如果有裝SUN的JAVA Run Environment多小心阿
出現會衝區溢位弱點 影響範圍超大,請各位嚴加防範
還有微軟Office也出現 ActiveX Control 弱點 大家真開心阿
Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21675 |
| Class: | Boundary Condition Error |
| CVE: | CVE-2006-6731 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 19 2006 12:00AM |
| Updated: | May 14 2007 11:28PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: | Sun Java 2 Standard Edition SDK 1.5 _07
Sun Java 2 Standard Edition SDK 1.5 _03
Sun Java 2 Standard Edition SDK 1.5 _02
Sun Java 2 Standard Edition SDK 1.5 _01
Sun Java 2 Standard Edition SDK 1.5
Sun Java 2 Standard Edition SDK 1.4.2 _08
Sun Java 2 Standard Edition SDK 1.4.2 _07
Sun Java 2 Standard Edition SDK 1.4.2 _06
Sun Java 2 Standard Edition SDK 1.4.2 _05
Sun Java 2 Standard Edition SDK 1.4.2 _04
Sun Java 2 Standard Edition SDK 1.4.2 _03
Sun Java 2 Standard Edition SDK 1.4.2 _02
Sun Java 2 Standard Edition SDK 1.4.2 _01
Sun Java 2 Runtime Environment 1.5 _06
Sun Java 2 Runtime Environment 1.5 _05
Sun Java 2 Runtime Environment 1.5 _04
Sun Java 2 Runtime Environment 1.5 _03
Sun Java 2 Runtime Environment 1.5 _02
Sun Java 2 Runtime Environment 1.5 _01
Sun Java 2 Runtime Environment 1.4.2 _11
Sun Java 2 Runtime Environment 1.4.2 _10
Sun Java 2 Runtime Environment 1.4.2 _09
Sun Java 2 Runtime Environment 1.4.2 _08
Sun Java 2 Runtime Environment 1.4.2 _07
Sun Java 2 Runtime Environment 1.4.2 _06
Sun Java 2 Runtime Environment 1.4.2 _05
Sun Java 2 Runtime Environment 1.4.2 _04
Sun Java 2 Runtime Environment 1.4.2 _03
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Sun Java 2 Runtime Environment 1.4.2 _02
Sun Java 2 Runtime Environment 1.4.2 _01
Sun Java 2 Runtime Environment 1.3.1 _18
Sun Java 2 Runtime Environment 1.3.1 _17
Sun Java 2 Runtime Environment 1.3.1 _16
Sun Java 2 Runtime Environment 1.3.1 _15
Sun Java 2 Runtime Environment 1.3.1 _08
Sun Java 2 Runtime Environment 1.3.1 _04
Sun Java 2 Runtime Environment 1.3.1 _01a
Sun Java 2 Runtime Environment 1.3.1 _01
Sun Java 2 Runtime Environment 5.0 Update 7
Sun Java 2 Runtime Environment 5.0 Update 6
Sun Java 2 Runtime Environment 5.0 Update 5
Sun Java 2 Runtime Environment 5.0 Update 4
Sun Java 2 Runtime Environment 5.0 Update 3
Sun Java 2 Runtime Environment 5.0 Update 2
Sun Java 2 Runtime Environment 5.0 Update 1
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SLE SDK 10
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 10
+ Linux kernel 2.6.5
RedHat Enterprise Linux Extras v.4
RedHat Enterprise Linux Extras v.3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
HP HP-UX B.11.23
HP HP-UX B.11.11
Gentoo Linux
BEA Systems JRockit 8.1
BEA Systems JRockit 8.0
BEA Systems JRockit 7.0
BEA Systems JRockit 3.1.5
BEA Systems JRockit 3.1.4 .1
BEA Systems JRockit 3.1.4
BEA Systems JRockit 3.1.3
BEA Systems JRockit 3.1.2
BEA Systems JRockit 3.1.1
BEA Systems JRockit 1.4.2
BEA Systems JRockit 1.4.2 R4.5
Avaya Predictive Dialer (PDS) APC 3.0
Avaya Interactive Response 1.3
Avaya Interactive Response 2.0
Avaya Integrated Management
Avaya CVLAN |
|
| Not Vulnerable: | Sun Java 2 Standard Edition SDK 1.5 08
Sun Java 2 Standard Edition SDK 1.4.2 _13
Sun Java 2 Standard Edition SDK 1.3.1 _19
Sun Java 2 Runtime Environment 1.4.2 _13
Sun Java 2 Runtime Environment 1.3.1 _19
Sun Java 2 Runtime Environment 5.0 Update 8
BEA Systems JRockit 1.5 04
BEA Systems JRockit 1.4.2 07
BEA Systems JRockit 1.3.1 20 |
Microsoft Office ActiveX Control Vulnerability
added May 23, 2007 at 08:46 pm | updated May 24, 2007 at 03:13 pm
US-CERT is aware of reports of a vulnerability in a Microsoft Office 2000 ActiveX control. Excessive data passed to the OUACTRL ActiveX control may result in a buffer overflow allowing arbitrary code execution or causing a denial-of-service condition.
This vulnerability was fixed in the Microsoft UA Control Vulnerability update (released May 12, 2000), which is included in Microsoft Office 2000 SP3.
US-CERT strongly encourages users to review the referenced documents and follow best-practice security policies to determine what updates should be applied.
留言列表
