Quickbooks 2009 – Quickbooks 2012; in conjunction with Internet Explorer Versions 7-9
- The vulnerability described in this document can potentially be
code as the user viewing the malicious content.
- Intuit Help System Protocol File Retrieval:
- The vulnerability described in this document can be exploited by
which the user viewing the HTML has local or network file system
access. The attacker must know or guess the path and file name of the
target ZIP archive and the target file it contains. A further
significant limitation is that files in subdirectories inside of ZIP
archives have proven inaccessible, based on a sampling of Windows
ZIPs, Microsoft Office 2007 documents, JARs, and APKs.
No vendor response at the time of public release. More information with be posted has it becomes available.
CA Technologies is warning that some versions of CA ARCserve Backup for Windows contain a security vulnerability (CVE-2012-1662) that could be exploited by a remote attacker to cause a denial-of-service (DoS) condition to disable network services. According to the company, the bug occurs due to insufficient validation of certain types of network requests.
Versions r12.0, r12.0 SP1, r12.0 SP2, r12.5, r12.5 SP1, r15, r15 SP1 and r16 are affected. CA ARCserve Backup for Windows r12.5 SP2 and r16 SP1 are not vulnerable. Fixes have been released to close the hole.
Further information about the problem, including instructions on how to determine if an installation is affected and download links to patches, can be found in the company’s security advisory.
More can be found here from the vendor: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B983E3A52-8374-410A-82BD-B8788733C70F%7D
CybeRoam Unified Threat Management appliances offer assured security, connectivity and productivity to Small Office-Home Office (SOHO) and Remote Office-Branch Office (ROBO) users by allowing user identity-based policy controls.
Cyberoam UTM integrates with Active Directory. In order to query data from a configured AD, domain credentials are stored within the device. These credentials are retrievable by an authenticated user.
Domain credentials are stored on the device and passed to web clients on a diagnostic page (Identity –> Authentication –> Authentication Server –> /Select Configured AD/ ). Authenticated clients can thus easily access stored credentials.
A trivial check for this follows (replace cookie value):
curl -s -b “JSESSIONID=u2ur76lhy4qt” -H “Referer: blah”
The vulnerability allows a malicious user to access potentially privileged domain credentials. Should default passwords not be changed, then this is a trivial entry point onto a Windows domain.
Systems affected: Severity High
Cyberoam CR50ia 10.01.0 build 678
Symantec has issued a warning about a Trojan horse program that is capable of infecting both 32- and 64-bit versions of Windows 7. The malware can allow attackers to elevate privileges of restricted processes without user knowledge or permission.
The latest fully patched versions of Windows 7 are vulnerable to a Backdoor.Conpee Trojan, warned Mircea Ciubotariu, a security response engineer at Symantec, on a company blog.
Ciubotariu also states in the article: “The new Trojan targets both 32-bit and 64-bit versions of Windows 7, adding to the growing weight of evidence that malware writers are redesigning their software to bypass security features in 64-bit Windows, said Ciubotariu.
The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, that were intended to make them less vulnerable to malware.
But backdoor.Conpee and the recently-discovered Backdoor.Hackersdoor Trojan have both been shown to infect 64-bit operating systems, said Ciubotariu.
“What was just a theory not so long ago is now being used in-the-wild by [these] threats,” he warned.”
More on this topic can be found here: http://www.v3.co.uk/v3-uk/news/2159725/symantec-warns-bit-windows-trojans
Safari: Closes 80 Security Holes with version 5.1.4
Apple has released version 5.1.4 of its Safari web browser for Windows and Mac OS X. According to the company, the maintenance and security update addresses more than 80 vulnerabilities. The update also includes includes various stability and performance improvements as well as fixes for other non-security related bugs.
A majority of the security holes closed in 5.1.4 were found in the WebKit browser engine used by Safari. These include several cross-site scripting (XSS), cross-origin and HTTP authentication problems, as well as numerous memory corruption bugs that could be exploited by an attacker, for example, to cause unexpected application termination or arbitrary code execution.
The recent issue, where Google were accused of bypassing Safari’s privacy controls on cookies, also appears to have been addressed. Details of how Apple have fixed this though are not given. A bug in Safari’s Private Browsing mode that allowed page visits to be recorded in the browser history when the mode was active has been fixed.
On Windows systems, the browser update improves domain name validity checking in order to prevent attackers from using look-alike characters in a URL to visually spoof a legitimate domain and direct users to a malicious site – Mac OS X systems were not affected by this issue.
More can be found here: http://www.h-online.com/security/news/item/Safari-update-closes-security-holes-1470595.html
- Apple patches steaming heap of Safari bugs (go.theregister.com)
- Apple patches record number of Safari 5 bugs with monster update (infoworld.com)
- Apple releases Safari 5.1.4 update (applescoop.com)
- Apple Releases Safari 5.1.4 With Speed And Stability Improvements (cultofmac.com)