Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack

2012-06-13 Thread moshez
Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack Summary : Checkpoint Endpoint Connect VPN is prone to DLL hijacking Date : 12 June 2012 Affected versions : Endpoint Security VPN

[SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE

2012-06-13 Thread Security Explorations
Dear All, Yesterday, Oracle released its Critical Patch Update for Java SE software [1], which incorporates fixes for 3 of more than 20+ security issues that were reported to the company in Apr 2012 [2]. We would like to inform, that while some of the Proof of Concept codes we developed for the

[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability

2012-06-13 Thread Code Audit Labs
[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability CVE ID: CVE-2012-1874 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0023microsoft-ie-developer-toolbar-remote-code-execution-vulnerability/ 1

[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability

2012-06-13 Thread Code Audit Labs
[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability CVE ID: CVE-2012-1875 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0026-microsfot-ie-same-id-property-remote-code-execution-vulnerability/ 1

CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file.

2012-06-13 Thread Boston Cyber Defense
Description: Opening a specially crafted mxd file will execute arbitrary code without prompting and without a crash of the application. This is due to a flaw in the programs ability to prompt a user before executing embedded VBA. Mxd files are not filtered by email systems so this allows a remote

APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9

2012-06-13 Thread Apple Product Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 is now available and addresses the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,

ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability

2012-06-13 Thread ZDI Disclosures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-093 June 12, 2012 - -- CVE ID: CVE-2012-1876 - -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C - --

[SECURITY] [DSA 2493-1] asterisk security update

2012-06-13 Thread Florian Weimer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2493-1 secur...@debian.org http://www.debian.org/security/Florian Weimer June 12, 2012