The Cisco WebEx Recording Format (WRF) player contains three buffer overflow vulnerabilities. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system with the privileges of a targeted user.
The Cisco WebEx Players are applications that are used to play back WebEx meeting recordings that have been recorded on a WebEx meeting site or on the computer of an online meeting attendee. The players can be automatically installed when the user accesses a recording file that is hosted on a WebEx meeting site. The players can also be manually
installed for offline playback after downloading the application from
If the WRF player was automatically installed, it will be automatically upgraded to the latest, nonvulnerable version when users access a recording file that is hosted on a WebEx meeting site. If the WRF player was manually installed, users will need to manually install anew version of the player after downloading the latest version from
Cisco has updated affected versions of the WebEx meeting sites and WRF player to address these vulnerabilities.
This advisory is available at the following link:
- Cisco Security Advisory: Cisco Small Business SRP 500 Series (netsecurityit.wordpress.com)
- Cisco Security Advisory: Cisco IOS Software Smart Install Denial of Service Vulnerability (netsecurityit.wordpress.com)
- Cisco Security Appliances at risk from Telnet bug (netsecurityit.wordpress.com)
- Cisco Security Advisory: Buffer Overflow Vulnerabilities in the Cisco WebEx Player (seclists.org)
- CVE-2012-1336 (webex_recording_format_player) (web.nvd.nist.gov)
- CVE-2012-1335 (webex_recording_format_player) (web.nvd.nist.gov)
- Firefox 11,
- Firefox 3.6.28,
- Firefox ESR 10.0.3,
- Thunderbird 11,
- Thunderbird 3.1.20,
- Thunderbird ESR 10.0.3, and
- SeaMonkey 2.8.
These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, operate with escalated privileges, or perform a cross-site scripting attack.
Firefox users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/firefox.html
Thunderbird users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
Seamonkey users can find more information here: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html
Safari: Closes 80 Security Holes with version 5.1.4
Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.
A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.
The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.
On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.
More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html
- Apple patches steaming heap of Safari bugs (go.theregister.com)
- Apple patches record number of Safari 5 bugs with monster update (infoworld.com)
- Apple releases Safari 5.1.4 update (applescoop.com)
- Apple Releases Safari 5.1.4 With Speed And Stability Improvements (cultofmac.com)
Alongside the launch of the “new iPad“, Apple released iOS 5.1 for the iPhone 3GS, 4 and 4S, the 3rd generation iPod touch, and iPad and iPad 2. The update includes fixes for 91 issues with CVE identifiers. The majority, 66 of the issues, are described as “unexpected application termination or arbitrary code execution” in WebKit due to memory corruption. These flaws were mostly found by Apple or members of the Google Chrome Security Team, while a number were found by Chrome special rewardwinner miaubiz.
Two screen lock bypass issues are fixed, including one, a race condition with slide to dial gestures that could bypass the passcode lock, discovered by Roland Kohler of the German Federal Ministry of Economics and Technology, and an uncredited discovery that Siri’s lock screen could be used to forward messages to an arbitrary user.
iOS 5 devices have automatic update support, and the update should be available “over-the-air” or via iTunes. Users who wish to force the update can use the Settings app, select General and then Software Update, ensuring the device is fully charged or on charge. Full details of all the issues fixed are given in About the security content of iOS 5.1 Software Update.
Many of the same WebKit issues are fixed in the iTunes 10.6 update to mitigate the possibility that a man-in-the middle attack could be used while browsing Apple’s iTunes Store to compromise a system. The iTunes 10.6 update is for Mac OS X and Windows systems and details of the fixes are available in About the security content of iTunes 10.6.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 for HTTP and 34443 for HTTPS. Due to a flaw in the implementation of the ExportReport stored procedure, it is possible for a remote, unauthenticated user to inject arbitrary SQL commands in the SOAP request–which could ultimately lead to arbitrary code executionunder the context of the SYSTEM user by invoking an exec function.
Vendor Says: “We are pleased to confirm that all three vulns that were reported by Tipping Point were proactively closed as part of the Total Defense R12 SE3 (Build 831) release cycle. This SE3 release is publicly shipping from our download links since December 5th, 2011. Physical media (DVD) is currently in production for those clients seeking that option as opposed to a download and we will be shipping those DVDs in early January 2012 based on the production schedule. ”
This vulnerability should be patched as soon as possible!
Microsoft Security Bulletin Advance Notification for February 2012:
Microsoft has blessed us again with another Patch Tuesday. Here is advanced notification of 9 Bulletins for Valentine’s Day.
IE update likely the one users will want to apply ASAP, say researchers
- 4 Critical – Microsoft Windows (2) – Remote Code Execution, Microsoft Windows – Internet Explorer (1) – Remote Code Execution, Microsoft .NET Framework (1) – Remote Code Execution, Microsoft Silverlight (1) – Remote Code Execution
- 5 Important – Microsoft Windows (2) – Remote Code Execution, Microsoft Windows (1) – Elevation of Privilege, Microsoft Office – Windows Server Software (1) – Elevation of Privilege, Microsoft Office (1) – Elevation of Privilege
The full version of the Microsoft Security Bulletin Advance
Notification for February 2012 can be found at: http://technet.microsoft.com/security/bulletin/ms12-feb.
This bulletin advance notification will be replaced with the February bulletin summary on February 14, 2012. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification
- First Microsoft Patch Tuesday of 2012 (netsecurityit.wordpress.com)
Debian Security Advisory DSA-2403-1
php5 remote code execution, after problems were patched.
Stefan Esser discovered that the implementation of the max_input_vars configuration variable in a recent PHP security update was flawed such that it allows remote attackers to crash PHP or potentially execute code.
- For the oldstable distribution (lenny), no fix is available at this time.
- For the stable distribution (squeeze), this problem has been fixed in version 5.3.3-7+squeeze7.
- The testing distribution (wheezy) and unstable distribution (sid) will be fixed soon.
Recommended that you upgrade your php5 packages.
Further information about Debian Security Advisories,
found at: http://www.debian.org/security/
- PHP 5.3.10 release delivers a critical security fix (php.net)
- Manuel Lemos: Another Serious Security Bug on PHP 5.3.9 (phpclasses.org)