Be it any segment – Home, SMB or Corporate / Enterprise, IT users are facing cyber-attacks increasingly. The fact is that new vulnerabilities are being created constantly, thus creating a window of opportunity for cyber criminals. The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the week of February 09, 2015.
The National Institute of Standards and Technology (NIST) have found vulnerabilities that can make a system prone to malware attacks and unauthorized access.
Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:
- Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka “Microsoft Office Component Use After Free Vulnerability.” Find out other vulnerable versions from here: https://1.usa.gov/1CHN4z2
- Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. Find out other vulnerable versions from here: https://1.usa.gov/1vgdvyc
- The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. Find out other vulnerable versions from here: https://1.usa.gov/1zNs8EL
- Two SQL injection vulnerabilities have been found in Zerocms <= v. 1.3.3. The first SQL injection vulnerability is located in the article_id parameter used in zero_view_article.php and can be exploited even by unauthenticated attackers. The second vulnerability is a Blind SQL injection and is located in the user_id parameter used in a POST request in zero_transact_user.php. Find out other vulnerable versions from here: https://1.usa.gov/1FrB3nr
- Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. Find out other vulnerable versions from here: https://1.usa.gov/1AR9JMC
- The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperties3 methods, which triggers a dereference of an arbitrary memory address. NOTE: this issue was MERGED with CVE-2014-0606 because it is the same type of vulnerability, affecting the same set of versions, and discovered by the same researcher. Find out other vulnerable versions from here: https://1.usa.gov/1L9W04O
- Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Find out other vulnerable versions from here: https://1.usa.gov/17RA0Q5
- Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory. Find out other vulnerable versions from here: https://1.usa.gov/1yVVMY8
- The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka “Group Policy Remote Code Execution Vulnerability.” Find out other vulnerable versions from here: https://1.usa.gov/1vVyp6q
- Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka “OneTableDocumentStream Remote Code Execution Vulnerability.” Find out other vulnerable versions from here: https://1.usa.gov/1yVWeWz
- The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token’s level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka “CNG Security Feature Bypass Vulnerability” or MSRC ID 20707. Find out other vulnerable versions from here: https://1.usa.gov/1MwBChF
There are many such vulnerable software ranked in the division of high, medium, and low severities. To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: https://1.usa.gov/19p1fSk.
