lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 21 Dec 2012 07:42:35 -0800
From: "g@...7.io" <g@...7.io>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: ZDI Anything

# grep ZDI header_checks
/^From:.*tippingpoint.com.*/ REJECT ZDI SPAM

On 12/21/12 6:21 AM, bl4kjeebus121@...il.com wrote:
> Ah, more of the one-third disclosures, or
> somewhat-disclosed-but-not-really disclosure best of breed pony parade i
> see. Does nobody else find their posts tedious and annoying? I prefer
> mustlive any day
> 
> 
> On 12/21/12 4:43 AM full-disclosure-request@...ts.grok.org.uk wrote:
> 
> Send Full-Disclosure mailing list submissions to
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> or, via email, send a message with subject or body 'help' to
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> 
> You can reach the person managing the list at
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Full-Disclosure digest..."
> 
> 
> Note to digest recipients - when replying to digest posts, please trim
> your post appropriately. Thank you.
> 
> 
> Today's Topics:
> 
> 1. ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event
> Remote Code Execution Vulnerability (ZDI Disclosures)
> 2. ZDI-12-189 : Oracle Java WebStart Changing System Properties
> Remote Code Execution Vulnerability (ZDI Disclosures)
> 3. ZDI-12-190 : Microsoft Internet Explorer Title Element Change
> Remote Code Execution Vulnerability (ZDI Disclosures)
> 4. ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code
> Execution Vulnerability (ZDI Disclosures)
> 5. ZDI-12-192 : Microsoft Internet Explorer insertRow Remote
> Code Execution Vulnerability (ZDI Disclosures)
> 6. ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText
> Remote Code Execution Vulnerability (ZDI Disclosures)
> 7. ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate
> Event Remote Code Execution Vulnerability (ZDI Disclosures)
> 8. ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding
> Remote Code Execution Vulnerability (ZDI Disclosures)
> 9. ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote
> Code Execution Vulnerability (ZDI Disclosures)
> 10. ZDI-12-197 : Oracle Java java.beans.Statement Remote Code
> Execution Vulnerability (ZDI Disclosures)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Fri, 21 Dec 2012 06:29:33 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-188 : Microsoft Internet Explorer
> OnRowsInserted Event Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Cc: full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> ZDI-12-188 : Microsoft Internet Explorer OnRowsInserted Event Remote Code
> Execution Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> -- CVE ID:
> CVE-2012-1881
> 
> -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> -- Affected Vendors:
> Microsoft
> 
> -- Affected Products:
> Microsoft Internet Explorer
> 
> -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Microsoft Internet Explorer. User interaction
> is required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists within the way Internet Explorer handles
> 'onrowsinserted' callback functions for certain elements. It is possible to
> alter the document DOM tree in a onrowsinserted callback function which can
> lead to a use-after-free condition when the function returns. This can
> result in remote code execution under the context of the current process.
> 
> -- Vendor Response:
> Microsoft states:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> -- Credit:
> This vulnerability was discovered by:
> * Anonymous
> 
> -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 21 Dec 2012 06:31:01 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-189 : Oracle Java WebStart Changing
> System Properties Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-189 : Oracle Java WebStart Changing System Properties Remote Code
> Execution Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-1721
> 
> - -- CVSS:
> 9, AV:N/AC:L/Au:N/C:P/I:P/A:C
> 
> - -- Affected Vendors:
> Oracle
> 
> - -- Affected Products:
> Oracle Java Runtime
> 
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Oracle Java. User interaction is required to
> exploit this vulnerability in that the target must visit a malicious page
> or open a malicious file.
> 
> The specific flaw exists because it is possible to change system properties
> through trusted JNLP files. If a JNLP file requests "<all-permissions/>"
> and only references signed, trusted JAR files, it can set all System
> properties. By referencing a trusted JNLP file from an untrusted one it is
> possible to change System Properties that can lead to remote code execution
> under the context of the current user.
> 
> 
> - -- Vendor Response:
> Oracle has issued an update to correct this vulnerability. More details can
> be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> ml
> 
> 
> - -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Chris Ries
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRWf1VtgMGTo1scAQL17Af+PLKQVLcU5Y6zbxi8z9zDy8lZV/qhycKN
> nSRaC5SOh+aVBVN3hvRc8LkRpD1me4kWLk5uvfP4dV9yZToRCt1dZOvIFBgJOYdd
> ztiOTFgQCGapxv4bdvI9VRvx9bUzO8Rl2k3L32xV1gLpe9UKiQbJw5qC8SbhYqWY
> 8j4JA03/66hyTZqT+M6tWKtB80P2lCuYp4aoF6kcIn//5tyS4h0RgPWRTaxzmBcU
> p6V2m3rxDpaTyPRZxN7Q9c8JvN3ClWla1gcNdYAFsh7bnYgiOeI4cvk0vY6v312s
> +3gKQKsU2w+Its1gekAIEk11tlyR3SRtd/mFnk4fEzvlhkSjytAvgQ==
> =VL7/
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 3
> Date: Fri, 21 Dec 2012 06:32:34 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-190 : Microsoft Internet Explorer
> Title Element Change Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-190 : Microsoft Internet Explorer Title Element Change Remote Code
> Execution Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-1877
> 
> - -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> - -- Affected Vendors:
> Microsoft
> 
> - -- Affected Products:
> Microsoft Internet Explorer 9
> 
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12385.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Microsoft Internet Explorer. User interaction
> is required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists in the 'onpropertychange' user callback function
> for the document.title. If the function changes the document in the
> callback function by using, for example, a document.write call, this can
> result in a use-after-free vulnerability. This can lead to remote code
> execution under the context of the program.
> 
> - -- Vendor Response:
> Microsoft has issued an update to correct this vulnerability. More details
> can be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Anonymous
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRW21VtgMGTo1scAQKc7gf+OEjWyyQYkCYucuwZivLId/up2Px3MbYR
> omQMFCjxijYj0rx77RRQGBcPC8ROhW6Gt9VEA+C86gi1hynG/zTEz+AA6iRxJVfp
> 6fUmWVL119kh6tcQml4Mz49vjz1tV9zaALpK/jv7V1EuQ7nS5oSbAi4H0M9oXmLX
> Fht71iOmiFvrnWj+rSZOYJ7Ctd2+DHLGrR72kYEgtU2SLm3cGgJqiEHbbjq/Y7J6
> Ba2Y8mHEJKvdpx3012zJ7BrU0ZOUKRhiiibtJj1A+KAX5fwc+TS5mGMGXgTY/WVe
> sr7diAuRz+R1Uuv1n8ieiV3SuUNcy7NmPlvsXa4VJQsEvB7I9QQIXA==
> =aqcy
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 4
> Date: Fri, 21 Dec 2012 06:34:41 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-191 : Webkit HTMLMedia Element
> beforeLoad Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution
> Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2011-3071
> 
> - -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> - -- Affected Vendors:
> WebKit.Org
> 
> 
> - -- Affected Products:
> WebKit.Org WebKit
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12492.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Apple Safari Webkit. User interaction is
> required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists within the library's implementation of a HTMLMedia
> element. After a source element is created, an attacker can catch the
> beforeLoad event before the element is used, and delete the element. The
> pointer to the source element will then be referenced causing a
> use-after-free condition, which can lead to code execution under the
> context of the application.
> 
> - -- Vendor Response:
> WebKit.Org has issued an update to correct this vulnerability. More details
> can be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * pa_kt / twitter.com/pa_kt
> 
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRXVlVtgMGTo1scAQL8swgAm/RnsOnH3MOpjeTII0WcvV9txZO0itaC
> yRlwICYXXHUUVvuSxlN8KS7P6Wmf5F0gj+VQXP647KhCxIhXZsrx+DL+aZS+Fb17
> pcHGwZFhntNNPn5Gwgy8c0cZeSBVmGByU5BBDT6e3ciGpyidlAzUOga63ahOKN22
> HSi4uiwHn4WX4gxpLt0Yyd14Ro1fdtqi7puUc+KGuzVtBwWypv023ubuPz/qRZ85
> L9R+n+SfoCHL/o2kEHaoM3xpRQeKiAkxRCwS7SVGq8ltnckI3kkdl38t3SfxmjIQ
> yAsYkKbYIkZgHbFhFPfffNhBa8YSdcp4YTMjH2Cjqbrh2TElnhH7Jg==
> =FjqC
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 5
> Date: Fri, 21 Dec 2012 06:36:00 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-192 : Microsoft Internet Explorer
> insertRow Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-192 : Microsoft Internet Explorer insertRow Remote Code Execution
> Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-1880
> 
> - -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> - -- Affected Vendors:
> Microsoft
> 
> - -- Affected Products:
> Microsoft Internet Explorer
> 
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12382.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Microsoft Internet Explorer. User interaction
> is required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists within the way Internet Explorer handles
> consecutive calls to insertRow. When the number of rows reaches a certain
> threshold the program fails to correctly relocate certain key objects. This
> can lead to a use-after-free vulnerability which can result in remote code
> execution under the context of the current process.
> 
> - -- Vendor Response:
> Microsoft has issued an update to correct this vulnerability. More details
> can be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Anonymous
> 
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRXqlVtgMGTo1scAQIolwgAlfWawonK1BetraIK8viDhg/z4Eb5RTse
> hOfWDOxNdY0glskLeI1ylrtr0nXJSvj+8q5T6DcsEaz48nEdsv/ObO+d6JREzwTL
> 3gUJ9fUeMWZubmUmm2cKkgdenmEkK0p8EZqQ5puUpuVffeFC/f8Dn679MGlwL73v
> Zato0rHoJuBedfxOYsQ+UkYwre97ickYkw/dl0LMgce5IRxKROnsR3u4+yPUVOWt
> Vqo0zEPXKGdPUY3L/AjgowwqvOGsf0OmQESBLZi+pGhO2PxWjb5aBm+gFPBkRpNl
> ON1yduQfblrmsrCEHZf/od/A/r7YyLeI4dxkOGb0vR7FmBr2OcZfBA==
> =/GjQ
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 6
> Date: Fri, 21 Dec 2012 06:37:28 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-193 : Microsoft Internet Explorer
> insertAdjacentText Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-193 : Microsoft Internet Explorer insertAdjacentText Remote Code
> Execution Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-1879
> 
> - -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> - -- Affected Vendors:
> Microsoft
> 
> 
> - -- Affected Products:
> Microsoft Internet Explorer
> 
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12383.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Microsoft Internet Explorer. User interaction
> is required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists within the way Internet Explorer handles repeated
> calls to insertAdjacentText. When the size of the element reaches a certain
> threshold Internet Explorer fails to correctly relocate key elements. An
> unitialized variable in one of the function can cause memory corruption.
> This can lead to remote code execution under the context of the program.
> 
> - -- Vendor Response:
> Microsoft has issued an update to correct this vulnerability. More details
> can be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Anonymous
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRYAlVtgMGTo1scAQLIzwgAifwtcC6Rt0S7xdrcLHpBiw+vrM598Ccl
> UBkbArcNGipQLDGVgW6sC3h0gPGayQbaQsyW8J1ar6MNUWmfKnEJetAUa24ZgDWl
> cOATZkDyf0HYwV6a+gATJA4CVJk6cHYjf4Pn9vkguogBebsBMX3mGBLsrSfbcxQc
> 1tOfbV7VogCOHceFLNxVx8Ir8/rpHfbfduflYFPbSLcKgcERcLq5kGJOZkiNPRID
> kRs8dd6vfjEyueO5/NwyPXi9mNaDqNCYgelRCGi3xF/FjabtuV3BVbS81NDoJ8Ak
> O3VFfeHisnRN/ZvPs84fEdfWG5lDy5fzNgEtsTP4+zOMfws21I/7uA==
> =2V0z
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 7
> Date: Fri, 21 Dec 2012 06:39:02 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-194 : Microsoft Internet Explorer
> OnBeforeDeactivate Event Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-194 : Microsoft Internet Explorer OnBeforeDeactivate Event Remote
> Code Execution Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-1878
> 
> - -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> - -- Affected Vendors:
> Microsoft
> 
> - -- Affected Products:
> Microsoft Internet Explorer
> 
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12388.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Microsoft Internet Explorer. User interaction
> is required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists within the way Internet Explorer handles the
> onbeforedeactivate callback function for certain elements. During the
> execution of the onbeforedeactivate callback function it is possible to
> alter the DOM tree of the page which can lead to a use-after-free
> vulnerability when the function returns. This can result in remote code
> execution under the context of the current process.
> 
> - -- Vendor Response:
> Microsoft has issued an update to correct this vulnerability. More details
> can be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2012-03-14 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Anonymous
> 
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRYXVVtgMGTo1scAQIroAgAt/563d86coSO3lzRBv3abXO4+lC1IhEJ
> DOGYcqAPqJ7IIURCpFI6k+8CqRa6gG+HZIv7WrIyiZnya7HcC64Kb6stQjL2aaTw
> lrAa9J5FsuWyOW7/1UM7nfJ06EXe0splcFFNYVjdjJlNSI0RClzQNYNreLtGbDbB
> Gqve1qSbbGwmb8b9nxkfsgrd0nA1jNyJULfd0OLAg5WRZkoFyvKG3UXEBPPslUtH
> uOBG1mb8S7l0zfweTVObNQlie23ccgr9Yd97HcH8lc3fUW4W/gROgk54J4gocmZz
> Jk+xYyAlAa8p0ejV0Y7BY2VoBDYiYPSNH2Kz65b+ecK81BFera9xbA==
> =dDcB
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 8
> Date: Fri, 21 Dec 2012 06:40:48 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-195 : RealNetworks RealPlayer ATRAC
> Sample Decoding Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-195 : RealNetworks RealPlayer ATRAC Sample Decoding Remote Code
> Execution Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-0928
> 
> - -- CVSS:
> 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
> 
> - -- Affected Vendors:
> RealNetworks
> 
> - -- Affected Products:
> RealNetworks RealPlayer
> 
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12482.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of RealNetworks Real Player. User interaction is
> required to exploit this vulnerability in that the target must visit a
> malicious page or open a malicious file.
> 
> The specific flaw exists when the application attempts to decode an audio
> sample that is encoded with the ATRAC codec. While parsing sample data, the
> application will explicitly trust 2-bits as a loop counter which can be
> used to write outside the bounds of the target buffer. This can lead to
> code execution under the context of the application.
> 
> - -- Vendor Response:
> RealNetworks has issued an update to correct this vulnerability. More
> details can be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2011-10-28 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Andrzej Dyjak
> 
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRYylVtgMGTo1scAQIvqwf+InLpJWTUfaN65tPUF5tIc5bkT3QBCEe6
> tkvHCcTDLyftl1dBgXSkiy8wtCYrcDp0pWaOHYXtlRTzOxOZA4hjf2Tn66EPYVBy
> JPKFWnTrkHhlC6Bc/6l44LeVtV/LcygPtANr4J7FNqWfIUZ4eaV1NLqGra7tm4hJ
> kW/Vn8Syno9+WICi1FbV23KLeSvooRqvHtiNCKhsrKqFOyOBfSQlMO6Gp+n0j8JF
> Bl1XfWPEGRM6do4I/+1Sk9GuyKT6Smu8qcwT6X2334UHYfEHZLGDlHgNiAtB++XE
> KAamtcf8JRIMxT05hwJl8T10U5LiKucuxTr/gVT86niHTDPG2+A0Cg==
> =77vg
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 9
> Date: Fri, 21 Dec 2012 06:42:25 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-196 : Novell Groupwise GWIA
> ber_get_stringa Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-196 : Novell Groupwise GWIA ber_get_stringa Remote Code Execution
> Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-0417
> 
> - -- CVSS:
> 10, AV:N/AC:L/Au:N/C:C/I:C/A:C
> 
> - -- Affected Vendors:
> Novell
> 
> - -- Affected Products:
> Novell Groupwise
> 
> 
> - -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability by Digital Vaccine protection filter ID 12495.
> For further product information on the TippingPoint IPS, visit:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Novell Groupwise. Authentication is not
> required to exploit this vulnerability.
> 
> The flaw exists within the Groupwise Internet Agent component, specifically
> the optional LDAP server which listens on tcp port 389. When parsing a BER
> encoded parameter the specified size is used to allocate a destination
> buffer. A properly encoded BER chunk could cause an integer size value to
> wrap before buffer allocation. A remote attacker can exploit this
> vulnerability to execute arbitrary code under the context of the SYSTEM
> account.
> 
> - -- Vendor Response:
> 
> Novell has issued an update to correct this vulnerability. More details can
> be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> 
> - -- Disclosure Timeline:
> 2011-10-21 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * Francis Provencher From Protek Research Lab's
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRZJlVtgMGTo1scAQK79gf+JjzJEnHzMsddv86rxWEgVxgPaHb+Ih0N
> 2OT1aPxDpHIDBA3hZg6iAGMuQVYj8Ot623NsLWKyAM7dpdEcaHgifW8zgThyEhdP
> m5eMslAOkuQ93NuqQqL4HAm0L6caNHQJ6Eqwn3Skg0UC5osJrH3SWmagLSGaiLJ1
> SlfYD3CxbI/NeShIV93lSRqRXvqIf9wFsQrXNoJgw0shlJw3MBe+t4/NX5wt5fba
> Vo/5BtmcpHZQawOd8FMmwoggvfhkoFc5BE1nncZSSfWCpeZ1raIUAmIFwZVj4THy
> 91GD++j9PKHc4QYJO2FVrlA0xJqXrSehz2XSLb/z9QZeCk3S1lKBGg==
> =P609
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> Message: 10
> Date: Fri, 21 Dec 2012 06:43:39 -0600
> From: ZDI Disclosures <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Subject: [Full-disclosure] ZDI-12-197 : Oracle Java
> java.beans.Statement Remote Code Execution Vulnerability
> To: Full Disclosure <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>, BugTraq
> <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>,
> full-disclosure@...ts.grok.org.uk <mailto:full-disclosure@...ts.grok.org.uk>
> Message-ID: <full-disclosure@...ts.grok.org.uk
> <mailto:full-disclosure@...ts.grok.org.uk>>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ZDI-12-197 : Oracle Java java.beans.Statement Remote Code Execution
> Vulnerability
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> December 21, 2012
> 
> - -- CVE ID:
> CVE-2012-1682
> 
> - -- CVSS:
> 9, AV:N/AC:L/Au:N/C:P/I:P/A:C
> 
> - -- Affected Vendors:
> Oracle
> 
> - -- Affected Products:
> Oracle Java Runtime
> 
> - -- Vulnerability Details:
> This vulnerability allows remote attackers to execute arbitrary code on
> vulnerable installations of Oracle Java. User interaction is required to
> exploit this vulnerability in that the target must visit a malicious page
> or open a malicious file.
> 
> The specific flaw exists within the java.beans.Expression class. Due to
> unsafe handling of reflection of privileged classes inside the Expression
> class it is possible for untrusted code to gain access to privileged
> methods and properties. This can result in remote code execution under the
> context of the current process.
> 
> - -- Vendor Response:
> Oracle has issued an update to correct this vulnerability. More details can
> be found at:
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 15.html
> 
> 
> - -- Disclosure Timeline:
> 2012-07-24 - Vulnerability reported to vendor
> 2012-12-21 - Coordinated public release of advisory
> 
> - -- Credit:
> This vulnerability was discovered by:
> * James Forshaw (tyranid)
> 
> 
> - -- About the Zero Day Initiative (ZDI):
> Established by TippingPoint, The Zero Day Initiative (ZDI) represents
> a best-of-breed model for rewarding security researchers for responsibly
> disclosing discovered vulnerabilities.
> 
> Researchers interested in getting paid for their security research
> through the ZDI can find more information and sign-up at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> The ZDI is unique in how the acquired vulnerability information is
> used. TippingPoint does not re-sell the vulnerability details or any
> exploit code. Instead, upon notifying the affected product vendor,
> TippingPoint provides its customers with zero day protection through
> its intrusion prevention technology. Explicit details regarding the
> specifics of the vulnerability are not exposed to any parties until
> an official vendor patch is publicly available. Furthermore, with the
> altruistic aim of helping to secure a broader user base, TippingPoint
> provides this vulnerability information confidentially to security
> vendors (including competitors) who have a vulnerability protection or
> mitigation product.
> 
> Our vulnerability disclosure policy is available online at:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> Follow the ZDI on Twitter:
> 
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 10.2.0 (Build 1950)
> Charset: utf-8
> 
> wsBVAwUBUNRZdVVtgMGTo1scAQKYuAf8C4LTqhJ1Bk+usVtZ2mRjALe7+gTVvTk6
> j/q9Zqy/XsimBYXIiJW2QRt+CJqS/9e/8M+xH14FkSmZRGhHDaVR0tZ8cTuHPopm
> C3XnhzIJOk9XdoA8HdHVnMmd7vACA+ILyAX4n8feDHDHqUH7eTBZ3zdILxNTidQi
> cZgB67wqsOtsl8shsblGivkRWzlcheIC5492M17wwCr+PgMcg9xtSp3uD7MbNsNL
> BSOojIqMEhEhzDZ8P2wOBcSMN1EaSAxJYhHAI+ABfdp8LZ9IJt6GfIfoyzf34GQY
> dE7XrJMm0BVfd6oHQaArEcH6sI6XPU7RlMVJNvXUH4XuJH9Qww/lRw==
> =TyDY
> -----END PGP SIGNATURE-----
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> ------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> Hosted and sponsored by Secunia -
> https://lists.grok.org.uk/mailman/listinfo/full-disclosure
> 
> End of Full-Disclosure Digest, Vol 94, Issue 27
> ***********************************************
> 
> 
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists