|
Eudora Qualcomm WorldMail
Vulnerability
CVE ID: CVE-2005-4267
Affected Products
Eudora Qualcomm WorldMail version 3.0 and prior
Details
A vulnerability has been identified in Eudora Qualcomm
WorldMail. When Eudora parses an IMAP command that is long and
end with the "}" character, a buffer overflow error could
happen and could allow remote hackers to compromise the
vulnerable system and take full control of the computer.
Exploits are now in the wild.
BroadWeb BSST's Suggestions:
1. Upgrade to Eudora Qualcomm WorldMail version 3.1
:
2. Upgrade signature pattern to version 3.35, which
includes:
#1052266_EXPLOIT Eudora WorldMail IMAPD Server Remote
Command Execution
Media Player BMP Handling
Buffer Overflow (MS06-005)
CVE ID: CVE-2006-0006
Affected Products
Microsoft Windows Media Player 7.1 on Windows 2000
Service Pack 4
Microsoft Windows Media Player 9 on Windows 2000 Service
Pack 4
Microsoft Windows Media Player 9 on Windows XP Service
Pack 1
Microsoft Windows Media Player 9 on Windows XP Service
Pack 2
Microsoft Windows Media Player 9 on Windows Server
2003
Microsoft Windows Media Player 10 on Windows XP Service
Pack 1
Microsoft Windows Media Player 10 on Windows XP Service
Pack 2
Details
A vulnerability has been identified in Microsoft Windows
Media Player. The parsing module of MS Windows Media Player is
known to have a flaw, which could cause a buffer overflow
error in parsing bitmap images. A hacker can exploit such flaw
by duping users to visit a malicious web site or by duping
users to open a malicious document (word, ppt, etc,) that
contains a malformed Windows Media Player (.wmp) image. A
successful attack can take full control of the vunlerable
system. Exploits are now in the wild.
BroadWeb BSST's Suggestions:
1. Apply MS06-005 patches:
2. Upgrade signature pattern to version 3.35, which
includes:
#1052267_EXPLOIT Media Player BMP Handling Buffer
Overflow (MS06-005)
SPIP Remote Code Injection
Vulnerabilities
CVE ID: CVE-2006-0625
Affected Products
SPIP version 1.8.2-g and prior
Summary
Two vulnerabilities were identified in SPIP. Successful
exploration of such vulnerabilities could allow a hacker to
compromise a vulnerable system. Exploits are now in the
wild.
BroadWeb BSST's Suggestions:
1. Patches from venders are not known as of Feb. 17,
2006.
2. Upgrade signature pattern to version 3.35, which
includes:
#1052268_EXPLOIT SPIP 1.8.2g remote commands
execution
Broadweb Security Service Team (BSST) - Empower Your
Network Security
Broadweb NetKeeper Intruder Prevention System delivers
the protection against intrusion, worms, DDOS, Instant
messaging, P2P, Web-Mail, and Web
Post. | 