SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow SecurityAlert Database

Arrow  Topic :

Microsoft Word 2003 + Fortinet Forticlient


Arrow  SecurityAlert : 3660
Arrow  CVE : CVE-2008-0779
Arrow  SecurityRisk : Medium  Security Risk Medium  (About)
Arrow  Remote Exploit : No
Arrow  Local Exploit : Yes
Arrow  Exploit Available : No
Arrow  Credit : Ruben
Arrow  Published : 19.02.2008

Arrow  Affected Software : Microsoft Word 2003
FortiClient 3.0 MR5 Patch 3 and lower



Arrow  Advisory Content :  

Hi

----------------------------

1.Microsoft Word Memory Corruption Vulnerability

Microsoft Word 2003 is prone to a memory corruption vulnerability while
parsing a specially crafted Word file. The vulnerability is caused by
calculation errors while parsing certain fields within the barely
documented, File Information Block (FIB).

This could lead to remote arbitrary code execution in the context of the
user who started the application.

Microsoft has addressed this issue (among others) in its february
bulletin: http://www.microsoft.com/technet/security/Bulletin/MS08-009.mspx

Disclosure Timeline:
07/02/2007 - Vendor Contacted
07/02/2007 - Vendor Acknowledged
01/10/2008 - Vendor confirms vulnerability and plans to fix it.
02/12/2008 - Coordinated disclosure

--------------------------------------------------------

2. Fortinet FortiClient Local Privilege Escalation.

Fortinet Endpoint Solution For Enterprise, FortiClient is prone to a
local privilege escalation due to the improper device filtering carried
out by its filter driver, fortimon.sys .

The driver affected filters certain devices, enabling pass-through
filtering. However, its own Device's DeviceExtension is not correclty
initialized so any logged user could force the kernel to operate with
user-mode controlled memory just by direclty issuing a special request
to the driver's device.

This leads to local arbitrary code execution in the context of the
kernel. Even Guest users can elevate privileges to SYSTEM.

This issue has been addressed in the following releases:

+ FortiClient 3.0 MR5 Patch 4
+ FortiClient 3.0 MR6

Affected versions:
+ FortiClient 3.0 MR5 Patch 3 and lower

Users can consult the patches via http://docs.forticare.com/firmware.xml

Disclosure Timeline:
01/18/2008 - Vendor Contacted
01/18/2008 - Vendor Acknowledged
01/29/2008 - Vendor confirms vulnerability and plans to fix it.
02/13/2008 - Coordinated disclosure
------------------------------------------

Regards,
Ruben.

www.reversemode.com






Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.