Results 1 to 10 of 95

Thread: Multiple AV vendor vulns - archived

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Multiple AV vendor vulns - archived

    FYI...

    (See: https://knowledge.mcafee.com/article...AL_Public.html
    "...before applying the HotFix...")

    - http://secunia.com/advisories/24466/
    Release Date: 2007-03-14
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software:
    McAfee ePolicy Orchestrator 3.x
    McAfee ProtectionPilot 1.x
    ...Successful exploitation allows execution of arbitrary code.
    The vulnerabilities affect the following products:
    * McAfee ePolicy Orchestrator 3.5.0 (Patch 5 and earlier)
    * McAfee ePolicy Orchestrator 3.6.0 (Patch 5 earlier)
    * McAfee ePolicy Orchestrator 3.6.1
    * McAfee ProtectionPilot 1.1.1 (Patch 3 and earlier)
    * McAfee ProtectionPilot 1.5.0
    Solution: Apply hotfix/patch.
    https://mysupport.mcafee.com/eservice_enu/start.swe ..."

    -----------------------------------------------------------
    - http://secunia.com/advisories/24450/
    Release Date: 2007-03-15
    Critical: Moderately critical
    Impact: DoS
    Where: From remote
    Solution Status: Vendor Patch
    ...The vulnerability reportedly affects all Trend Micro products that use Scan Engine version 8.0 and above with Pattern File technology.
    Solution: Update the virus pattern file to OPR 4.335.00 or higher...
    Original Advisory: Trend Micro:
    http://esupport.trendmicro.com/suppo...tID=EN-1034587 ..."

    -----------------------------------------------------------
    - http://support.f-secure.com/enu/corp...hotfixes.shtml
    F-Secure Anti-Virus Client Security 6.02 and 6.03
    Mar 12, 2007 - Client Security Hotfix FSAVCS603_HF02 (675 KB)
    "This hotfix improves error handling in the parts of F-Secure BackWeb Client responsible for setting the Management Server address on the Client side."



    FYI...

    Kaspersky multiple vulns - updates available
    - http://secunia.com/advisories/24778/
    Release Date: 2007-04-05
    Critical: Highly critical
    Impact: Privilege escalation, DoS, System access, Exposure of sensitive information, Exposure of system information
    Where: From remote
    Solution Status: Vendor Patch
    Solution: Update to version 6.0.2.614 or later.

    Kaspersky Anti-Virus for Windows Workstations:
    http://www.kaspersky.com/productupda...pter=146274385
    Kaspersky Anti-Virus for Windows Server:
    http://www.kaspersky.com/productupda...pter=146274391
    Kaspersky Internet Security 6.0:
    http://www.kaspersky.com/productupda...pter=186437046
    Kaspersky Anti-Virus 6.0:
    http://www.kaspersky.com/productupda...pter=186435857 ..."

    .

    FYI...

    McAfee VirusScan vuln - update available
    - http://secunia.com/advisories/24914/
    Release Date: 2007-04-18
    Critical: Moderately critical
    Impact: DoS, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: McAfee VirusScan Enterprise 8.x
    ...The vulnerability reportedly affects versions 8.0i Patch 11 and prior.
    Solution: Apply Patch 12 or later.
    https://mysupport.mcafee.com/eservice_enu/start.swe ...

    McAfee e-Business Svr DoS vuln - update available
    - http://secunia.com/advisories/24893/
    Release Date: 2007-04-18
    Critical: Less critical
    Impact: DoS
    Where: From local network
    Solution Status: Vendor Patch
    Software: McAfee e-Business Server 8.x ...
    Solution: Apply updates.
    https://secure.nai.com/apps/download...ucts/login.asp ...
    Original Advisory: McAfee:
    http://preview.tinyurl.com/2wlsg9 ...

    .

    FYI...

    avast! DoS Vuln - update available
    - http://secunia.com/advisories/25137/
    Release Date: 2007-05-08
    Critical: Less critical
    Impact: DoS
    Where: From remote
    Solution Status: Vendor Patch
    Software: avast! Home/Professional 4.x
    ...The vulnerability is reported in avast! Home Edition and avast! Professional Edition.
    Solution: Update to version 4.7.981 or later...
    Original Advisory:
    avast!: http://www.avast.com/eng/avast-4-hom...n-history.html ..."

    .

    FYI...

    McAfee SecurityCenter ActiveX vuln - updates available
    - http://secunia.com/advisories/25173/
    Release Date: 2007-05-09
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch ...
    ...The vulnerability affects versions -prior- to 7.2.147 and 6.0.25.
    Solution: The fix has reportedly been available via automatic updates since March 22, 2007.
    Update to Security Center version 7.2.147 and 6.0.25, or higher.
    http://us.mcafee.com/root/login.asp ..."



    FYI...

    Trend Micro ServerProtect vuln - update available

    - http://secunia.com/advisories/25186/
    Last Update: 2007-05-09
    Critical: Moderately critical
    Impact: System access
    Where: From local network
    Solution Status: Vendor Patch
    Software: Trend Micro ServerProtect for Windows/NetWare 5.x
    ...Successful exploitation of the vulnerabilities allows execution of arbitrary code...
    Original Advisory: Trend Micro:
    http://www.trendmicro.com/download_b...p?productid=17 ..."

    > http://isc.sans.org/diary.html?storyid=2774
    Last Updated: 2007-05-09 16:04:05 UTC



    FYI...

    NOD32 AV vuln - update available
    - http://secunia.com/advisories/25375/
    Release Date: 2007-05-23
    Critical: Moderately critical
    Impact: Privilege escalation, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: NOD32 for Windows NT/2000/XP/2003 2.x
    ...Successful exploitation may allow execution of arbitrary code.
    The vulnerabilities are reported in versions prior to 2.70.37.
    Solution: Update to version 2.70.39.
    http://www.eset.com/download/registered_software.php ..."

    .

    FYI...

    - http://secunia.com/advisories/25380/
    Release Date: 2007-05-24
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    ...Successful exploitation may allow execution of arbitrary code.
    The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
    Solution: Update to the latest versions.
    http://www.avast.com/eng/download.html
    Original Advisory: avast!:
    http://www.avast.com/eng/adnm-manage...n-history.html
    http://www.avast.com/eng/avast-4-ser...n-history.html ..."

    .

    FYI...

    - http://secunia.com/advisories/25417/
    Release Date: 2007-05-29
    Critical: Highly critical
    Impact: DoS, System access
    Where: From remote
    Solution Status: Vendor Patch...
    Solution: Update to AVPack version 7.03.00.09 and Engine version 7.04.00.24. These updates have reportedly been made available since 2007-05-23...
    Original Advisory: Avira:
    http://forum.antivir-pe.de/thread.php?threadid=22528 ..."

    .

    FYI...

    F-Secure Anti-Virus 5 hotfixes
    > http://support.f-secure.com/enu/corp...hotfixes.shtml

    ------------------------------------------------

    F-Secure Products vuln - updates available
    - http://secunia.com/advisories/25426/
    Release Date: 2007-05-30
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software:
    F-Secure Anti-Virus 2005
    F-Secure Anti-Virus 2006
    F-Secure Anti-Virus 2007
    F-Secure Anti-Virus 5.x
    F-Secure Anti-Virus Client Security 6.x
    F-Secure Anti-Virus for Citrix Servers 5.x
    F-Secure Anti-Virus for Linux 4.x
    F-Secure Anti-Virus for Microsoft Exchange 6.x
    F-Secure Anti-Virus for MIMEsweeper 5.x
    F-Secure Anti-Virus for Windows Servers 5.x
    F-Secure Anti-Virus for Workstations 5.x
    F-Secure Internet Gatekeeper 6.x
    F-Secure Internet Gatekeeper for Linux 2.x
    F-Secure Internet Security 2005
    F-Secure Internet Security 2006
    F-Secure Internet Security 2007 ...
    The vulnerability is caused due to a boundary error in the processing of LHA archives and can be exploited to cause a buffer overflow when decompressing a specially crafted archive.
    The vulnerability is related to #1 in: http://secunia.com/SA21996/
    Successful exploitation may allow execution of arbitrary code.
    Solution: Apply hotfixes.
    F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
    F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
    F-Secure Protection Service for Consumers: Hotfix distributed automatically...
    Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-1.shtml ..."
    ------------------------------------------------

    F-Secure AV vuln - update available
    - http://secunia.com/advisories/25439/
    Release Date: 2007-05-30
    Critical: Less critical
    Impact: Privilege escalation
    Where: Local system
    Solution Status: Vendor Patch
    Software:
    F-Secure Anti-Virus 2005
    F-Secure Anti-Virus 2006
    F-Secure Anti-Virus 2007
    F-Secure Anti-Virus 5.x
    F-Secure Anti-Virus Client Security 6.x
    F-Secure Anti-Virus for Citrix Servers 5.x
    F-Secure Anti-Virus for MIMEsweeper 5.x
    F-Secure Anti-Virus for Windows Servers 5.x
    F-Secure Anti-Virus for Workstations 5.x
    F-Secure Internet Security 2005
    F-Secure Internet Security 2006
    F-Secure Internet Security 2007
    ...The vulnerability is caused due to an error in the real-time scanning component and can be exploited to execute arbitrary code with escalated privileges via specially crafted I/O request packets.
    Solution: F-Secure Internet Security 2005 - 2007: Hotfix distributed automatically.
    F-Secure Anti-Virus 2005 - 2007: Hotfix distributed automatically.
    F-Secure Protection Service for Consumers 5.00 - 6.40: Hotfix distributed automatically...
    Original Advisory: F-Secure: http://www.f-secure.com/security/fsc-2007-2.shtml ..."
    ----------------------------

    F-Secure Policy Mgr Svr DoS Vuln - update available
    - http://secunia.com/advisories/25449/
    Release Date: 2007-05-30
    Critical: Less critical
    Impact: DoS
    Where: From local network
    Solution Status: Vendor Patch
    ...The vulnerability is caused due to an error within the fsmsh.dll host module and can be exploited to e.g. crash the server by specifying NTFS reserved names as URL filenames. The vulnerability affects versions 7.00 and prior.
    Solution: Update to 7.01 or apply hotfix. http://www.f-secure.com/webclub/fspm.html
    ftp://ftp.f-secure.com/support/hotfi...70-hotfix2.zip ...
    Original Advisory: F-Secure:
    http://www.f-secure.com/security/fsc-2007-4.shtml ..."

    .
    Last edited by AplusWebMaster; 2010-08-23 at 21:27. Reason: archive
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •