如果有裝SUNJAVA Run Environment多小心阿
出現會衝區溢位弱點 影響範圍超大,請各位嚴加防範

還有微軟Office也出現 ActiveX Control 弱點 大家真開心阿

 

 

Sun Java RunTime Environment Multiple Buffer Overflow Vulnerabilities

Bugtraq ID:

21675

Class:

Boundary Condition Error

CVE:

CVE-2006-6731

Remote:

No

Local:

Yes

Published:

Dec 19 2006 12:00AM

Updated:

May 14 2007 11:28PM

Credit:

The vendor reported this issue.

Vulnerable:

Sun Java 2 Standard Edition SDK 1.5 _07
Sun Java 2 Standard Edition SDK 1.5 _03
Sun Java 2 Standard Edition SDK 1.5 _02
Sun Java 2 Standard Edition SDK 1.5 _01
Sun Java 2 Standard Edition SDK 1.5
Sun Java 2 Standard Edition SDK 1.4.2 _08
Sun Java 2 Standard Edition SDK 1.4.2 _07
Sun Java 2 Standard Edition SDK 1.4.2 _06
Sun Java 2 Standard Edition SDK 1.4.2 _05
Sun Java 2 Standard Edition SDK 1.4.2 _04
Sun Java 2 Standard Edition SDK 1.4.2 _03
Sun Java 2 Standard Edition SDK 1.4.2 _02
Sun Java 2 Standard Edition SDK 1.4.2 _01
Sun Java 2 Runtime Environment 1.5 _06
Sun Java 2 Runtime Environment 1.5 _05
Sun Java 2 Runtime Environment 1.5 _04
Sun Java 2 Runtime Environment 1.5 _03
Sun Java 2 Runtime Environment 1.5 _02
Sun Java 2 Runtime Environment 1.5 _01
Sun Java 2 Runtime Environment 1.4.2 _11
Sun Java 2 Runtime Environment 1.4.2 _10
Sun Java 2 Runtime Environment 1.4.2 _09
Sun Java 2 Runtime Environment 1.4.2 _08
Sun Java 2 Runtime Environment 1.4.2 _07
Sun Java 2 Runtime Environment 1.4.2 _06
Sun Java 2 Runtime Environment 1.4.2 _05
Sun Java 2 Runtime Environment 1.4.2 _04
Sun Java 2 Runtime Environment 1.4.2 _03
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Application Server 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Enterprise Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Personal Edition 10.1 .0.2
+ Oracle Oracle10g Standard Edition 10.1 .0.2
Sun Java 2 Runtime Environment 1.4.2 _02
Sun Java 2 Runtime Environment 1.4.2 _01
Sun Java 2 Runtime Environment 1.3.1 _18
Sun Java 2 Runtime Environment 1.3.1 _17
Sun Java 2 Runtime Environment 1.3.1 _16
Sun Java 2 Runtime Environment 1.3.1 _15
Sun Java 2 Runtime Environment 1.3.1 _08
Sun Java 2 Runtime Environment 1.3.1 _04
Sun Java 2 Runtime Environment 1.3.1 _01a
Sun Java 2 Runtime Environment 1.3.1 _01
Sun Java 2 Runtime Environment 5.0 Update 7
Sun Java 2 Runtime Environment 5.0 Update 6
Sun Java 2 Runtime Environment 5.0 Update 5
Sun Java 2 Runtime Environment 5.0 Update 4
Sun Java 2 Runtime Environment 5.0 Update 3
Sun Java 2 Runtime Environment 5.0 Update 2
Sun Java 2 Runtime Environment 5.0 Update 1
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. SLE SDK 10
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 8
S.u.S.E. Linux Enterprise Server 10
+ Linux kernel 2.6.5
RedHat Enterprise Linux Extras v.4
RedHat Enterprise Linux Extras v.3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
HP HP-UX B.11.23
HP HP-UX B.11.11
Gentoo Linux
BEA Systems JRockit 8.1
BEA Systems JRockit 8.0
BEA Systems JRockit 7.0
BEA Systems JRockit 3.1.5
BEA Systems JRockit 3.1.4 .1
BEA Systems JRockit 3.1.4
BEA Systems JRockit 3.1.3
BEA Systems JRockit 3.1.2
BEA Systems JRockit 3.1.1
BEA Systems JRockit 1.4.2
BEA Systems JRockit 1.4.2 R4.5
Avaya Predictive Dialer (PDS) APC 3.0
Avaya Interactive Response 1.3
Avaya Interactive Response 2.0
Avaya Integrated Management
Avaya CVLAN


Not Vulnerable:

Sun Java 2 Standard Edition SDK 1.5 08
Sun Java 2 Standard Edition SDK 1.4.2 _13
Sun Java 2 Standard Edition SDK 1.3.1 _19
Sun Java 2 Runtime Environment 1.4.2 _13
Sun Java 2 Runtime Environment 1.3.1 _19
Sun Java 2 Runtime Environment 5.0 Update 8
BEA Systems JRockit 1.5 04
BEA Systems JRockit 1.4.2 07
BEA Systems JRockit 1.3.1 20

 

Microsoft Office ActiveX Control Vulnerability

added May 23, 2007 at 08:46 pm | updated May 24, 2007 at 03:13 pm

US-CERT is aware of reports of a vulnerability in a Microsoft Office 2000 ActiveX control.  Excessive data passed to the OUACTRL ActiveX control may result in a buffer overflow allowing arbitrary code execution or causing a denial-of-service condition.

This vulnerability was fixed in the Microsoft UA Control Vulnerability update (released May 12, 2000), which is included in Microsoft Office 2000 SP3.

US-CERT strongly encourages users to review the referenced documents and follow best-practice security policies to determine what updates should be applied.

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 ivan0914 的頭像
    ivan0914

    I'n Blog 之萬象真藏

    ivan0914 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄