U.S. Flag Official website of the Department of Homeland Security

Bulletin (SB10-053)

Vulnerability Summary for the Week of February 15, 2010

Original release date: February 23, 2010 | Last revised: November 02, 2012

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- webkit
google -- chrome
WebKit before r53525, as used in Google Chrome before 4.0.249.89,allows remote attackers to execute arbitrary code in the Chrome sandboxvia a malformed RUBY element, as demonstrated by a <ruby&gt><rt> sequence.</rt&gt<table&gt <tbody><tr> 2010-02-18 9.3 CVE-2010-0647
CONFIRM
apple -- webkit
google -- chrome
WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit beforer52401, as used in Google Chrome before 4.0.249.78, allows remoteattackers to bypass the Same Origin Policy via vectors involving thewindow.open method. 2010-02-18 7.5 CVE-2010-0661
CONFIRM
CONFIRM
dokuwiki -- dokuwiki
A typo in the administrator permission check in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to gain privileges and access closed wikis by editing currentACL statements, as demonstrated in the wild in January 2010. 2010-02-15 7.5 CVE-2010-0288
CONFIRM
DEBIAN
SECUNIA
FEDORA
FEDORA
CONFIRM
google -- chrome
Multiple integer overflows in factory.cc in Google V8 before r3560, asused in Google Chrome before 4.0.249.89, allow remote attackers toexecute arbitrary code in the Chrome sandbox via crafted use ofJavaScript arrays. 2010-02-18 9.3 CVE-2010-0645
CONFIRM
google -- chrome
Multiple integer signedness errors in factory.cc in Google V8 beforer3560, as used in Google Chrome before 4.0.249.89, allow remoteattackers to execute arbitrary code in the Chrome sandbox via crafteduse of JavaScript arrays. 2010-02-18 10.0 CVE-2010-0646
VUPEN
CONFIRM
google -- chrome
Integer overflow in the CrossCallParamsEx::CreateFromBuffer function insandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89allows attackers to leverage renderer access to cause a denial ofservice (heap memory corruption) or possibly have unspecified otherimpact via a malformed message, related to deserializing of sandboxmessages. 2010-02-18 9.3 CVE-2010-0649
CONFIRM
google -- chrome
Use-after-free vulnerability in Google Chrome before 4.0.249.78 allowsuser-assisted remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via vectorsinvolving the display of a blocked popup window during navigation to adifferent web site. 2010-02-18 9.3 CVE-2010-0655
CONFIRM
google -- chrome
Google Chrome before 4.0.249.78 on Windows does not perform theexpected encoding, escaping, and quoting for the URL in the --appargument in a desktop shortcut, which allows user-assisted remoteattackers to execute arbitrary programs or obtain sensitive informationby tricking a user into creating a crafted shortcut. 2010-02-18 9.3 CVE-2010-0657
CONFIRM
SECTRACK
CONFIRM
CONFIRM
google -- chrome
Multiple integer overflows in Skia, as used in Google Chrome before4.0.249.78, allow remote attackers to execute arbitrary code in theChrome sandbox or cause a denial of service (memory corruption andapplication crash) via vectors involving CANVAS elements. 2010-02-18 9.3 CVE-2010-0658
CONFIRM
juniper -- odyssey_access_client
Stack-based buffer overflow in dsInstallerService.dll in the JuniperInstaller Service, as used in Juniper Odyssey Access Client4.72.11421.0 and other products, allows remote attackers to executearbitrary code via a long string in a malformedDSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService namedpipe. 2010-02-15 10.0 CVE-2009-4643
MISC
IDEFENSE
realnetworks -- helix_player
realnetworks -- realplayer
Buffer overflow in the Unescape function in common/util/hxurl.cpp andplayer/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a URLargument containing a % (percent) character that is not followed by twohex digits. 2010-02-18 7.5 CVE-2010-0416
CONFIRM
CONFIRM
REDHAT
MLIST
sun -- openoffice.org
Integer overflow in the XPMReader::ReadXPM function infilter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2allows remote attackers to execute arbitrary code via a crafted XPMfile that triggers a heap-based buffer overflow. 2010-02-16 9.3 CVE-2009-2949
VUPEN
sun -- openoffice.org
Heap-based buffer overflow in theGIFLZWDecompressor::GIFLZWDecompressor function infilter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allowsremote attackers to cause a denial of service (application crash) orpossibly execute arbitrary code via a crafted GIF file, related to LZWdecompression. 2010-02-16 9.3 CVE-2009-2950
CONFIRM
XF
VUPEN
BID
REDHAT
CONFIRM
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
sun -- openoffice.org
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo)before 3.2 allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a craftedsprmTDefTable table property modifier in a Word document. 2010-02-16 9.3 CVE-2009-3301
CONFIRM
XF
VUPEN
BID
REDHAT
CONFIRM
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
sun -- openoffice.org
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remoteattackers to cause a denial of service (application crash) or possiblyexecute arbitrary code via a crafted sprmTSetBrc table propertymodifier in a Word document, related to a "boundary error flaw." 2010-02-16 9.3 CVE-2009-3302
CONFIRM
XF
VUPEN
BID
REDHAT
CONFIRM
CONFIRM
DEBIAN
SECTRACK
SECUNIA
SECUNIA
sun -- openoffice.org
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforceVisual Basic for Applications (VBA) macro security settings, whichallows remote attackers to run arbitrary macros via a crafted document. 2010-02-16 9.3 CVE-2010-0136
BID
MLIST
DEBIAN
SECTRACK
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- blazeds
adobe -- coldfusion
adobe -- flex_data_services
adobe -- lifecycle
adobe -- lifecycle_data_services
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used inLiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1,and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1,and 9.0, allows remote attackers to obtain sensitive information viavectors that are associated with a request, and related to injectedtags and external entity references in XML documents. 2010-02-15 4.3 CVE-2009-3960
BID
OSVDB
CONFIRM
SECTRACK
adobe -- adobe_air
adobe -- flash_player
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 andAdobe AIR before 1.5.3.9130 allows remote attackers to bypass intendedsandbox restrictions and make cross-domain requests via unspecifiedvectors. 2010-02-15 6.8 CVE-2010-0186
CONFIRM
adobe -- adobe_air
adobe -- flash_player
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130allow remote attackers to cause a denial of service (application crash)via a modified SWF file. 2010-02-15 4.3 CVE-2010-0187
REDHAT
CONFIRM
BID
MISC
CONFIRM
SECTRACK
MISC
apple -- safari
apple -- webkit
google -- chrome
WebKit before r52784, as used in Google Chrome before 4.0.249.78 andApple Safari, permits cross-origin loading of CSS stylesheets even whenthe stylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0651
CONFIRM
apple -- webkit
google -- chrome
WebKit before r51295, as used in Google Chrome before 4.0.249.78,presents a directory-listing page in response to an XMLHttpRequest fora file:/// URL that corresponds to a directory, which allows attackersto obtain sensitive information or possibly have unspecified otherimpact via a crafted local HTML document. 2010-02-18 4.3 CVE-2010-0656
CONFIRM
apple -- webkit
google -- chrome
The image decoder in WebKit before r52833, as used in Google Chromebefore 4.0.249.78, does not properly handle a failure of memoryallocation, which allows remote attackers to execute arbitrary code inthe Chrome sandbox via a malformed GIF file that specifies a large size. 2010-02-18 6.8 CVE-2010-0659
CONFIRM
cisco -- collaboration_server
Cross-site scripting (XSS) vulnerability inwebline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server(CCS) 5 allows remote attackers to inject arbitrary web script or HTMLvia the dest parameter. 2010-02-17 4.3 CVE-2010-0641
XF
BID
MISC
cisco -- collaboration_server
Cisco Collaboration Server (CCS) 5 allows remote attackers to read thesource code of JHTML files via URL encoded characters in the filenameextension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2)changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4)appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml,(b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml,(d) webline/html/forms/callbackICM.jhtml, (e)webline/html/agent/AgentFrame.jhtml, (f)webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml,(h) webline/html/multichatui/nowDefunctWindow.jhtml, (i)browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k)msccallme/mscCallForm.jhtml, and (l)webline/html/admin/wcs/LoginPage.jhtml components. 2010-02-17 5.0 CVE-2010-0642
XF
BID
MISC
dokuwiki -- dokuwiki
Directory traversal vulnerability in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to list the contents of arbitrary directories via a .. (dotdot) in the ns parameter. 2010-02-15 5.0 CVE-2010-0287
CONFIRM
DEBIAN
SECUNIA
FEDORA
FEDORA
CONFIRM
dokuwiki -- dokuwiki
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACLManager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25callow remote attackers to hijack the authentication of administratorsfor requests that modify access control rules, and other unspecifiedrequests, via unknown vectors. 2010-02-15 6.8 CVE-2010-0289
CONFIRM
DEBIAN
SECUNIA
FEDORA
FEDORA
CONFIRM
google -- chrome
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89populates an authentication dialog with credentials that were stored byPassword Manager for a different web site, which allows user-assistedremote HTTP servers to obtain sensitive information via a URL thatrequires authentication, as demonstrated by a URL in the SRC attributeof an IMG element. 2010-02-18 4.3 CVE-2010-0556
CONFIRM
google -- chrome
Google Chrome before 4.0.249.89 attempts to make direct connections toweb sites when all configured proxy servers are unavailable, whichallows remote HTTP servers to obtain potentially sensitive informationabout the identity of a client user via standard HTTP logging, asdemonstrated by a proxy server that was configured for the purpose ofanonymity. 2010-02-18 4.3 CVE-2010-0643
CONFIRM
google -- chrome
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server isconfigured, sends DNS queries directly, which allows remote DNS serversto obtain potentially sensitive information about the identity of aclient user via request logging, as demonstrated by a proxy server thatwas configured for the purpose of anonymity. 2010-02-18 4.3 CVE-2010-0644
CONFIRM
google -- chrome
Google Chrome before 4.0.249.78 sends an https URL in the Refererheader of an http request in certain circumstances involving https tohttp redirection, which allows remote HTTP servers to obtainpotentially sensitive information via standard HTTP logging. 2010-02-18 5.0 CVE-2010-0660
CONFIRM
google -- chrome
The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not use the correct variables in calculations designedto prevent integer overflows, which allows attackers to leveragerenderer access to cause a denial of service or possibly haveunspecified other impact via bitmap data, related to deserialization. 2010-02-18 4.3 CVE-2010-0662
CONFIRM
google -- chrome
The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not initialize the memory locations that will holdbitmap data, which might allow remote attackers to obtain potentiallysensitive information from process memory by providing insufficientdata, related to use of a (1) thumbnail database or (2) HTML canvas. 2010-02-18 4.3 CVE-2010-0663
CONFIRM
google -- chrome
Stack consumption vulnerability in theChildProcessSecurityPolicy::CanRequestURL function inbrowser/child_process_security_policy.cc in Google Chrome before4.0.249.78 allows remote attackers to cause a denial of service (memoryconsumption and application crash) via a URL that specifies multipleprotocols, as demonstrated by a URL that begins with many repetitionsof the view-source: substring. 2010-02-18 4.3 CVE-2010-0664
CONFIRM
intel -- e1000
linux -- kernel
linux -- kernel
The Linux kernel before 2.6.32.4 allows local users to gain privilegesor cause a denial of service (panic) by calling the (1) mmap or (2)mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." 2010-02-15 4.6 CVE-2010-0291
CONFIRM
intel -- e1000
linux -- kernel
linux -- kernel
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernelbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELFinterpreter is available before a call to the SET_PERSONALITY macro,which allows local users to cause a denial of service (system crash)via a 32-bit application that attempts to execute a 64-bit applicationand then triggers a segmentation fault, as demonstrated byamd64_killer, related to the flush_old_exec function. 2010-02-17 4.7 CVE-2010-0307
CONFIRM
BID
MLIST
MLIST
MLIST
MLIST
CONFIRM
MISC
CONFIRM
MLIST
CONFIRM
k5n -- webcalendar
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0allows remote attackers to hijack the authentication of administratorsfor requests that change the administrative password via unknownvectors. NOTE: the provenance of this information is unknown; thedetails are obtained solely from third party information. 2010-02-15 6.8 CVE-2010-0638
SECUNIA
linux -- kernel
The do_pages_move function in mm/migrate.c in the Linux kernel before2.6.33-rc7 does not validate node values, which allows local users toread arbitrary kernel memory locations, cause a denial of service(OOPS), and possibly have unspecified other impact by specifying a nodethat is not part of the kernel's node set. 2010-02-17 4.6 CVE-2010-0415
CONFIRM
microsoft -- internet_explorer
Microsoft Internet Explorer permits cross-origin loading of CSSstylesheets even when the stylesheet download has an incorrect MIMEtype and the stylesheet document is malformed, which allows remote HTTPservers to obtain sensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0652
MISC
mozilla -- firefox
Mozilla Firefox, possibly before 3.6, allows remote attackers todiscover a redirect's target URL, for the session of a specific user ofa web site, by placing the site's URL in the HREF attribute of astylesheet LINK element, and then reading thedocument.styleSheets[0].href property value, related to an IFRAMEelement. 2010-02-18 4.3 CVE-2010-0648
MISC
MISC
mozilla -- firefox
Mozilla Firefox permits cross-origin loading of CSS stylesheets evenwhen the stylesheet download has an incorrect MIME type and thestylesheet document is malformed, which allows remote HTTP servers toobtain sensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0654
MISC
opera -- opera_browser
Opera permits cross-origin loading of CSS stylesheets even when thestylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0653
MISC
realnetworks -- helix_player
realnetworks -- realplayer
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a RuleBookstructure with a large number of rule-separator characters that triggerheap memory corruption. 2010-02-18 5.0 CVE-2010-0417
CONFIRM
CONFIRM
REDHAT
MLIST
squid-cache -- squid
The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0through 3.0.STABLE23 allows remote attackers to cause a denial ofservice (crash) via crafted packets to the HTCP port, which triggers aNULL pointer dereference. 2010-02-15 5.0 CVE-2010-0639
VUPEN
MISC
MISC
CONFIRM
SECTRACK
BID
OSVDB
MISC
Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
adobe -- blazeds
adobe -- coldfusion
adobe -- flex_data_services
adobe -- lifecycle
adobe -- lifecycle_data_services
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used inLiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1,and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1,and 9.0, allows remote attackers to obtain sensitive information viavectors that are associated with a request, and related to injectedtags and external entity references in XML documents. 2010-02-15 4.3 CVE-2009-3960
BID
OSVDB
CONFIRM
SECTRACK
adobe -- adobe_air
adobe -- flash_player
Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2 andAdobe AIR before 1.5.3.9130 allows remote attackers to bypass intendedsandbox restrictions and make cross-domain requests via unspecifiedvectors. 2010-02-15 6.8 CVE-2010-0186
CONFIRM
adobe -- adobe_air
adobe -- flash_player
Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130allow remote attackers to cause a denial of service (application crash)via a modified SWF file. 2010-02-15 4.3 CVE-2010-0187
REDHAT
CONFIRM
BID
MISC
CONFIRM
SECTRACK
MISC
apple -- safari
apple -- webkit
google -- chrome
WebKit before r52784, as used in Google Chrome before 4.0.249.78 andApple Safari, permits cross-origin loading of CSS stylesheets even whenthe stylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0651
CONFIRM
apple -- webkit
google -- chrome
WebKit before r51295, as used in Google Chrome before 4.0.249.78,presents a directory-listing page in response to an XMLHttpRequest fora file:/// URL that corresponds to a directory, which allows attackersto obtain sensitive information or possibly have unspecified otherimpact via a crafted local HTML document. 2010-02-18 4.3 CVE-2010-0656
CONFIRM
apple -- webkit
google -- chrome
The image decoder in WebKit before r52833, as used in Google Chromebefore 4.0.249.78, does not properly handle a failure of memoryallocation, which allows remote attackers to execute arbitrary code inthe Chrome sandbox via a malformed GIF file that specifies a large size. 2010-02-18 6.8 CVE-2010-0659
CONFIRM
cisco -- collaboration_server
Cross-site scripting (XSS) vulnerability inwebline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server(CCS) 5 allows remote attackers to inject arbitrary web script or HTMLvia the dest parameter. 2010-02-17 4.3 CVE-2010-0641
XF
BID
MISC
cisco -- collaboration_server
Cisco Collaboration Server (CCS) 5 allows remote attackers to read thesource code of JHTML files via URL encoded characters in the filenameextension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2)changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4)appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml,(b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml,(d) webline/html/forms/callbackICM.jhtml, (e)webline/html/agent/AgentFrame.jhtml, (f)webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml,(h) webline/html/multichatui/nowDefunctWindow.jhtml, (i)browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k)msccallme/mscCallForm.jhtml, and (l)webline/html/admin/wcs/LoginPage.jhtml components. 2010-02-17 5.0 CVE-2010-0642
XF
BID
MISC
dokuwiki -- dokuwiki
Directory traversal vulnerability in the ACL Manager plugin(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remoteattackers to list the contents of arbitrary directories via a .. (dotdot) in the ns parameter. 2010-02-15 5.0 CVE-2010-0287
CONFIRM
DEBIAN
SECUNIA
FEDORA
FEDORA
CONFIRM
dokuwiki -- dokuwiki
Multiple cross-site request forgery (CSRF) vulnerabilities in the ACLManager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25callow remote attackers to hijack the authentication of administratorsfor requests that modify access control rules, and other unspecifiedrequests, via unknown vectors. 2010-02-15 6.8 CVE-2010-0289
CONFIRM
DEBIAN
SECUNIA
FEDORA
FEDORA
CONFIRM
google -- chrome
browser/login/login_prompt.cc in Google Chrome before 4.0.249.89populates an authentication dialog with credentials that were stored byPassword Manager for a different web site, which allows user-assistedremote HTTP servers to obtain sensitive information via a URL thatrequires authentication, as demonstrated by a URL in the SRC attributeof an IMG element. 2010-02-18 4.3 CVE-2010-0556
CONFIRM
google -- chrome
Google Chrome before 4.0.249.89 attempts to make direct connections toweb sites when all configured proxy servers are unavailable, whichallows remote HTTP servers to obtain potentially sensitive informationabout the identity of a client user via standard HTTP logging, asdemonstrated by a proxy server that was configured for the purpose ofanonymity. 2010-02-18 4.3 CVE-2010-0643
CONFIRM
google -- chrome
Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server isconfigured, sends DNS queries directly, which allows remote DNS serversto obtain potentially sensitive information about the identity of aclient user via request logging, as demonstrated by a proxy server thatwas configured for the purpose of anonymity. 2010-02-18 4.3 CVE-2010-0644
CONFIRM
google -- chrome
Google Chrome before 4.0.249.78 sends an https URL in the Refererheader of an http request in certain circumstances involving https tohttp redirection, which allows remote HTTP servers to obtainpotentially sensitive information via standard HTTP logging. 2010-02-18 5.0 CVE-2010-0660
CONFIRM
google -- chrome
The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not use the correct variables in calculations designedto prevent integer overflows, which allows attackers to leveragerenderer access to cause a denial of service or possibly haveunspecified other impact via bitmap data, related to deserialization. 2010-02-18 4.3 CVE-2010-0662
CONFIRM
google -- chrome
The ParamTraits::Readfunction in common/common_param_traits.cc in Google Chrome before4.0.249.78 does not initialize the memory locations that will holdbitmap data, which might allow remote attackers to obtain potentiallysensitive information from process memory by providing insufficientdata, related to use of a (1) thumbnail database or (2) HTML canvas. 2010-02-18 4.3 CVE-2010-0663
CONFIRM
google -- chrome
Stack consumption vulnerability in theChildProcessSecurityPolicy::CanRequestURL function inbrowser/child_process_security_policy.cc in Google Chrome before4.0.249.78 allows remote attackers to cause a denial of service (memoryconsumption and application crash) via a URL that specifies multipleprotocols, as demonstrated by a URL that begins with many repetitionsof the view-source: substring. 2010-02-18 4.3 CVE-2010-0664
CONFIRM
intel -- e1000
linux -- kernel
linux -- kernel
The Linux kernel before 2.6.32.4 allows local users to gain privilegesor cause a denial of service (panic) by calling the (1) mmap or (2)mremap function, aka the "do_mremap() mess" or "mremap/mmap mess." 2010-02-15 4.6 CVE-2010-0291
CONFIRM
intel -- e1000
linux -- kernel
linux -- kernel
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernelbefore 2.6.32.8 on the x86_64 platform does not ensure that the ELFinterpreter is available before a call to the SET_PERSONALITY macro,which allows local users to cause a denial of service (system crash)via a 32-bit application that attempts to execute a 64-bit applicationand then triggers a segmentation fault, as demonstrated byamd64_killer, related to the flush_old_exec function. 2010-02-17 4.7 CVE-2010-0307
CONFIRM
BID
MLIST
MLIST
MLIST
MLIST
CONFIRM
MISC
CONFIRM
MLIST
CONFIRM
k5n -- webcalendar
Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0allows remote attackers to hijack the authentication of administratorsfor requests that change the administrative password via unknownvectors. NOTE: the provenance of this information is unknown; thedetails are obtained solely from third party information. 2010-02-15 6.8 CVE-2010-0638
SECUNIA
linux -- kernel
The do_pages_move function in mm/migrate.c in the Linux kernel before2.6.33-rc7 does not validate node values, which allows local users toread arbitrary kernel memory locations, cause a denial of service(OOPS), and possibly have unspecified other impact by specifying a nodethat is not part of the kernel's node set. 2010-02-17 4.6 CVE-2010-0415
CONFIRM
microsoft -- internet_explorer
Microsoft Internet Explorer permits cross-origin loading of CSSstylesheets even when the stylesheet download has an incorrect MIMEtype and the stylesheet document is malformed, which allows remote HTTPservers to obtain sensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0652
MISC
mozilla -- firefox
Mozilla Firefox, possibly before 3.6, allows remote attackers todiscover a redirect's target URL, for the session of a specific user ofa web site, by placing the site's URL in the HREF attribute of astylesheet LINK element, and then reading thedocument.styleSheets[0].href property value, related to an IFRAMEelement. 2010-02-18 4.3 CVE-2010-0648
MISC
MISC
mozilla -- firefox
Mozilla Firefox permits cross-origin loading of CSS stylesheets evenwhen the stylesheet download has an incorrect MIME type and thestylesheet document is malformed, which allows remote HTTP servers toobtain sensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0654
MISC
opera -- opera_browser
Opera permits cross-origin loading of CSS stylesheets even when thestylesheet download has an incorrect MIME type and the stylesheetdocument is malformed, which allows remote HTTP servers to obtainsensitive information via a crafted document. 2010-02-18 4.3 CVE-2010-0653
MISC
realnetworks -- helix_player
realnetworks -- realplayer
Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 andRealPlayer allows remote attackers to cause a denial of service(application crash) or possibly execute arbitrary code via a RuleBookstructure with a large number of rule-separator characters that triggerheap memory corruption. 2010-02-18 5.0 CVE-2010-0417
CONFIRM
CONFIRM
REDHAT
MLIST
squid-cache -- squid
The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0through 3.0.STABLE23 allows remote attackers to cause a denial ofservice (crash) via crafted packets to the HTCP port, which triggers aNULL pointer dereference. 2010-02-15 5.0 CVE-2010-0639
VUPEN
MISC
MISC
CONFIRM
SECTRACK
BID
OSVDB
MISC
Back to top

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
apple -- safari
google -- chrome
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari,allows remote attackers to bypass intended restrictions on popupwindows via crafted use of a mouse click event. 2010-02-182.6 CVE-2010-0650
CONFIRM
CONFIRM
SECTRACK
CONFIRM
CONFIRM
linux -- kernel
The wake_futex_pi function in kernel/futex.c in the Linux kernel before2.6.33-rc7 does not properly handle certain unlock operations for aPriority Inheritance (PI) futex, which allows local users to cause adenial of service (OOPS) and possibly have unspecified other impact viavectors involving modification of the futex value from user space. 2010-02-152.1 CVE-2010-0622
CONFIRM
linux -- kernel
The futex_lock_pi function in kernel/futex.c in the Linux kernel before2.6.33-rc7 does not properly manage a certain reference count, whichallows local users to cause a denial of service (OOPS) via vectorsinvolving an unmount of an ext3 filesystem. 2010-02-152.1 CVE-2010-0623
CONFIRM
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top