Vulnerability Summary for the Week of April 18, 2011
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- acrobat | Unspecified vulnerability in Adobe Flash Player 10.2.154.25 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android, and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.3 and 10.x through 10.0.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in a Microsoft Word document, and as exploited in the wild in April 2011. | 2011-04-13 | 9.3 | CVE-2011-0611 |
cisco -- ios | The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent permanent caching of certain public keys, which allows remote attackers to bypass authentication and have unspecified other impact by leveraging an IKE peer relationship in which a key was previously valid but later revoked, aka Bug ID CSCth82164, a different vulnerability than CVE-2010-4685. | 2011-04-14 | 10.0 | CVE-2011-0935 |
icanlocalize -- translation_management | SQL injection vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 2011-04-09 | 7.5 | CVE-2011-1663 |
isc -- dhcp | dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | 2011-04-08 | 7.5 | CVE-2011-0997 |
microsoft -- .net_framework | The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability." | 2011-04-13 | 9.3 | CVE-2010-3958 |
microsoft -- windows_2003_server | fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability." | 2011-04-13 | 7.6 | CVE-2010-3974 |
microsoft -- windows_server_2003 | WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0028 |
microsoft -- windows_2003_server | Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0034 |
microsoft -- office | Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0041 |
microsoft -- ie | Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layouts Handling Memory Corruption Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0094 |
microsoft -- excel | Integer overflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via crafted record information in an Excel file, aka "Excel Integer Overrun Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0097 |
microsoft -- excel | Heap-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via crafted record information in an Excel file, aka "Excel Heap Overflow Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0098 |
microsoft -- excel | Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Record Parsing WriteAV Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0101 |
microsoft -- excel | Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0103 |
microsoft -- excel | Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Buffer Overwrite Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0104 |
microsoft -- excel | Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0105 |
microsoft -- office | Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0107 |
microsoft -- office | Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate TimeColorBehaviorContainer Floating Point records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Floating Point Techno-color Time Bandit RCE Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0655 |
microsoft -- office | Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; PowerPoint Viewer; PowerPoint Viewer 2007 SP2; and PowerPoint Web App do not properly validate PersistDirectoryEntry records in PowerPoint documents, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document containing an invalid record, aka "Persist Directory RCE Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0656 |
microsoft -- windows_2003_server | DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability." | 2011-04-13 | 10.0 | CVE-2011-0657 |
microsoft -- windows_2003_server | The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0660 |
microsoft -- windows_2003_server | The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability." | 2011-04-13 | 10.0 | CVE-2011-0661 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0662 |
microsoft -- jscript | Multiple integer overflows in the Microsoft (1) JScript 5.6 through 5.8 and (2) VBScript 5.6 through 5.8 scripting engines allow remote attackers to execute arbitrary code via a crafted web page, aka "Scripting Memory Reallocation Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-0663 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0665 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0666 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0667 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0670 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0671 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0672 |
microsoft -- windows_xp | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0673 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0674 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0675 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0676 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-0677 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1225 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1226 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1227 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1228 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1229 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1230 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1231 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1232 |
microsoft -- windows_2003_server | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1233 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1234 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1235 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1236 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1237 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1238 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1239 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1240 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1241 |
microsoft -- windows_2003_server | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability." | 2011-04-13 | 7.2 | CVE-2011-1242 |
microsoft -- windows_xp | The Windows Messenger ActiveX control in msgsc.dll in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via unspecified vectors that "corrupt the system state," aka "Microsoft Windows Messenger ActiveX Control Vulnerability." | 2011-04-13 | 9.3 | CVE-2011-1243 |
mit -- kerberos | The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition. | 2011-04-14 | 10.0 | CVE-2011-0285 |
netgear -- prosafe_wnap210_firmware | The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote attackers to bypass authentication and obtain access to the configuration page by visiting recreate.php and then visiting index.php. | 2011-04-09 | 7.5 | CVE-2011-1674 |
novell -- file_reporter | Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data. | 2011-04-09 | 10.0 | CVE-2011-0994 |
pwhois -- layer_four_traceroute | Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) 3.x before 3.3 allows local users to gain privileges via a crafted command line. | 2011-04-09 | 7.2 | CVE-2011-0765 |
xmedien -- anzeigenmarkt | SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action. | 2011-04-09 | 7.5 | CVE-2011-1667 |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
a.kulikov -- interra_blog_machine | Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit. | 2011-04-09 | 4.3 | CVE-2011-1670 |
apple -- webkit | The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. | 2011-04-14 | 5.0 | CVE-2011-1691 |
awcm-cms -- ar_web_content_manager | Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 2011-04-09 | 4.3 | CVE-2011-1668 |
dell -- kace_k2000_systems_deployment_appliance | The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier contains a peinst CIFS share, which allows remote attackers to obtain sensitive information by reading the (1) unattend.xml or (2) sysprep.inf file, as demonstrated by reading a password. | 2011-04-09 | 5.0 | CVE-2011-1672 |
getontracks -- tracks | Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information. | 2011-04-09 | 4.3 | CVE-2011-1671 |
gnu -- glibc | locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. | 2011-04-09 | 6.2 | CVE-2011-1095 |
grapecity -- data_dynamics_reports | Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx. | 2011-04-09 | 4.3 | CVE-2011-1660 |
hp -- nfs/oncplus | Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors. | 2011-04-14 | 6.8 | CVE-2011-0896 |
hp -- network_node_manager_i | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 allows local users to read arbitrary files via unknown vectors. | 2011-04-14 | 4.6 | CVE-2011-0897 |
hp -- network_node_manager_i | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.00 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-04-14 | 4.3 | CVE-2011-0898 |
hp -- envy_100_d410 | The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors. | 2011-04-14 | 4.3 | CVE-2011-1531 |
hp -- envy_100_d410 | Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS). | 2011-04-14 | 6.4 | CVE-2011-1532 |
hp -- envy_100_d410 | Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-04-14 | 4.3 | CVE-2011-1533 |
ibm -- websphere_application_server | IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. | 2011-04-13 | 6.8 | CVE-2011-1683 |
icanlocalize -- translation_management | Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-04-09 | 4.3 | CVE-2011-1662 |
icanlocalize -- translation_management | Cross-site request forgery (CSRF) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2011-04-09 | 6.8 | CVE-2011-1664 |
linux -- util-linux | mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. | 2011-04-09 | 4.6 | CVE-2011-1677 |
mark_pilgrim -- feedparser | Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. | 2011-04-11 | 4.3 | CVE-2009-5065 |
mark_pilgrim -- feedparser | feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration. | 2011-04-11 | 5.0 | CVE-2011-1156 |
mark_pilgrim -- feedparser | Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments. | 2011-04-11 | 4.3 | CVE-2011-1157 |
mark_pilgrim -- feedparser | Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI. | 2011-04-11 | 4.3 | CVE-2011-1158 |
metaways -- tine | Metaways Tine 2.0 allows remote attackers to obtain sensitive information via unknown vectors in (1) Crm/Controller.php, (2) Crm/Export/Csv.php, or (3) Calendar/Model/Attender.php, which reveal the full installation path. | 2011-04-09 | 5.0 | CVE-2011-1666 |
microsoft -- ie | Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on content access, which allows remote attackers to obtain sensitive information or conduct clickjacking attacks via a crafted web site, aka "Frame Tag Information Disclosure Vulnerability." | 2011-04-13 | 5.8 | CVE-2011-1244 |
microsoft -- ie | Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." | 2011-04-13 | 4.3 | CVE-2011-1245 |
mikoviny -- wp_custom_pages | Directory traversal vulnerability in wp-download.php in WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. | 2011-04-09 | 5.0 | CVE-2011-1669 |
mono -- mono | The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct. | 2011-04-13 | 5.8 | CVE-2011-0989 |
mono -- mono | Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file in which a thread makes a change after a type check but before a copy action. | 2011-04-13 | 5.8 | CVE-2011-0990 |
mono -- mono | Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to finalizing and then resurrecting a DynamicMethod instance. | 2011-04-13 | 6.8 | CVE-2011-0991 |
mono -- mono | Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to cause a denial of service (plugin crash) or obtain sensitive information via vectors related to member data in a resurrected MonoThread instance. | 2011-04-13 | 5.8 | CVE-2011-0992 |
ncpfs -- ncpfs | ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. | 2011-04-09 | 4.6 | CVE-2011-1680 |
netgear -- prosafe_wnap210 | BackupConfig.php on the NetGear ProSafe WNAP210 allows remote attackers to obtain the administrator password by reading the configuration file. | 2011-04-09 | 5.0 | CVE-2011-1673 |
nicholas_thompson -- node_quick_find | The Node Quick Find module 6.x-1.1 for Drupal does not use db_rewrite_sql when presenting node titles, which allows remote attackers to bypass intended access restrictions and read potentially sensitive node titles via the autocomplete feature. | 2011-04-09 | 5.0 | CVE-2011-1661 |
novell -- opensuse | Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2011-04-09 | 4.3 | CVE-2011-0462 |
novell -- opensuse | The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | 2011-04-09 | 6.4 | CVE-2011-0466 |
perl -- perl | The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. | 2011-04-11 | 5.0 | CVE-2011-1487 |
phpboost -- phpboost | PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. | 2011-04-09 | 5.0 | CVE-2011-1665 |
roy_marples -- dhcpcd | dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message. | 2011-04-13 | 6.8 | CVE-2011-0996 |
tincan -- phplist | Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts. | 2011-04-13 | 6.8 | CVE-2011-0748 |
tincan -- phplist | Multiple cross-site request forgery (CSRF) vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create a list or (2) insert cross-site scripting (XSS) sequences. NOTE: this issue exists because of an incomplete fix for CVE-2011-0748. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 2011-04-13 | 6.8 | CVE-2011-1682 |
zyxel -- o2_dsl_router_classic | Cross-site request forgery (CSRF) vulnerability in Forms/PortForwarding_Edit_1 on the ZyXEL O2 DSL Router Classic allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences via the PortRule_Name parameter. | 2011-04-13 | 6.8 | CVE-2011-0746 |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
gnu -- glibc | The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | 2011-04-09 | 3.3 | CVE-2011-1089 |
ikiwiki -- ikiwiki | ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet. | 2011-04-11 | 3.5 | CVE-2011-1401 |
kevinmehall -- pithos | PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file. | 2011-04-13 | 2.1 | CVE-2011-1500 |
linux -- kernel | The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the Oracle Cluster File System 2 (OCFS2) subsystem in the Linux kernel before 2.6.39-rc1 does not properly handle holes that cross page boundaries, which allows local users to obtain potentially sensitive information from uninitialized disk locations by reading a file. | 2011-04-09 | 2.1 | CVE-2011-0463 |
linux -- kernel | The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing. | 2011-04-09 | 2.1 | CVE-2011-1163 |
linux -- util-linux | mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 2011-04-09 | 3.3 | CVE-2011-1675 |
linux -- util-linux | mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp file after a failed attempt to add a mount entry, which allows local users to trigger corruption of the /etc/mtab file via multiple invocations. | 2011-04-09 | 3.6 | CVE-2011-1676 |
ncpfs -- ncpfs | ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 2011-04-09 | 3.3 | CVE-2011-1679 |
samba -- samba | smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 2011-04-09 | 3.3 | CVE-2011-1678 |
vmware -- open-vm-tools | vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | 2011-04-09 | 3.3 | CVE-2011-1681 |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.