___
Insomnia Security Vulnerability Advisory: ISVA-110822.1
___
Name: Pidgin IM Insecure URL Handling Remote Code Execution
Reported: 21 July 2011
Vendor Link:
://www.microsoft.com/
Affected Products:
Windows 2000, Windows XP, Windows 2003, Windows Vista
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-100216.1.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec.com
Link:
http://www.microsoft.com/
Affected Products:
Microsoft Internet Explorer 7 Running On Vista
Requires Office 2007
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-081209.1.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec.com
Link:
http://www.altiris.com/
Affected Products:
Altiris Deployment Server 6.X
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-081020.1.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec.com
:
http://http://office.microsoft.com/onenote
Affected Products:
MS Office Onenote 2007
MS Office 2003 and 2007 have vulnerable components
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-080910.1.htm
Researcher:
Brett Moore, Insomnia Security
http
:
http://www.microsoft.com/sql/default.mspx
Affected Products:
MS SQL Server 2005, possibly previous versions
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-080709.1.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec.com
://www.altiris.com/
Affected Products:
Altiris Deployment Solution 6.8.x & 6.9.x
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-080516.1.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec
:
http://www.altiris.com/
Affected Products:
Altiris Deployment Solution 6.8.x & 6.9.x
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-080516.2.htm
Researcher:
Brett Moore, Insomnia Security
http://www.insomniasec
tation function
alert(x.Interfaces.Item(a).Members.Item(b).HelpString)
== Solutions ==
Install the vendor supplied patch.
http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx
== Credit ==
Discovered and advised to Microsoft November 23 2006 by Brett Moore of
Security-Assessment.com
ttp://mc-computing.com/WinExplorer/WinExplorerEditFlags.htm
== Credit ==
Discovered and advised to SUN November 15 2006 by Brett Moore of
Security-Assessment.com
== About Security-Assessment.com ==
Security-Assessment.com is Australasia's leading team of Information
Security consultants specialisin
rom the lizardtech website
http://www.lizardtech.com/
== Credit ==
Discovered and advised to Lizardtech November 2006, by Brett Moore of
Security-Assessment.com
== About Security-Assessment.com ==
Security-Assessment.com is Australasia's leading team of Information
Security con
==
Discovered and advised to Microsoft May, 2006 by Brett Moore of
Security-Assessment.com
== About Security-Assessment.com ==
Security-Assessment.com is Australasia's leading team of Information
Security consultants specialising in providing high quality Information
Security services to cl
==
% Project Server 2003 - Credential Disclosure
% [EMAIL PROTECTED]
==
Microsoft Project server 2003 implements a thick client
for some of the functionality. The thick client us
no planned date for this update.
== Credit ==
Discovered and advised to Hilgraeve November 10, 2006 by Brett Moore of
Security-Assessment.com
== About Security-Assessment.com ==
Security-Assessment.com is Australasia's leading team of Information
Security consultants specialising
% ASP Cmd Shell On IIS 5.1
% [EMAIL PROTECTED]
ASP shells have been around since the dawn of time. On IIS 5.0 and prior
it
was simple to creat
ser to read and download any file from the kiosk
with the permissions of the user running SiteKiosk.
== Solutions ==
A new version of SiteKiosk has been released that addresses these
vulnerabilities. It can be downloaded from http://www.sitekiosk.com.
== Credit ==
Discovered and advised to SiteKiosk
eing considered for
the next major version of ColdFusion - the release date is currently not
finalized. There is currently no plan to release security bulletins for
any of the issues from the report
== Credit ==
Discovered and advised to Adobe November 11, 2006 by Brett Moore of
Security
this vulnerability. It is however possible to bypass
any security restrictions enforced by ASP. It also allows for the
execution of APIS that have no ASP equivalent.
== Solutions ==
- Install the vendor supplied patch.
== Credit ==
Discovered and advised to Microsoft February, 2006 by Brett
upgrade
http://www.skype.com/security/skype-sb-2006-001.html
== Credit ==
Discovered and advised to Skype Limited May, 2006 by Brett Moore of
Security-Assessment.com
== About Security-Assessment.com ==
Security-Assessment.com is New Zealand's leading team of Information
Security consul
] overwrites.
It can currently be downloaded from our website
http://www.security-assessment.com/tech-1.htm
Brett Moore
Network Intrusion Specialist, CTO
Security-Assessment.com
CONFIDENTIALITY NOTICE:
This message and any attachment(s) are confidential and proprietary. They
may also be
y
* Try it out against any program with a listview.
* eg: explorer, IE, any file open dialog
* Brett Moore [ [EMAIL PROTECTED] ]
* www.security-assessment.com
**/
#include
#include
// Local Cmd Shellcode
BYTE exploit[] =
"\x90\x68\x63
the attack.
== Solutions ==
- Install the vendor supplied patch.
== Credit ==
Based on work by Thor Larholm at Pivx.com.
http://www.pivx.com/larholm/adv/TL001/default.htm
Discovered and advised to Microsoft May 21, 2003 by Brett Moore of
Security-Assessment.com
%-)
== About Security-Assessment.com ==
patible with my win2k SP3.
*
* Brett Moore [ [EMAIL PROTECTED] ]
* www.security-assessment.com
***/
#include
#include
int main(int argc, char *argv[])
{
long lResult;
long hWndControl,hHdrControl;
char buffer[65535];
essary services,
files and isapi extensions reduces the number of listeners that data can
be fed to limiting the number of vulnerabilities that a server is
susceptible to.
- Install the vendor supplied patch.
== Credit ==
Discovered and advised to Microsoft January 30, 2003 by Brett Moore of
Sec
and isapi extensions reduces the number of listeners
that data can be fed to limiting the number of vulnerabilities that a
server is susceptible to.
- Install the vendor supplied patch.
== Credit ==
Discovered and advised to Microsoft January 27, 2003 by Brett Moore.
%-) shutz to: eEye,
Also if anyone is writing IDS or filtering systems, most of the webdav
methods can be used to exploit this.
These are some that I have found that can lead to exploitation.
LOCK
SEARCH
PROPFIND
COPY
MKCOL
Brett
-Original Message-
From: Dave Aitel [mailto:[EMAIL PROTECTED]
Sent: Wednesday,
No so much a bug, more an issue of another default installation setup.
After writing an exploit for the winhelp32, I tested on a pc that had
Tiny 2 installed. As I expected Tiny stopped the outbound connection.
Testing on a Tiny 3 version had no warnings of the outbound connection.
Upon investi
27 matches
Mail list logo
