星期三, 4月 13, 2011

Security Alert (A11-04-02): Multiple Vulnerabilities in Microsoft Products (April 2011)

Affected Systems:
Various versions of the following Microsoft products are affected:
  • Microsoft .NET Framework
  • Microsoft C++ 2005, 2008, 2010
  • Microsoft Internet Explorer 6, 7, 8
  • Microsoft Office XP, 2003, 2007, 2010
  • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
  • Microsoft Office Excel Viewer, PowerPoint Viewer and Web Apps
  • Microsoft Office 2004, 2008, 2011 for Mac
  • Open XML File Format Converter for Mac
  • Microsoft Visual Studio .NET 2003, 2005, 2008, 2010
  • Microsoft Windows XP, Vista, 7
  • Microsoft Windows Server 2003, 2008
A complete list of the affected products can be found in the section "Affected Software and Download Locations" in the Microsoft security bulletin summary available at:
  • http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx
Summary:
Microsoft has released 17 security bulletins listed below addressing 64 vulnerabilities which affect several Microsoft products or components:
  • MS11-018 Cumulative Security Update for Internet Explorer
  • MS11-019 Vulnerabilities in SMB Client Could Allow Remote Code Execution
  • MS11-020 Vulnerability in SMB Server Could Allow Remote Code Execution
  • MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  • MS11-022 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
  • MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  • MS11-024 Vulnerability in Windows Fax Cover Page Editor Could Allow Remote Code Execution
  • MS11-025 Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution
  • MS11-026 Vulnerability in MHTML Could Allow Information Disclosure
  • MS11-027 Cumulative Security Update of ActiveX Kill Bits
  • MS11-028 Vulnerability in .NET Framework Could Allow Remote Code Execution
  • MS11-029 Vulnerability in GDI+ Could Allow Remote Code Execution
  • MS11-030 Vulnerability in DNS Resolution Could Allow Remote Code Execution
  • MS11-031 Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution
  • MS11-032 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution
  • MS11-033 Vulnerability in WordPad Text Converters Could Allow Remote Code Execution
  • MS11-034 Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
To successfully exploit the vulnerabilities, an attacker could entice a targeted user to open a specially crafted webpage, Excel/PowerPoint/Office/WordPad file, image file, content rendered in OpenType CFF font or fax cover page file (.cov). The attacker could also send specially crafted SMB packet or LLMNR broadcast queries in DNS resolution to an affected system, or entice user to initiate an SMB connection to a specially crafted SMB server.
Moreover, there are also vulnerabilities in the MHTML protocol handler, Microsoft Foundation Class (MFC) libraries, Microsoft .NET framework, JScript and VBScript scripting engines, and kernel-mode drivers in various Windows applications.
We would like to update you that patches for the security bulletin MS11-026 fixed the vulnerability described in the security alert A11-01-05 for MHTML protocol handler in Microsoft Windows. For details of the alert, please visit our IT Security Theme page at:

  • http://itginfo.ccgo.hksarg/content/itsecure/secalert/2011/A11-01-05.htm

  • Impact:
    Depending on the vulnerability exploited, a successful attack could lead to elevation of privilege or remote arbitrary code execution.
    Recommendation:
    Patches for affected products are available from the Microsoft Update website. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
    Microsoft Update

    • http://update.microsoft.com/microsoftupdate
    If any problem is encountered during the patch installation via automated methods, patches for various affected systems can also be downloaded individually from the "Affected and Non-Affected Software" section of the corresponding Microsoft Security Bulletins which can be accessed from the URL(s) listed in the "More Information" section of this Security Alert.
    DITSOs (or your delegates) are also requested to inform the relevant system administrators and end users as appropriate about this issue.
    More Information:
    More information about this issue is available at:
    • http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-018.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-019.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-020.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-021.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-022.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-023.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-024.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-025.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-026.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-027.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-028.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-029.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-030.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-031.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-032.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-033.mspx
    • http://www.microsoft.com/technet/security/bulletin/MS11-034.mspx
    • http://www.microsoft.com/technet/security/advisory/2269637.mspx
    • http://www.microsoft.com/technet/security/advisory/2501696.mspx
    • http://www.us-cert.gov/cas/techalerts/TA11-102A.html
    • https://www.hkcert.org/my_url/en/alert/11041305
    • https://www.hkcert.org/my_url/en/alert/11041306
    • https://www.hkcert.org/my_url/en/alert/11041307
    • https://www.hkcert.org/my_url/en/alert/11041308
    • https://www.hkcert.org/my_url/en/alert/11041309
    • https://www.hkcert.org/my_url/en/alert/11041310
    • https://www.hkcert.org/my_url/en/alert/11041311
    • https://www.hkcert.org/my_url/en/alert/11041312
    • https://www.hkcert.org/my_url/en/alert/11041313
    • https://www.hkcert.org/my_url/en/alert/11041314
    • https://www.hkcert.org/my_url/en/alert/11041315
    • https://www.hkcert.org/my_url/en/alert/11041316
    • https://www.hkcert.org/my_url/en/alert/11041317
    • https://www.hkcert.org/my_url/en/alert/11041318
    • https://www.hkcert.org/my_url/en/alert/11041319
    • https://www.hkcert.org/my_url/en/alert/11041320
    • https://www.hkcert.org/my_url/en/alert/11041321
    • http://xforce.iss.net/xforce/xfdb/64908
    • http://xforce.iss.net/xforce/xfdb/66411
    • http://xforce.iss.net/xforce/xfdb/66415
    • http://xforce.iss.net/xforce/xfdb/66418
    • http://xforce.iss.net/xforce/xfdb/66422
    • http://xforce.iss.net/xforce/xfdb/66426
    • http://xforce.iss.net/xforce/xfdb/66427
    • http://xforce.iss.net/xforce/xfdb/66431
    • http://www.vupen.com/english/advisories/2011/0937
    • http://www.vupen.com/english/advisories/2011/0938
    • http://www.vupen.com/english/advisories/2011/0939
    • http://www.vupen.com/english/advisories/2011/0940
    • http://www.vupen.com/english/advisories/2011/0941
    • http://www.vupen.com/english/advisories/2011/0942
    • http://www.vupen.com/english/advisories/2011/0943
    • http://www.vupen.com/english/advisories/2011/0944
    • http://www.vupen.com/english/advisories/2011/0945
    • http://www.vupen.com/english/advisories/2011/0946
    • http://www.vupen.com/english/advisories/2011/0947
    • http://www.vupen.com/english/advisories/2011/0948
    • http://www.vupen.com/english/advisories/2011/0949
    • http://www.vupen.com/english/advisories/2011/0950
    • http://www.vupen.com/english/advisories/2011/0951
    • http://www.vupen.com/english/advisories/2011/0952
    • http://secunia.com/advisories/39122/
    • http://secunia.com/advisories/39903/
    • http://secunia.com/advisories/41387/
    • http://secunia.com/advisories/43836/
    • http://secunia.com/advisories/44015/
    • http://secunia.com/advisories/44072/
    • http://secunia.com/advisories/44153/
    • http://secunia.com/advisories/44155/
    • http://secunia.com/advisories/44156/
    • http://secunia.com/advisories/44159/
    • http://secunia.com/advisories/44160/
    • http://secunia.com/advisories/44161/
    • http://secunia.com/advisories/44162/
    • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900
    • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=901
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0811
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3190
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3958
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3973
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3974
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0028
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0034
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0041
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0094
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0097
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0098
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0101
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0103
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0104
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0105
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0107
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0346
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0654
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0655
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0656
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0657
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0660
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0661
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0662
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0663
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0665
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0666
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0667
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0670
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0671
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0672
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0673
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0674
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0675
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0676
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0677
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0976
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0977
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0978
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0979
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0980
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1225
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1226
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1227
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1228
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1229
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1230
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1231
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1232
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1233
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1234
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1235
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1236
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1237
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1238
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1239
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1240
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1241
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1242
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1243
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1244
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1245
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1345

    Security Alert (A11-04-03): Vulnerabilities in RealPlayer

    Affected Systems:
    • RealPlayer 14.0.2 and prior
    Summary:
    Vulnerabilities have been identified in RealPlayer, one is due to a heap-based buffer overflow caused by improper bounds checking in the RealVideo Renderer plugin for RealMedia (rvrender.dll) when processing Internet Video Recording (IVR) files. Another vulnerability is due to a flaw in the OpenURLInDefaultBrowser() method when processing RNX (".rnx") file. There are multiple attack vectors, a remote attacker may entice a user to open a specially crafted file or web page with malicious content.
    Impact:
    Depending on the vulnerabilities exploited, a successful attack could lead to remote arbitrary code execution.
    Recommendation:
    The product vendor has released the following updated player to address the issues.
    • RealPlayer 14.0.3
    Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. The update can be obtained by clicking "Check for Update" in the "Help->About RealPlayer" menu, or manually downloaded at the following URL:
    • http://hk.real.com/?mode=rp
    DITSOs (or your delegates) are also requested to inform the relevant system administrators and end users as appropriate about this issue.
    More Information:
    More information about this issue is available at:
    • http://service.real.com/realplayer/security/04122011_player/en/
    • http://xforce.iss.net/xforce/xfdb/66209
    • http://secunia.com/advisories/43847
    • http://www.vupen.com/english/advisories/2011/0723
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1426
    • http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1525