: > Oracle has issued an update to correct this vulnerability. More details can > be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > ml > > > - -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * Chris Ries > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRWf1VtgMGTo1scAQL17Af+PLKQVLcU5Y6zbxi8z9zDy8lZV/qhycKN > nSRaC5SOh+aVBVN3hvRc8LkRpD1me4kWLk5uvfP4dV9yZToRCt1dZOvIFBgJOYdd > ztiOTFgQCGapxv4bdvI9VRvx9bUzO8Rl2k3L32xV1gLpe9UKiQbJw5qC8SbhYqWY > 8j4JA03/66hyTZqT+M6tWKtB80P2lCuYp4aoF6kcIn//5tyS4h0RgPWRTaxzmBcU > p6V2m3rxDpaTyPRZxN7Q9c8JvN3ClWla1gcNdYAFsh7bnYgiOeI4cvk0vY6v312s > +3gKQKsU2w+Its1gekAIEk11tlyR3SRtd/mFnk4fEzvlhkSjytAvgQ== > =VL7/ > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 3 > Date: Fri, 21 Dec 2012 06:32:34 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-190 : Microsoft Internet Explorer > Title Element Change Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-190 : Microsoft Internet Explorer Title Element Change Remote Code > Execution Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-1877 > > - -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > - -- Affected Vendors: > Microsoft > > - -- Affected Products: > Microsoft Internet Explorer 9 > > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12385. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Microsoft Internet Explorer. User interaction > is required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists in the 'onpropertychange' user callback function > for the document.title. If the function changes the document in the > callback function by using, for example, a document.write call, this can > result in a use-after-free vulnerability. This can lead to remote code > execution under the context of the program. > > - -- Vendor Response: > Microsoft has issued an update to correct this vulnerability. More details > can be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * Anonymous > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRW21VtgMGTo1scAQKc7gf+OEjWyyQYkCYucuwZivLId/up2Px3MbYR > omQMFCjxijYj0rx77RRQGBcPC8ROhW6Gt9VEA+C86gi1hynG/zTEz+AA6iRxJVfp > 6fUmWVL119kh6tcQml4Mz49vjz1tV9zaALpK/jv7V1EuQ7nS5oSbAi4H0M9oXmLX > Fht71iOmiFvrnWj+rSZOYJ7Ctd2+DHLGrR72kYEgtU2SLm3cGgJqiEHbbjq/Y7J6 > Ba2Y8mHEJKvdpx3012zJ7BrU0ZOUKRhiiibtJj1A+KAX5fwc+TS5mGMGXgTY/WVe > sr7diAuRz+R1Uuv1n8ieiV3SuUNcy7NmPlvsXa4VJQsEvB7I9QQIXA== > =aqcy > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 4 > Date: Fri, 21 Dec 2012 06:34:41 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-191 : Webkit HTMLMedia Element > beforeLoad Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution > Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2011-3071 > > - -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > - -- Affected Vendors: > WebKit.Org > > > - -- Affected Products: > WebKit.Org WebKit > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12492. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Apple Safari Webkit. User interaction is > required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the library's implementation of a HTMLMedia > element. After a source element is created, an attacker can catch the > beforeLoad event before the element is used, and delete the element. The > pointer to the source element will then be referenced causing a > use-after-free condition, which can lead to code execution under the > context of the application. > > - -- Vendor Response: > WebKit.Org has issued an update to correct this vulnerability. More details > can be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * pa_kt / twitter.com/pa_kt > > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRXVlVtgMGTo1scAQL8swgAm/RnsOnH3MOpjeTII0WcvV9txZO0itaC > yRlwICYXXHUUVvuSxlN8KS7P6Wmf5F0gj+VQXP647KhCxIhXZsrx+DL+aZS+Fb17 > pcHGwZFhntNNPn5Gwgy8c0cZeSBVmGByU5BBDT6e3ciGpyidlAzUOga63ahOKN22 > HSi4uiwHn4WX4gxpLt0Yyd14Ro1fdtqi7puUc+KGuzVtBwWypv023ubuPz/qRZ85 > L9R+n+SfoCHL/o2kEHaoM3xpRQeKiAkxRCwS7SVGq8ltnckI3kkdl38t3SfxmjIQ > yAsYkKbYIkZgHbFhFPfffNhBa8YSdcp4YTMjH2Cjqbrh2TElnhH7Jg== > =FjqC > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 5 > Date: Fri, 21 Dec 2012 06:36:00 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-192 : Microsoft Internet Explorer > insertRow Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-192 : Microsoft Internet Explorer insertRow Remote Code Execution > Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-1880 > > - -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > - -- Affected Vendors: > Microsoft > > - -- Affected Products: > Microsoft Internet Explorer > > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12382. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Microsoft Internet Explorer. User interaction > is required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the way Internet Explorer handles > consecutive calls to insertRow. When the number of rows reaches a certain > threshold the program fails to correctly relocate certain key objects. This > can lead to a use-after-free vulnerability which can result in remote code > execution under the context of the current process. > > - -- Vendor Response: > Microsoft has issued an update to correct this vulnerability. More details > can be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * Anonymous > > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRXqlVtgMGTo1scAQIolwgAlfWawonK1BetraIK8viDhg/z4Eb5RTse > hOfWDOxNdY0glskLeI1ylrtr0nXJSvj+8q5T6DcsEaz48nEdsv/ObO+d6JREzwTL > 3gUJ9fUeMWZubmUmm2cKkgdenmEkK0p8EZqQ5puUpuVffeFC/f8Dn679MGlwL73v > Zato0rHoJuBedfxOYsQ+UkYwre97ickYkw/dl0LMgce5IRxKROnsR3u4+yPUVOWt > Vqo0zEPXKGdPUY3L/AjgowwqvOGsf0OmQESBLZi+pGhO2PxWjb5aBm+gFPBkRpNl > ON1yduQfblrmsrCEHZf/od/A/r7YyLeI4dxkOGb0vR7FmBr2OcZfBA== > =/GjQ > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 6 > Date: Fri, 21 Dec 2012 06:37:28 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-193 : Microsoft Internet Explorer > insertAdjacentText Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText Remote Code > Execution Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-1879 > > - -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > - -- Affected Vendors: > Microsoft > > > - -- Affected Products: > Microsoft Internet Explorer > > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12383. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Microsoft Internet Explorer. User interaction > is required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the way Internet Explorer handles repeated > calls to insertAdjacentText. When the size of the element reaches a certain > threshold Internet Explorer fails to correctly relocate key elements. An > unitialized variable in one of the function can cause memory corruption. > This can lead to remote code execution under the context of the program. > > - -- Vendor Response: > Microsoft has issued an update to correct this vulnerability. More details > can be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > > - -- Credit: > This vulnerability was discovered by: > * Anonymous > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRYAlVtgMGTo1scAQLIzwgAifwtcC6Rt0S7xdrcLHpBiw+vrM598Ccl > UBkbArcNGipQLDGVgW6sC3h0gPGayQbaQsyW8J1ar6MNUWmfKnEJetAUa24ZgDWl > cOATZkDyf0HYwV6a+gATJA4CVJk6cHYjf4Pn9vkguogBebsBMX3mGBLsrSfbcxQc > 1tOfbV7VogCOHceFLNxVx8Ir8/rpHfbfduflYFPbSLcKgcERcLq5kGJOZkiNPRID > kRs8dd6vfjEyueO5/NwyPXi9mNaDqNCYgelRCGi3xF/FjabtuV3BVbS81NDoJ8Ak > O3VFfeHisnRN/ZvPs84fEdfWG5lDy5fzNgEtsTP4+zOMfws21I/7uA== > =2V0z > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 7 > Date: Fri, 21 Dec 2012 06:39:02 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-194 : Microsoft Internet Explorer > OnBeforeDeactivate Event Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate Event Remote > Code Execution Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-1878 > > - -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > - -- Affected Vendors: > Microsoft > > - -- Affected Products: > Microsoft Internet Explorer > > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12388. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Microsoft Internet Explorer. User interaction > is required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists within the way Internet Explorer handles the > onbeforedeactivate callback function for certain elements. During the > execution of the onbeforedeactivate callback function it is possible to > alter the DOM tree of the page which can lead to a use-after-free > vulnerability when the function returns. This can result in remote code > execution under the context of the current process. > > - -- Vendor Response: > Microsoft has issued an update to correct this vulnerability. More details > can be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2012-03-14 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * Anonymous > > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRYXVVtgMGTo1scAQIroAgAt/563d86coSO3lzRBv3abXO4+lC1IhEJ > DOGYcqAPqJ7IIURCpFI6k+8CqRa6gG+HZIv7WrIyiZnya7HcC64Kb6stQjL2aaTw > lrAa9J5FsuWyOW7/1UM7nfJ06EXe0splcFFNYVjdjJlNSI0RClzQNYNreLtGbDbB > Gqve1qSbbGwmb8b9nxkfsgrd0nA1jNyJULfd0OLAg5WRZkoFyvKG3UXEBPPslUtH > uOBG1mb8S7l0zfweTVObNQlie23ccgr9Yd97HcH8lc3fUW4W/gROgk54J4gocmZz > Jk+xYyAlAa8p0ejV0Y7BY2VoBDYiYPSNH2Kz65b+ecK81BFera9xbA== > =dDcB > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 8 > Date: Fri, 21 Dec 2012 06:40:48 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-195 : RealNetworks RealPlayer ATRAC > Sample Decoding Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding Remote Code > Execution Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-0928 > > - -- CVSS: > 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P > > - -- Affected Vendors: > RealNetworks > > - -- Affected Products: > RealNetworks RealPlayer > > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12482. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of RealNetworks Real Player. User interaction is > required to exploit this vulnerability in that the target must visit a > malicious page or open a malicious file. > > The specific flaw exists when the application attempts to decode an audio > sample that is encoded with the ATRAC codec. While parsing sample data, the > application will explicitly trust 2-bits as a loop counter which can be > used to write outside the bounds of the target buffer. This can lead to > code execution under the context of the application. > > - -- Vendor Response: > RealNetworks has issued an update to correct this vulnerability. More > details can be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2011-10-28 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > > - -- Credit: > This vulnerability was discovered by: > * Andrzej Dyjak > > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRYylVtgMGTo1scAQIvqwf+InLpJWTUfaN65tPUF5tIc5bkT3QBCEe6 > tkvHCcTDLyftl1dBgXSkiy8wtCYrcDp0pWaOHYXtlRTzOxOZA4hjf2Tn66EPYVBy > JPKFWnTrkHhlC6Bc/6l44LeVtV/LcygPtANr4J7FNqWfIUZ4eaV1NLqGra7tm4hJ > kW/Vn8Syno9+WICi1FbV23KLeSvooRqvHtiNCKhsrKqFOyOBfSQlMO6Gp+n0j8JF > Bl1XfWPEGRM6do4I/+1Sk9GuyKT6Smu8qcwT6X2334UHYfEHZLGDlHgNiAtB++XE > KAamtcf8JRIMxT05hwJl8T10U5LiKucuxTr/gVT86niHTDPG2+A0Cg== > =77vg > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 9 > Date: Fri, 21 Dec 2012 06:42:25 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-196 : Novell Groupwise GWIA > ber_get_stringa Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote Code Execution > Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-0417 > > - -- CVSS: > 10, AV:N/AC:L/Au:N/C:C/I:C/A:C > > - -- Affected Vendors: > Novell > > - -- Affected Products: > Novell Groupwise > > > - -- TippingPoint(TM) IPS Customer Protection: > TippingPoint IPS customers have been protected against this > vulnerability by Digital Vaccine protection filter ID 12495. > For further product information on the TippingPoint IPS, visit: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Novell Groupwise. Authentication is not > required to exploit this vulnerability. > > The flaw exists within the Groupwise Internet Agent component, specifically > the optional LDAP server which listens on tcp port 389. When parsing a BER > encoded parameter the specified size is used to allocate a destination > buffer. A properly encoded BER chunk could cause an integer size value to > wrap before buffer allocation. A remote attacker can exploit this > vulnerability to execute arbitrary code under the context of the SYSTEM > account. > > - -- Vendor Response: > > Novell has issued an update to correct this vulnerability. More details can > be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > > - -- Disclosure Timeline: > 2011-10-21 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * Francis Provencher From Protek Research Lab's > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRZJlVtgMGTo1scAQK79gf+JjzJEnHzMsddv86rxWEgVxgPaHb+Ih0N > 2OT1aPxDpHIDBA3hZg6iAGMuQVYj8Ot623NsLWKyAM7dpdEcaHgifW8zgThyEhdP > m5eMslAOkuQ93NuqQqL4HAm0L6caNHQJ6Eqwn3Skg0UC5osJrH3SWmagLSGaiLJ1 > SlfYD3CxbI/NeShIV93lSRqRXvqIf9wFsQrXNoJgw0shlJw3MBe+t4/NX5wt5fba > Vo/5BtmcpHZQawOd8FMmwoggvfhkoFc5BE1nncZSSfWCpeZ1raIUAmIFwZVj4THy > 91GD++j9PKHc4QYJO2FVrlA0xJqXrSehz2XSLb/z9QZeCk3S1lKBGg== > =P609 > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > Message: 10 > Date: Fri, 21 Dec 2012 06:43:39 -0600 > From: ZDI Disclosures <[email protected] > <mailto:[email protected]>> > Subject: [Full-disclosure] ZDI-12-197 : Oracle Java > java.beans.Statement Remote Code Execution Vulnerability > To: Full Disclosure <[email protected] > <mailto:[email protected]>>, BugTraq > <[email protected] > <mailto:[email protected]>>, > [email protected] <mailto:[email protected]> > Message-ID: <[email protected] > <mailto:[email protected]>> > Content-Type: text/plain; charset="iso-8859-1" > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ZDI-12-197 : Oracle Java java.beans.Statement Remote Code Execution > Vulnerability > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > December 21, 2012 > > - -- CVE ID: > CVE-2012-1682 > > - -- CVSS: > 9, AV:N/AC:L/Au:N/C:P/I:P/A:C > > - -- Affected Vendors: > Oracle > > - -- Affected Products: > Oracle Java Runtime > > - -- Vulnerability Details: > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Oracle Java. User interaction is required to > exploit this vulnerability in that the target must visit a malicious page > or open a malicious file. > > The specific flaw exists within the java.beans.Expression class. Due to > unsafe handling of reflection of privileged classes inside the Expression > class it is possible for untrusted code to gain access to privileged > methods and properties. This can result in remote code execution under the > context of the current process. > > - -- Vendor Response: > Oracle has issued an update to correct this vulnerability. More details can > be found at: > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > 15.html > > > - -- Disclosure Timeline: > 2012-07-24 - Vulnerability reported to vendor > 2012-12-21 - Coordinated public release of advisory > > - -- Credit: > This vulnerability was discovered by: > * James Forshaw (tyranid) > > > - -- About the Zero Day Initiative (ZDI): > Established by TippingPoint, The Zero Day Initiative (ZDI) represents > a best-of-breed model for rewarding security researchers for responsibly > disclosing discovered vulnerabilities. > > Researchers interested in getting paid for their security research > through the ZDI can find more information and sign-up at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > The ZDI is unique in how the acquired vulnerability information is > used. TippingPoint does not re-sell the vulnerability details or any > exploit code. Instead, upon notifying the affected product vendor, > TippingPoint provides its customers with zero day protection through > its intrusion prevention technology. Explicit details regarding the > specifics of the vulnerability are not exposed to any parties until > an official vendor patch is publicly available. Furthermore, with the > altruistic aim of helping to secure a broader user base, TippingPoint > provides this vulnerability information confidentially to security > vendors (including competitors) who have a vulnerability protection or > mitigation product. > > Our vulnerability disclosure policy is available online at: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > Follow the ZDI on Twitter: > > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 10.2.0 (Build 1950) > Charset: utf-8 > > wsBVAwUBUNRZdVVtgMGTo1scAQKYuAf8C4LTqhJ1Bk+usVtZ2mRjALe7+gTVvTk6 > j/q9Zqy/XsimBYXIiJW2QRt+CJqS/9e/8M+xH14FkSmZRGhHDaVR0tZ8cTuHPopm > C3XnhzIJOk9XdoA8HdHVnMmd7vACA+ILyAX4n8feDHDHqUH7eTBZ3zdILxNTidQi > cZgB67wqsOtsl8shsblGivkRWzlcheIC5492M17wwCr+PgMcg9xtSp3uD7MbNsNL > BSOojIqMEhEhzDZ8P2wOBcSMN1EaSAxJYhHAI+ABfdp8LZ9IJt6GfIfoyzf34GQY > dE7XrJMm0BVfd6oHQaArEcH6sI6XPU7RlMVJNvXUH4XuJH9Qww/lRw== > =TyDY > -----END PGP SIGNATURE----- > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > ------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure > Hosted and sponsored by Secunia - > https://lists.grok.org.uk/mailman/listinfo/full-disclosure > > End of Full-Disclosure Digest, Vol 94, Issue 27 > *********************************************** > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
