:: IT Security Neophyte Investigator's MEMO ::: 9日水曜日、先負

2012年5月9日水曜日

9日水曜日、先負

+ APSB12-13 Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb12-13.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2033

+ APSB12-12 Security bulletin for Adobe Flash Professional
http://www.adobe.com/support/security/bulletins/apsb12-12.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0778

+ APSB12-11 Security bulletin for Adobe Photoshop
http://www.adobe.com/support/security/bulletins/apsb12-11.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2028

+ APSB12-10 Security bulletin for Adobe Illustrator
http://www.adobe.com/support/security/bulletins/apsb12-10.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2023
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2024
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2026

+ About the security content of iOS 5.1.1 Software Update
http://support.apple.com/kb/HT5278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0672

+ CentOS alert CESA-2012:0544 (ImageMagick)
http://lwn.net/Alerts/496283/

+ CentOS alert CESA-2012:0545 (ImageMagick)
http://lwn.net/Alerts/496284/

+ CentOS alert CESA-2012:0546 (php)
http://lwn.net/Alerts/496286/
http://lwn.net/Alerts/496287

+ CentOS alert CESA-2012:0547 (php53)
http://lwn.net/Alerts/496288/

+ 2695962 Update Rollup for ActiveX Kill Bits
http://technet.microsoft.com/en-us/security/advisory/2695962

+ 2695962 ActiveX の Kill Bit 更新プログラムのロールアップ
http://technet.microsoft.com/ja-jp/security/advisory/2695962

+ Microsoft Security Bulletin Summary for May 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-may

+ MS12-029 - Critical Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352)
http://technet.microsoft.com/en-us/security/bulletin/MS12-029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0183

+ MS12-030 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2663830)
http://technet.microsoft.com/en-us/security/bulletin/ms12-030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0185
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1847

+ MS12-031 - Important Vulnerability in Microsoft Visio Viewer 2010 Could Allow Remote Code Execution (2597981)
http://technet.microsoft.com/en-us/security/bulletin/MS12-031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0018

+ MS12-032 - Important Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338)
http://technet.microsoft.com/en-us/security/bulletin/ms12-032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0179

+ MS12-033 - Important Vulnerability in Windows Partition Manager Could Allow Elevation of Privilege (2690533)
http://technet.microsoft.com/en-us/security/bulletin/ms12-033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0178

+ MS12-034 - Critical Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578)
http://technet.microsoft.com/en-us/security/bulletin/ms12-034
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0176
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0180
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1848

+ MS12-035 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777)
http://technet.microsoft.com/en-us/security/bulletin/ms12-035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0161

+ PHP 5.4.3 and PHP 5.3.13 Released!
http://www.php.net/ChangeLog-5.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2329

プレス発表
ソースコードセキュリティ検査ツール「iCodeChecker」の公開
～開発工程にソースコード検査技術(*1)を用いて、より安全なソフトウェア開発を～
http://www.ipa.go.jp/about/press/20120508.html

チェック・ポイント、ボット/標的型攻撃の出口対策を機能モジュール化
http://itpro.nikkeibp.co.jp/article/NEWS/20120508/395122/?ST=security

JVN#09619876 複数のジャストシステム製品におけるバッファオーバーフローの脆弱性
http://jvn.jp/jp/JVN09619876/index.html

JVNVU#341483 Apple iOS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU341483/index.html

APPLE-SA-2012-05-07-1 iOS 5.1.1 Software Update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00030.html

Ubuntu, Linux Mint, and the Guest Account
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00032.html

Fwd: [cryptography] Apple Legacy filevault barn door...
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00031.html

[SECURITY] [DSA 2459-2] quagga security update
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00027.html

VMware Backdoor ghi.guest.trashFolder.state Uninitialized Memory Potential VM Break
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00029.html

[ MDVSA-2012:070 ] samba
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00026.html

[ MDVSA-2012:069 ] cifs-utils
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00025.html

Format Factory v2.95 - Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00024.html

Format Factory v2.95 - Buffer Overflow Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2012-05/msg00028.html

Microsoft .NET Bugs Let Remote Users Execute Arbitrary Code and Deny Service
http://www.securitytracker.com/id/1027048

Adobe Photoshop Buffer Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027046

Windows TCP/IP Stack Lets Remote Users Bypass the Firewall and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027044

Microsoft Windows Partition Manager Memory Allocation Error Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027043

Microsoft Visio Viewer Memory Corruption Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027042

Microsoft Office Excel File Memory Corruption Errors and Heap Overflows Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027041

Microsoft Silverlight Double Free Memory Error Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027040

Windows OS Lets Remote Users Cause Arbitrary Code to Be Executed and Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1027039

Microsoft GDI+ Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027038

Adobe Shockwave Player Memory Corruption Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027037

Microsoft .NET Framework Serialization Bugs Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027036

Microsoft Word RTF Processing Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1027035

HP Performance Insight Lets Remote Authenticated Users Gain Elevated Privileges and Remote Users Conduct Cross-Site Scripting and SQL Injection Attacks
http://www.securitytracker.com/id/1027031

New Poll: Which Patch Delivery Schedule Works the Best for You?
http://isc.sans.edu/diary.html?storyid=13150

Windows Firewall Bypass Vulnerability and NetBIOS NS
http://isc.sans.edu/diary.html?storyid=13156

Microsoft May 2012 Black Tuesday Update - Overview
http://isc.sans.edu/diary.html?storyid=13159

Symantec False-Positive Issue with XLS Files - Bloodhound.Exploit.459
http://isc.sans.edu/diary.html?storyid=13162

May Adobe Security Bulletins
http://isc.sans.edu/diary.html?storyid=13165

PHP 5.4.3 and PHP 5.3.13 Released
http://isc.sans.edu/diary.html?storyid=13168

Incident-response without NTP
http://isc.sans.edu/diary.html?storyid=13147

Microsoft Office Multiple Vulnerabilities
http://secunia.com/advisories/49121/

Microsoft Silverlight Multiple Vulnerabilities
http://secunia.com/advisories/49122/

Microsoft Windows Multiple Vulnerabilities
http://secunia.com/advisories/49120/

Microsoft .NET Framework Multiple Vulnerabilities
http://secunia.com/advisories/49119/

Microsoft Office Excel Multiple Vulnerabilities
http://secunia.com/advisories/49112/

Microsoft .NET Framework Two Serialization Vulnerabilities
http://secunia.com/advisories/49117/

Microsoft Windows Partition Manager Privilege Escalation Vulnerability
http://secunia.com/advisories/49115/

Microsoft Windows TCP/IP Stack Two Vulnerabilities
http://secunia.com/advisories/49114/

Microsoft Visio Viewer VSD File Format Memory Corruption Vulnerability
http://secunia.com/advisories/49113/

Microsoft Office Word RTF Data Parsing Vulnerability
http://secunia.com/advisories/49111/

Serendipity "serendipity[textarea]" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49009/

WordPress Login With Ajax Plugin JSON Callback Cross-Site Scripting Vulnerability
http://secunia.com/advisories/49013/

SUSE update for flash-player
http://secunia.com/advisories/49038/

Node.js HTTP Parser Information Disclosure Vulnerability
http://secunia.com/advisories/49066/

HP Performance Insight Multiple Vulnerabilities
http://secunia.com/advisories/49079/

Ubuntu update for linux-lts-backport-natty
http://secunia.com/advisories/49069/

Ubuntu update for kernel
http://secunia.com/advisories/48889/

Red Hat update for JBoss Enterprise Web Server
http://secunia.com/advisories/49080/

XPhone Unified Communications 2011 Contact Company Name Script Insertion Vulnerability
http://secunia.com/advisories/48979/

Red Hat update for ImageMagick
http://secunia.com/advisories/49063/

Red Hat update for php
http://secunia.com/advisories/49065/

Red Hat update for ImageMagick
http://secunia.com/advisories/49068/

Ubuntu update for horizon
http://secunia.com/advisories/49071/

SUSE update for php5
http://secunia.com/advisories/49085/

Red Hat update for php53
http://secunia.com/advisories/49087/

Jibberbook 2.3 Administrative Bypass
http://cxsecurity.com/issue/WLB-2012050063

Efront 3.6.11 Cross Site Scripting / Shell Upload
http://cxsecurity.com/issue/WLB-2012050062

EnjoyGraph Communication SQL Injection
http://cxsecurity.com/issue/WLB-2012050061

NeXus Infotech CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012050060

Magnolia Development Group CSRF / SQL Injection
http://cxsecurity.com/issue/WLB-2012050059

Ramui Forum Script Cross Site Scripting
http://cxsecurity.com/issue/WLB-2012050058

Etelligence Technologies SQL Injection
http://cxsecurity.com/issue/WLB-2012050057

PHP 'php-cgi' Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53388

KingSCADA Insecure Password Encryption Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51582

MyBB 'keywords' Parameter Multiple SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/45565

MyBB 'member.php' and 'newreply.php' Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/45496

Microsoft Windows 'Win32k.sys' TrueType Font Handling Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/50462

Adobe Photoshop '.tiff' File Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/52634

ImageMagick Buffer Overflow and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/51957

ImageMagick 'configure.c' Configuration File Loading Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/45044

ImageMagick Multiple Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/52898

Mozilla Firefox/Thunderbird/SeaMonkey Out of Bounds Memory Corruption Vulnerability
http://www.securityfocus.com/bid/51138

Linux Kernel 'memcg' NULL Pointer Deference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52324

Linux Kernel Regsets CVE-2012-1097 NULL Pointer Dereference Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52274

Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51945

Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/52197

Linux Kernel KVM CVE-2012-0045 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/51389

Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
http://www.securityfocus.com/bid/50811

VMware Multiple Products Multiple Memory Corruption Privilege Escalation Vulnerabilities
http://www.securityfocus.com/bid/53369

Piwik Multiple Unspecified Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53425

SAP NetWeaver Remote Code Execution and Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/53424

WordPress Login With Ajax Plugin Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/53423

Adobe Illustrator APSB12-10 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53422

Adobe Photoshop CVE-2012-2028 Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53421

Adobe Shockwave Player APSB12-13 Multiple Unspecified Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/53420

Adobe Flash Professional Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53419

Serendipity SQL Injection and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/53418

MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53417

Node.js HTTP Parser Information Disclosure Vulnerability
http://www.securityfocus.com/bid/53416

Microsoft Excel CVE-2012-1847 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53379

Microsoft Windows Partition Manager Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53378

Microsoft Excel 'MergeCells' Record Heap Overflow Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53376

Microsoft Excel SXLI Record Memory Corruption Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53375

Microsoft Excel Memory Corruption CVE-2012-0143 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53374

Microsoft Excel Memory Corruption CVE-2012-0142 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53373

Microsoft .NET Framework Index Comparison Denial Of Service Vulnerability
http://www.securityfocus.com/bid/53363

Microsoft Silverlight Double-Free CVE-2012-0176 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53360

Microsoft .NET Framework Serialization CVE-2012-0162 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53358

Microsoft .NET Framework Serialization CVE-2012-0161 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53357

Microsoft .NET Framework Input Serialization CVE-2012-0160 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53356

Microsoft Windows Firewall CVE-2012-0174 Security Bypass Vulnerability
http://www.securityfocus.com/bid/53352

Microsoft GDI+ CVE-2012-0167 EMF Image Processing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/53351

Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53349

Microsoft GDI+ CVE-2012-0165 EMF Image Processing Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53347

Microsoft Word CVE-2012-0183 RTF Data Handling Remote Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53344

Microsoft Excel Memory Corruption CVE-2012-0141 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53342

Microsoft Windows TrueType Font Engine CVE-2012-0159 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53335

Microsoft Visio Viewer VSD File Format CVE-2012-0018 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/53328

Microsoft Windows CVE-2012-1848 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53327

Microsoft Windows CVE-2012-0181 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53326

Microsoft Windows CVE-2012-0180 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/53324

:: IT Security Neophyte Investigator's MEMO ::

2012年5月9日水曜日

9日水曜日、先負

0 件のコメント:

コメントを投稿

2012年5月9日水曜日

9日 水曜日、先負

0 件のコメント:

コメントを投稿

9日水曜日、先負