If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
More Flash and JAVA warnings
Some of the below may not have relevance in 9X, make sure to check the
actual related articles. adobe -- shockwave_player Vulnerable software and versions cpe:/a:adobe:shockwave_player:11.5.0.596 cpe:/a:adobe:shockwave_player:11.5.0.595 cpe:/a:adobe:shockwave_player:11.0.0.456 cpe:/a:adobe:shockwave_player:10.1.0.11 cpe:/a:adobe:shockwave_player:1.0 cpe:/a:adobe:shockwave_player:2.0 cpe:/a:adobe:shockwave_player:3.0 cpe:/a:adobe:shockwave_player:4.0 cpe:/a:adobe:shockwave_player:5.0 cpe:/a:adobe:shockwave_player:6.0 cpe:/a:adobe:shockwave_player:8.0 cpe:/a:adobe:shockwave_player:8.5.1 cpe:/a:adobe:shockwave_player:9 cpe:/a:adobe:shockwave_player:11.5.1.601 and previous versions High Vulnerabilities http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3466 see this one in particular as it affects other versions as well JAVA High Vulnerabilities sun -- jdk sun -- jre The Java Update functionality in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22 and JDK and JRE 6 before Update 17, when a non-English version of Windows is used, does not retrieve available new JRE versions, which allows remote attackers to leverage vulnerabilities in older releases of this software, aka Bug Id 6869694. 2009-11-05 7.5 CVE-2009-3864 VUPEN SUNALERT sun -- jdk sun -- jre The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752. 2009-11-05 9.3 CVE-2009-3865 VUPEN BID SUNALERT sun -- jdk sun -- jre The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824. 2009-11-05 9.3 CVE-2009-3866 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303. 2009-11-05 9.3 CVE-2009-3867 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970. 2009-11-05 9.3 CVE-2009-3868 SUNALERT sun -- jdk sun -- jre sun -- sdk Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357. 2009-11-05 9.3 CVE-2009-3869 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358. 2009-11-05 9.3 CVE-2009-3871 MISC SUNALERT sun -- jdk sun -- jre sun -- sdk Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969. 2009-11-05 10.0 CVE-2009-3872 SUNALERT sun -- jdk sun -- jre sun -- sdk Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643. 2009-11-05 9.3 CVE-2009-3874 MISC SUNALERT Medium Vulnerabilities sun -- jdk sun -- jre sun -- sdk The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503. 2009-11-05 5.0 CVE-2009-3875 SUNALERT sun -- jdk sun -- jre sun -- sdk Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3876 SUNALERT sun -- jdk sun -- jre sun -- sdk Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. 2009-11-05 5.0 CVE-2009-3877 SUNALERT Low Vulnerabilities sun -- jdk sun -- jre sun -- sdk The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968. 2009-11-05 0.0 CVE-2009-3873 SUNALERT Source: http://www.us-cert.gov/cas/bulletins/SB09-313.html -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
If running JAVA JDK JRE [see recent JAVA and Flash posted warning]and Office 2002 and above | MEB[_17_] | General | 24 | November 19th 09 11:41 PM |
More Flash and JAVA warnings | MEB[_17_] | General | 12 | November 11th 09 06:55 AM |
security certificates warnings at every site | brenda_northway via WindowsKB.com | General | 1 | March 29th 07 04:02 AM |
How to get rid of Adobe Flash Player 9 security warnings? | mistral | General | 8 | September 12th 06 10:16 AM |
ActiveX warnings! Grrrrr!!!! | seabat | General | 4 | March 5th 05 07:10 PM |