|
| Tue, 10 Aug 2010 08:00:00 GMT MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) |
| Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-059 - Important: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) |
| Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) |
| Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) |
| Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Tue, 10 Aug 2010 08:00:00 GMT MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) |
| Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
|
| Fri, 03 Sep 2010 19:30:12 GMT Facebook Glitch Let Spammer Post to Walls
(PC World)
|
| PC World - A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week. |
| Fri, 03 Sep 2010 17:10:08 GMT Spammers Take Over Apple's New Ping Social Network
(NewsFactor)
|
| NewsFactor - Apple launched iTunes 10 with Ping, a new music-oriented social network, on Wednesday. Within hours, the site fell victim to spammers looking to make a quick buck from Apple's unsuspecting 160 million music lovers exploring the new way to discover what music their friends are listening to. |
| Fri, 03 Sep 2010 15:10:11 GMT Germany to Launch Antibotnet Program for Consumers
(PC World)
|
| PC World - Germany will soon launch a service to help consumers remove malicious software from their computers in an attempt to stem the spread of spam-sending botnets. |
| Fri, 03 Sep 2010 13:47:40 GMT Apple's Ping Inundated with Spam Comments
(PC Magazine)
|
| PC Magazine - Days after its release, Apple's new Ping social network within iTunes is being inundated with spam comments. |
| Fri, 03 Sep 2010 12:57:00 GMT Apple's Ping a Scammer's Haven? Security Experts Say Watch Out
(PC World)
|
| PC World - Apple's music-focused social network, Ping is only a few days old, and already the iTunes-based feature is "drowning in scams and spams," security researchers say. The scams are nothing too advanced at the moment, and there are no reports of clickjacking worms or other forms of aggressive malware, experts say. But if you're looking for links to bogus surveys promising free iPhones, iPads, and other assorted iDevices, then Ping in iTunes 10 is the social network for you. |
|
| Thu, 02 Sep 2010 06:30:00 PST Cisco IOS XR Software Border Gateway Protocol Vulnerability |
Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session. |
| Wed, 25 Aug 2010 07:40:00 PST Cisco Unified Communications Manager Denial of Service Vulnerabilities |
Cisco Unified Communications Manager contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of voice services.  |
| Wed, 25 Aug 2010 07:30:00 PST Cisco Unified Presence Denial of Service Vulnerabilities |
Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities could cause an interruption of presence services.  |
| Thu, 12 Aug 2010 13:30:00 PST Cisco IOS Software TCP Denial of Service Vulnerability |
Cisco IOS Software Release, 15.1(2)T is affected by a denial of service (DoS) vulnerability during the TCP establishment phase. The vulnerability could cause embryonic TCP connections to remain in a SYNRCVD or SYNSENT state. Enough embryonic TCP connections in these states could consume system resources and prevent an affected device from accepting or initiating new TCP connections, including any TCP-based remote management access to the device. |
| Wed, 11 Aug 2010 08:00:00 PST Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine |
The Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine contain the following DoS vulnerabilities: Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS vulnerability Secure Socket Layer (SSL) DoS vulnerability SIP inspection DoS vulnerability  |
| Wed, 11 Aug 2010 08:00:00 PST SQL Injection Vulnerability in Cisco Wireless Control System |
Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS. |
| Mon, 09 Aug 2010 06:30:00 PST SNMP Version 3 Authentication Vulnerabilities |
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default in Cisco products. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document. |
| Wed, 04 Aug 2010 08:00:00 PST Multiple Vulnerabilities in Cisco Firewall Services Module |
 |
| Wed, 04 Aug 2010 08:00:00 PST Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances |
 |
| Thu, 29 Jul 2010 05:00:00 PST CDS Internet Streamer: Web Server Directory Traversal Vulnerability |
The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL.  |
| Thu, 22 Jul 2010 09:00:00 PST Transport Layer Security Renegotiation Vulnerability |
An industry-wide vulnerability exists in the Transport Layer Security (TLS) protocol that could impact any Cisco product that uses any version of TLS and SSL. The vulnerability exists in how the protocol handles session renegotiation and exposes users to a potential man-in-the-middle attack. |
| Tue, 13 Jul 2010 05:00:00 PST Cisco Secure Desktop ActiveX Control Code Execution Vulnerability |
Updated workarounds. |
| Wed, 07 Jul 2010 07:00:00 PST Hard-Coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series Switches Vulnerability |
 |
| Wed, 09 Jun 2010 07:00:00 PST Vulnerabilities in Cisco Unified Contact Center Express |
 |
| Wed, 09 Jun 2010 07:00:00 PST Cisco Application Extension Platform Privilege Escalation Vulnerability |
 |
| Mon, 07 Jun 2010 07:00:00 PST Multiple Vulnerabilities in Cisco Network Building Mediator |
Multiple vulnerabilities exist in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. |
| Mon, 17 May 2010 06:30:00 PST Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability |
Cisco Small Business Video Surveillance Cameras and Cisco RVS4000 4-port Gigabit Security Routers contain a vulnerability that could allow an authenticated user to view passwords for other users, regardless of the authenticated user's level of authorization. |
| Wed, 12 May 2010 07:00:00 PST Multiple Vulnerabilities in Cisco PGW Softswitch |
 |
| Mon, 29 Mar 2010 08:00:00 PST IOS HTTP Server Command Injection Vulnerability |
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, will be passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected. |
| Mon, 29 Mar 2010 07:00:00 PST Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities |
 |
| Fri, 26 Mar 2010 08:00:00 PST Cisco IOS Software H.323 Denial of Service Vulnerabilities |
Added caution about debug commands. |
| Fri, 26 Mar 2010 03:00:00 PST Cisco IOS Software Multiprotocol Label Switching Packet Vulnerability |
Update made to iACL example. |
| Wed, 24 Mar 2010 07:00:00 PST Cisco IOS Software IPsec Vulnerability |
 |
| Wed, 24 Mar 2010 07:00:00 PST Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability |
 |
| Wed, 24 Mar 2010 07:00:00 PST Cisco Unified Communications Manager Express Denial of Service Vulnerabilities |
 |
| Wed, 24 Mar 2010 07:00:00 PST Cisco IOS Software Crafted TCP Packet Denial of Service Vulnerability |
 |
| Wed, 03 Mar 2010 07:00:00 PST Multiple Vulnerabilities in Cisco Digital Media Manager |
Multiple vulnerabilities exist in the Cisco Digital Media Manager (DMM). This security advisory outlines details. |
| Wed, 03 Mar 2010 07:00:00 PST Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability |
A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display.  |
| Wed, 17 Feb 2010 07:00:00 PST Multiple Vulnerabilities in Cisco Security Agent |
 |
| Wed, 17 Feb 2010 07:00:00 PST Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances |
 |
| Wed, 17 Feb 2010 07:00:00 PST Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability |
 |
| Wed, 10 Feb 2010 07:00:00 PST Multiple Vulnerabilities in Cisco IronPort Encryption Appliance |
Cisco IronPort Encryption Appliance devices contain two vulnerabilities that allow remote, unauthenticated access to any file on the device and one vulnerability that allows remote, unauthenticated users to execute arbitrary code with elevated privileges. There are workarounds available to mitigate these vulnerabilities. |
| Wed, 10 Feb 2010 06:00:00 PST Multiple Vulnerabilities in Cisco Unified MeetingPlace |
Multiple vulnerabilities exist in Cisco Unified MeetingPlace. This security advisory outlines the details of these vulnerabilities. |
| Wed, 20 Jan 2010 07:00:00 PST Cisco Security Advisory: CiscoWorks Internetwork Performance Monitor CORBA GIOP Overflow Vulnerability |
 |
| Wed, 20 Jan 2010 07:00:00 PST Cisco Security Advisory: Cisco IOS XR Software SSH Denial of Service Vulnerability |
 |
| Wed, 23 Dec 2009 09:00:00 PST Multiple Cisco WebEx WRF Player Vulnerabilities |
Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. |
| Thu, 12 Nov 2009 06:00:00 PST Cisco Global Site Selector Appliances DNS Vulnerability |
The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. |
| Mon, 19 Oct 2009 10:15:00 PST Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability |
 |
| Mon, 19 Oct 2009 10:15:00 PST Cisco IOS Software Authentication Proxy Vulnerability |
 |
| Mon, 19 Oct 2009 10:15:00 PST Cisco IOS Software Tunnels Vulnerability |
 |
![[logo]](http://www.microsoft.com/library/toolbar/3.0/images/banners/TechNetB_masthead_ltr.gif "Microsoft Security Bulletins")
![[logo]](http://www.securityfocus.com/rss/SFLogo_v1.gif "SecurityFocus")
![[logo]](http://l.yimg.com/a/i/us/nws/th/main_142c.gif "Yahoo! News")
![[logo]](http://newsroom.cisco.com/images/mobile_newsAtCisco.png "News@Cisco")
