From jericho at attrition.org  Sat Jul  9 16:09:03 2011
From: jericho at attrition.org (security curmudgeon)
Date: Sat, 9 Jul 2011 16:09:03 -0500 (CDT)
Subject: [VIM] BID 48170 Confusion
In-Reply-To: <E720348D-1C2D-4B52-AED8-FA2C6082CF04@tenable.com>
References: <E720348D-1C2D-4B52-AED8-FA2C6082CF04@tenable.com>
Message-ID: <alpine.LNX.2.00.1107091608240.5872@forced.attrition.org>


late to the party I know..

: The 1.4.27 release announcement referenced in the BID shows it was 
: published in May 20th, 2010 and credits Ilja van Sprundel for 
: discovering the vulnerability.

CVE-2010-4667

: The 1.5.12 release announcement referenced in the BID shows it was 
: published in January 2nd, 2011 and credits Janek Vind.

CVE-2011-2476

For a bit easier tracking.

OSVDB will be adding an entry for the command injection issues you 
mentioned.

From theall at tenable.com  Tue Jul 19 10:02:20 2011
From: theall at tenable.com (George A. Theall)
Date: Tue, 19 Jul 2011 11:02:20 -0400
Subject: [VIM] Blackice Cover Page ActiveX Control 'DownloadImageFileURL()'
	Arbitrary File Download Vulnerability
Message-ID: <AB7AB105-C666-4684-B4DE-A64893C41424@tenable.com>

I just noticed that SecurityFocus created BID 48343 to cover an issue  
in an ActiveX control from Blackice and includes an exploit from  
mr_me. That exploit itself references BID 29577 (as well as  
CVE-2008-2683 / OSVDB 46007 / EDB-ID 5750). Is there a reason why a  
new BID was created for this?

George
-- 
theall at tenablesecurity.com




From theall at tenable.com  Wed Jul 27 08:31:24 2011
From: theall at tenable.com (George A. Theall)
Date: Wed, 27 Jul 2011 09:31:24 -0400
Subject: [VIM] CVE-2010-1795 vs CVE-2010-1894
In-Reply-To: <Pine.GSO.4.64.1101201857050.15059@faron.mitre.org>
References: <2D9BAC4D-9DD7-4F8E-AC7E-4A063B60BBF3@tenable.com>
	<Pine.GSO.4.64.1101201857050.15059@faron.mitre.org>
Message-ID: <D49D2E61-FD43-4154-8800-880587D46146@tenable.com>


On Jan 20, 2011, at 7:01 PM, Steven M. Christey wrote:

>
> George,
>
> I assume you mean CVE-2010-1735 instead of CVE-2010-1795?   
> CVE-2010-1795 is a DLL injection issue in iTunes :)
>
> I don't know if these are the same or not.  CVE-2010-1734 also  
> affects win32k.sys with the same results, and it looks like  
> win32k.sys has gotten a good deal of attention in the last year or so.
>
> Time to consult with Microsoft...

Have you heard back from Microsoft about this yet, Steve?

> - Steve
>
>
> On Wed, 19 Jan 2011, George A. Theall wrote:
>
>> Is there a difference between CVE-2010-1795 and CVE-2010-1894? The  
>> former is for a local win32k.sys DoS issue reported by Vigil at nce;  
>> the latter for an exception handling issue in win32k.sys that can  
>> be triggered only by local users and that was addressed by MS10-048.
>>
>> George
>> -- 
>> theall at tenablesecurity.com
>>
>>
>>
>

George
-- 
theall at tenablesecurity.com




From che at secunia.com  Wed Jul 27 08:41:18 2011
From: che at secunia.com (Carsten Eiram)
Date: Wed, 27 Jul 2011 13:41:18 +0000
Subject: [VIM] CVE-2010-1795 vs CVE-2010-1894
In-Reply-To: <D49D2E61-FD43-4154-8800-880587D46146@tenable.com>
References: <2D9BAC4D-9DD7-4F8E-AC7E-4A063B60BBF3@tenable.com>
	<Pine.GSO.4.64.1101201857050.15059@faron.mitre.org>
	<D49D2E61-FD43-4154-8800-880587D46146@tenable.com>
Message-ID: <F4A3A6029AA9A54E8FA9BF5FB9834C790BB55E@exch-hq-1.secunia.local>

Just noticed this thread and decided to consult our internal comments. I can see that I was in dialogue with Microsoft back in 2010 concerning this as our analysis indicated that CVE-2010-1735 and CVE-2010-1894 covered the same vulnerability. Microsoft confirmed this to be the case.

cheers,
/Carsten

-- 

Med venlig hilsen / Kind regards


Carsten H. Eiram
Chief Security Specialist

Follow us on twitter
http://twitter.com/secunia
http://twitter.com/carsteneiram

Secunia
Mikado House
Rued Langgaardsvej 8
2300 Copenhagen S
Denmark

Phone   +45 7020 5144
Fax       +45 7020 5145


> -----Original Message-----
> From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On
> Behalf Of George A. Theall
> Sent: 27. juli 2011 15:31
> To: Vulnerability Information Managers
> Subject: Re: [VIM] CVE-2010-1795 vs CVE-2010-1894
> 
> 
> On Jan 20, 2011, at 7:01 PM, Steven M. Christey wrote:
> 
> >
> > George,
> >
> > I assume you mean CVE-2010-1735 instead of CVE-2010-1795?
> > CVE-2010-1795 is a DLL injection issue in iTunes :)
> >
> > I don't know if these are the same or not.  CVE-2010-1734 also affects
> > win32k.sys with the same results, and it looks like win32k.sys has
> > gotten a good deal of attention in the last year or so.
> >
> > Time to consult with Microsoft...
> 
> Have you heard back from Microsoft about this yet, Steve?
> 
> > - Steve
> >
> >
> > On Wed, 19 Jan 2011, George A. Theall wrote:
> >
> >> Is there a difference between CVE-2010-1795 and CVE-2010-1894? The
> >> former is for a local win32k.sys DoS issue reported by Vigil at nce; the
> >> latter for an exception handling issue in win32k.sys that can be
> >> triggered only by local users and that was addressed by MS10-048.
> >>
> >> George
> >> --
> >> theall at tenablesecurity.com
> >>
> >>
> >>
> >
> 
> George
> --
> theall at tenablesecurity.com
> 
>