Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack
Summary : Checkpoint Endpoint Connect VPN is prone to DLL hijacking
Date : 12 June 2012
Affected versions : Endpoint Security VPN
Dear All,
Yesterday, Oracle released its Critical Patch Update for Java SE
software [1], which incorporates fixes for 3 of more than 20+
security issues that were reported to the company in Apr 2012 [2].
We would like to inform, that while some of the Proof of Concept
codes we developed for the
[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution
Vulnerability
CVE ID: CVE-2012-1874
http://technet.microsoft.com/en-us/security/bulletin/ms12-037
http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0023microsoft-ie-developer-toolbar-remote-code-execution-vulnerability/
1
[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution
Vulnerability
CVE ID: CVE-2012-1875
http://technet.microsoft.com/en-us/security/bulletin/ms12-037
http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0026-microsfot-ie-same-id-property-remote-code-execution-vulnerability/
1
Description:
Opening a specially crafted mxd file will execute arbitrary
code without prompting and without a crash of the application.
This is due to a flaw in the programs ability to prompt a user
before executing embedded VBA. Mxd files are not filtered by
email systems so this allows a remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for
Mac OS X 10.6 Update 9
Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9 is now
available and addresses the following:
Java
Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan
Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-093
June 12, 2012
- -- CVE ID:
CVE-2012-1876
- -- CVSS:
9, AV:N/AC:L/Au:N/C:P/I:P/A:C
- --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2493-1 secur...@debian.org
http://www.debian.org/security/Florian Weimer
June 12, 2012