September 25, 2016

Microsoft Plugs TCP/IP Hole While Adobe Fixes Critical Vulnerabilities in Shockwave

(LiveHacking.Com) – Microsoft has issued four security bulletins to address four vulnerabilities in its Windows operating system including a ‘Critical’ vulnerability in TCP/IP.

The networking flaw, which was reported privately to Microsoft, could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system. Successful exploitation of MS11-083 would let an attacker run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The flaw exists in Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 but not in Windows XP or Windows Server 2003.

The remaining three bulletins are as follows:

MS11-085Vulnerability in Windows Mail and Windows Meeting Space Could Allow Remote Code Execution (2620704) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a legitimate file (such as an .eml or .wcinv file) that is located in the same network directory as a specially crafted dynamic link library (DLL) file. Then, while opening the legitimate file, Windows Mail or Windows Meeting Space could attempt to load the DLL file and execute any code it contained. For an attack to be successful, a user must visit an untrusted remote file system location or WebDAV share and open a legitimate file (such as an .eml or .wcinv file) from this location that is then loaded by a vulnerable application.

MS11-086< – Vulnerability in Active Directory Could Allow Elevation of Privilege (2630837) – This security update resolves a privately reported vulnerability in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS). The vulnerability could allow elevation of privilege if Active Directory is configured to use LDAP over SSL (LDAPS) and an attacker acquires a revoked certificate that is associated with a valid domain account and then uses that revoked certificate to authenticate to the Active Directory domain. By default, Active Directory is not configured to use LDAP over SSL.

MS11-084Vulnerability in Windows Kernel-Mode Drivers Could Allow Denial of Service (2617657) – This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow denial of service if a user opens a specially crafted TrueType font file as an e-mail attachment or navigates to a network share or WebDAV location containing a specially crafted TrueType font file. For an attack to be successful, a user must visit the untrusted remote file system location or WebDAV share containing the specially crafted TrueType font file, or open the file as an e-mail attachment. In all cases, however, an attacker would have no way to force users to perform these actions. Instead, an attacker would have to persuade users to do so, typically by getting them to click a link in an e-mail message or Instant Messenger message.

Adobe Shockwave Player

Whilst Microsoft was busy fixing its networking code, Adobe posted a security bulletin about its Shockwave Player.

Critical vulnerabilities exist in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and OS X. Successful exploitation would let an attacker run arbitrary code.

A new version of Shockwave Player is available which:

  • Resolves a memory corruption vulnerability in the DIRapi library that could lead to code execution (CVE-2011-2446).
  • Fixes a memory corruption vulnerability that could lead to code execution (CVE-2011-2447).
  • Resolves a memory corruption vulnerability in the DIRApi library that could lead to code execution (CVE-2011-2448).
  • Fixes multiple potential memory corruption vulnerabilities in the TextXtra module that could lead to code execution (CVE-2011-2449).

Adobe Releases Critical Security Bulletins for Shockwave, Flash Media Server and Photoshop

(LiveHacking.Com) – Following Google’s update of Chrome to include a new version of Adobe Flash Player,  Adobe has now released additional  security bulletins listing critical and important vulnerabilities in multiple products including Shockwave, Flash Media Server and Photoshop. The full list is:

  • Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems
  • Adobe Flash Media Server 4.0.2 and earlier versions
  • Adobe Flash Media Server 3.5.6 and earlier versions for Windows and Linux
  • Adobe Photoshop CS5 and CS5.1 and earlier for Windows and Macintosh
  • RoboHelp 9.0.1.233 and earlier, RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, take control of an affected system, or perform a cross-site scripting attack.

Memory corruptions

With the exception of RoboHelp, all the patches fix memory corruptions which if exploited could lead to execute arbitrary code. For example, the vulnerability in Photoshop CS5 and CS5.1, for Windows and Macintosh, could be exploited with a malicious .GIF file when it is opened in Photoshop by the user.

Zero-day exploit for Adobe Shockwave

A Windows exploit for a previously undisclosed hole in Adobe’s Shockwave player has been released. The demonstration version of the the exploit merely opens the Windows calculator when a specially crafted web page is accessed. However, criminals could exploit the hole to infect a PC with malware. The exploit currently only works under Windows XP SP3 and just triggered a browser crash when tested with Windows 7 and Internet Explorer by the The H’s associates at heise Security.

Read the full story here.

Source:[TheHSecurity]