2006-NOV-14
                           MCAFEE FOUNDSTONE FSL UPDATE
To better protect your environment McAfee has created this FSL check update for the Foundstone
Product Suite. The following is a detailed summary of the new and updated checks included with this
release.

NEW CHECKS

4736 - Microsoft Kernel GDI Remap Vulnerability

Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1726
CVE: CVE-2006-5758

Description
A vulnerability is present in the Microsoft Windows Kernel that may allow for a privilege escalation
attack.

Observation
Microsoft Windows is an industry standard operating system. The Windows Kernel provides service
and driver support for applications running on the Windows operating system.


A vulnerability exists in the Windows Kernel that could allow a local attacker the ability to cause a
denial of service or execute arbitrary code. The local privilege escalation vulnerability is due to errors
in Kernel shared memory that could allow GDI object processes the ability to remap from read only to
writable. Successful exploitation could lead to complete compromise of the host.

 4738 - (MS06-066) Microsoft Client Service for Netware Memory Corruption Vulnerability
(923980)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1738
CVE: CVE-2006-4688

Description
A vulnerability exists in Microsoft Client Service for Netware that may allow for arbitrary code
execution.

Observation
Microsoft Client Services for Netware allows for communication with Netware network resources.

A vulnerability exists in Microsoft Client Service for Netware that may allow for code execution on a
vulnerable host. The flaw is due to an unchecked buffer within the client service. Successful
exploitation would necessitate that the attacker was authenticated with local access to the network.


4745 - (MS06-070) Microsoft Workstation Service Memory Corruption Vulnerability (924270)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1738
CVE: CVE-2006-4691

Description
A vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks.

Observation
Microsoft Windows in an industry-standard operating system. The Workstation service locates and
routes remote access requests to the local filesystem or networking components.

A buffer-overflow vulnerability exists in Microsoft Windows that may allow for remote-code-execution
attacks. To exploit the vulnerability, a remote attacker would send a specially-crafted message to the
Workstation service. A successful attack would give the attacker full control of the vulnerable machine.


4734 - Cisco IOS Embedded Call Processing Solutions DoS Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Network
Risk Level: Medium
Check Version: 1.1724

Description
A Denial-of-Service vulnerability exists in Cisco IOS which support ITS, CME or SRST.

Observation
Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) and Cisco's Survivable
Remote Site Telephony (SRST) are use to control IP Phones by using the Skinny Call Control
Protocol (SCCP).

Cisco IOS is vulnerable with these features enabled, and the device will be reloaded when processing
malformed SCCP packets. Repeated exploitation may cause a Denial-of-Service attack.


Vulnerable systems:

Cisco IOS 12.1Y base trains
Cisco IOS 12.2 - 12.3

For more information see:

Cisco Security Advisory:

http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml


4735 - Cisco IOS Malformed OSPF Packet Causes Reload Vulnerability
Category: General Vulnerability Assessment -> NonIntrusive -> Network
Risk Level: Medium
Check Version: 1.1724

Description
A Denial-of-Service vulnerability is existed in Cisco IOS with OSPF protocol support enabled.

Observation
Open Shortest Path First (OSPF) routing protocol is used to manage IP routing inside an Autonomous
System (AS).

When processing malformed OSPF packets, the system will reload and freeze for some minutes.
Repeated exploitation will cause Denial-of-Service attack. Use OSPF Authentication can reduce the
attack influence.


Vulnerable systems:

Cisco IOS 12.0S, 12.2, 12.3 release trains


For more information see:
Cisco Security Advisory:

http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml


4731 - Mozilla Suite Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1718
CVE: CVE-2006-5464

Description
The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and
Thunderbird email clients today, and version 1.0.6 of Seamonkey. These versions address some
security issues covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67.

Observation
If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to
Firefox 1.5.0.8.

MFSA2006-65
MFSA2006-66
MFSA2006-67


4733 - Mozilla Suite Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1721
CVE: CVE-2006-5464

Description
The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and
Thunderbird email clients today, and version 1.0.6 of Seamonkey. These versions address some
security issues covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67.

Observation
If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to
Firefox 1.5.0.8.

MFSA2006-65
MFSA2006-66
MFSA2006-67


4732 - Mozilla Suite Multiple Vulnerabilities
Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1710
CVE: CVE-2006-5464

Description
The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and
Thunderbird email clients today, and version 1.0.6 of Seamonkey. These versions address some
security issues covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67.

Observation
If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to
Firefox 1.5.0.8.

MFSA2006-65
MFSA2006-66
MFSA2006-67


4740 - (MS06-068) Microsoft Agent Memory Corruption Vulnerability (920213)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-3445

Description
A vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks.

Observation
Microsoft Windows in an industry-standard operating system.

A vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks. The
vulnerability lies in the way Microsoft Agent handles ACF files. A malicious, specially-crafted ACF file
could corrupt system memory. A user would have to visit a malicious website or open an HTML email
for an attack to be successful.

4663 - (MS06-067) Microsoft DirectAnimation ActiveX Controls Memory Corruption
Vulnerability II (922760)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-4446

Description
A vulnerability exists in a Microsoft Internet Explorer that may allow for arbitrary code execution or a
denial of service attack.

Observation
Microsoft Internet Explorer is an industry standard web browser.

Microsoft Internet Explorer contains a flaw when processing a specially crafted COM object. The flaw
lies specifically in processing of daxctle.ocx objects that contain 0xffffffff as the beginning parameter.
The resulting heap overflow could allow for a remote denial of service or arbitrary code execution.


4664 - (MS06-067) Microsoft HTML Rendering Memory Corruption Vulnerability (922760)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-4687

Description
A vulnerability is present in Microsoft Internet Explorer that may allow for arbitrary code execution.

Observation
Microsoft Internet Explorer is an industry standard web browser.

A vulnerability exists in Internet Explorer that may allow for the remote execution of arbitrary code.
The flaw lies in processing of malicious HTML in crafted layout combinations. Code execution is at
the rights level of the victim's user account rights level. Successful exploitation can be accomplished
by coercing a victim to a website hosting the malicious document or through an email attachment
containing it.

 4741 - (MS060-069) Microsoft Excel Macromedia Flash ActiveX Object Code Execution
(923789)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-3014

Description
A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for
arbitrary code execution.

Observation
Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows
dynamic web content to be displayed.

A vulnerability exists in this distribution of Macromedia Flash player that may allow for arbitrary code
execution. This could successfully be exploited remotely when visiting a malicious website or opening
an email attachment. The flaw is due to processing a specially crafted Excel document with an
embedded ActiveX Shockwave object.

 4742 - (MS060-069) Microsoft Macromedia Flash Player Long String SWF Buffer Overflow
(923789)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-3311

Description
A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for
arbitrary code execution.
Observation
Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows
dynamic web content to be displayed.

A vulnerability exists in this distribution of Macromedia Flash player that may allow for arbitrary code
execution. This could successfully be exploited remotely when visiting a malicious website or opening
an email attachment. The flaw is due to processing a specially crafted SWF movie with an unusually
long string within it.

4743 - (MS060-069) Microsoft Macromedia Flash Player Malformed SWF Improper Memory
Access (923789)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-3587

Description
A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for
arbitrary code execution.

Observation
Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows
dynamic web content to be displayed.

A vulnerability exists in this distribution of Macromedia Flash player that may allow for arbitrary code
execution. This could successfully be exploited remotely when visiting a malicious website or opening
an email attachment. The memory access flaw is due to processing a specially crafted SWF file.

 4744 - (MS060-069) Microsoft Macromedia Flash Player Compressed SWF Denial of Service
(923789)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-3588

Description
A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for a
denial of service attack.
Observation
Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows
dynamic web content to be displayed.

A vulnerability exists in this distribution of Macromedia Flash player that may allow for a denial of
service attack. This could successfully be exploited remotely when visiting a malicious website or
opening an email attachment. The flaw is due to processing a specially crafted compressed SWF file.

4737 - (MS060-069) Microsoft Macromedia Flash Player Unspecified allowScriptAccess
Bypass (923789)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-4640

Description
A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for a
security bypass.

Observation
Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows
dynamic web content to be displayed.

A vulnerability exists in this distribution of Macromedia Flash player that may allow for a security
bypass. This could successfully be exploited remotely when visiting a malicious website or opening
an email attachment. The flaw lies in the ability to bypass the allowScriptAccess control.


4739 - (MS06-066) Microsoft Windows Netware Driver Denial of Service Vulnerability (923980)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Medium
Check Version: 1.1738
CVE: CVE-2006-4689

Description
A vulnerability exists in Microsoft Client Service for Netware that may allow for a denial of service
attack.
Observation
Microsoft Client Services for Netware allows for communication with Netware network resources.

A vulnerability exists in Microsoft Client Service for Netware that may allow for a denial of service
attack. The flaw is due to an unchecked buffer within the client service. Successful exploitation would
necessitate that the attacker was authenticated with local access to the network.


ENHANCED CHECKS
The following checks have been updated. Enhancements may include optimizations, changes that
reflect new information on a vulnerability and anything else that improves upon an existing FSL check.



4612 - Mozilla Firefox 1.5.0.7 fixed multiple vulnerabilities
Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1706
CVE: CVE-2006-4253


4613 - Mozilla Thunderbird 1.5.0.7 fixed multiple vulnerabilities
Category: Windows Host Assessment -> Miscellaneous
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1706
CVE: CVE-2006-4253

 4729 - (MS06-071) Microsoft XML Core Services Remote Code Execution Vulnerability
(928088)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1738
CVE: CVE-2006-5745

4616 - (MS06-067) Microsoft DirectAnimation ActiveX Controls Memory Corruption
Vulnerability I (922760)
Category: Windows Host Assessment -> Patches and Hotfixes
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: High
Check Version: 1.1738
CVE: CVE-2006-4777


3915 - Apache SSLVerifyClient Bypass Restrictions
Category: General Vulnerability Assessment -> NonIntrusive -> Web
Risk Level: Medium
Check Version: 1.1732
CVE: CVE-2005-2700


3916 - Apache HTTP Request Smuggling
Category: General Vulnerability Assessment -> NonIntrusive -> Web
Risk Level: Medium
Check Version: 1.1732
CVE: CVE-2005-2088


1249 - Apache Scoreboard Memory Segment Overwriting Denial-of-Service
Category: General Vulnerability Assessment -> NonIntrusive -> Web
Risk Level: Medium
Check Version: 1.1732
CVE: CVE-2002-0839
ARMY IAVA: 2002-A-0008


2168 - Apache mod_ssl Wildcard DNS Cross-Site Scripting

Category: General Vulnerability Assessment -> NonIntrusive -> Web
Risk Level: Low
Check Version: 1.1732
CVE: CVE-2002-1157


2976 - OpenSSL Klima-Pokorny-Rosa Attack
Category: General Vulnerability Assessment -> NonIntrusive -> Web
Risk Level: Low
Check Version: 1.1732
CVE: CVE-2003-0131


1849 - Microsoft Windows Maximum Application Log Size Policy Enumeration
Category: Windows Host Assessment -> Security Policy/Options
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Low
Check Version: 1.1737


1850 - Microsoft Windows Maximum Security Log Size Policy Enumeration
Category: Windows Host Assessment -> Security Policy/Options
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Low
Check Version: 1.1737


1851 - Microsoft Windows Maximum System Log Size Policy Enumeration
Category: Windows Host Assessment -> Security Policy/Options
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Low
Check Version: 1.1737


70002 - http-helpers.fasl3.inc
Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category
Risk Level: Informational
Check Version: 1.1730


70014 - netbios-helpers.fasl3.inc
Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category
Risk Level: Informational
Check Version: 1.1712


4024 - Microsoft Windows Directory Service Access Audit Policy
Category: Windows Host Assessment -> Security Policy/Options
(CATEGORY REQUIRES CREDENTIALS)
Risk Level: Informational
Check Version: 1.1736


                                         HOW TO UPDATE
FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers,
below. In addition, we strongly urge all appliance customers to authorize and install any Windows
Update critical patches. The appliance will auto-download any critical updates but will wait for your
explicit authorization before installing.

FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using
the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a
valid FSUpdate username and password. The new vulnerability scripts will be automatically included
in your scans if you have selected that option by right-clicking the selected vulnerability category and
checking the "Run New Checks" checkbox.

MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment.
The new vulnerability scripts will be automatically included when your scans are next scheduled,
provided the Run New Scripts option has been turned on.



                                MCAFEE TECHNICAL SUPPORT
                    PrimeSupport ServicePortal: https://mysupport.nai.com/login.asp
                               Multi-National Phone Support available here:
                            http://www.mcafeesecurity.com/us/contact/home.htm
                    PGP Key: http://www.foundstone.com/pgpkeys/techsupport.asc


This email may contain confidential and privileged material for the sole use of the intended recipient.
Any review or distribution by others is strictly prohibited. If you are not the intended recipient please
contact the sender and delete all copies.

                                   Copyright 2004-2007 McAfee, Inc.
                  McAfee is a registered trademark of McAfee, Inc. and/or its affiliates.

McAfee Foundstone Update

  • 1.
    2006-NOV-14 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary of the new and updated checks included with this release. NEW CHECKS 4736 - Microsoft Kernel GDI Remap Vulnerability Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High Check Version: 1.1726 CVE: CVE-2006-5758 Description A vulnerability is present in the Microsoft Windows Kernel that may allow for a privilege escalation attack. Observation Microsoft Windows is an industry standard operating system. The Windows Kernel provides service and driver support for applications running on the Windows operating system. A vulnerability exists in the Windows Kernel that could allow a local attacker the ability to cause a denial of service or execute arbitrary code. The local privilege escalation vulnerability is due to errors in Kernel shared memory that could allow GDI object processes the ability to remap from read only to writable. Successful exploitation could lead to complete compromise of the host. 4738 - (MS06-066) Microsoft Client Service for Netware Memory Corruption Vulnerability (923980) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS)
  • 2.
    Risk Level: High CheckVersion: 1.1738 CVE: CVE-2006-4688 Description A vulnerability exists in Microsoft Client Service for Netware that may allow for arbitrary code execution. Observation Microsoft Client Services for Netware allows for communication with Netware network resources. A vulnerability exists in Microsoft Client Service for Netware that may allow for code execution on a vulnerable host. The flaw is due to an unchecked buffer within the client service. Successful exploitation would necessitate that the attacker was authenticated with local access to the network. 4745 - (MS06-070) Microsoft Workstation Service Memory Corruption Vulnerability (924270) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High Check Version: 1.1738 CVE: CVE-2006-4691 Description A vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks. Observation Microsoft Windows in an industry-standard operating system. The Workstation service locates and routes remote access requests to the local filesystem or networking components. A buffer-overflow vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks. To exploit the vulnerability, a remote attacker would send a specially-crafted message to the Workstation service. A successful attack would give the attacker full control of the vulnerable machine. 4734 - Cisco IOS Embedded Call Processing Solutions DoS Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network Risk Level: Medium Check Version: 1.1724 Description
  • 3.
    A Denial-of-Service vulnerabilityexists in Cisco IOS which support ITS, CME or SRST. Observation Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) and Cisco's Survivable Remote Site Telephony (SRST) are use to control IP Phones by using the Skinny Call Control Protocol (SCCP). Cisco IOS is vulnerable with these features enabled, and the device will be reloaded when processing malformed SCCP packets. Repeated exploitation may cause a Denial-of-Service attack. Vulnerable systems: Cisco IOS 12.1Y base trains Cisco IOS 12.2 - 12.3 For more information see: Cisco Security Advisory: http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml 4735 - Cisco IOS Malformed OSPF Packet Causes Reload Vulnerability Category: General Vulnerability Assessment -> NonIntrusive -> Network Risk Level: Medium Check Version: 1.1724 Description A Denial-of-Service vulnerability is existed in Cisco IOS with OSPF protocol support enabled. Observation Open Shortest Path First (OSPF) routing protocol is used to manage IP routing inside an Autonomous System (AS). When processing malformed OSPF packets, the system will reload and freeze for some minutes. Repeated exploitation will cause Denial-of-Service attack. Use OSPF Authentication can reduce the attack influence. Vulnerable systems: Cisco IOS 12.0S, 12.2, 12.3 release trains For more information see:
  • 4.
    Cisco Security Advisory: http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml 4731- Mozilla Suite Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1718 CVE: CVE-2006-5464 Description The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and Thunderbird email clients today, and version 1.0.6 of Seamonkey. These versions address some security issues covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67. Observation If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to Firefox 1.5.0.8. MFSA2006-65 MFSA2006-66 MFSA2006-67 4733 - Mozilla Suite Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1721 CVE: CVE-2006-5464 Description The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and Thunderbird email clients today, and version 1.0.6 of Seamonkey. These versions address some security issues covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67. Observation
  • 5.
    If you havenot already upgraded to the new Firefox 2.0 web browser, you should be sure to update to Firefox 1.5.0.8. MFSA2006-65 MFSA2006-66 MFSA2006-67 4732 - Mozilla Suite Multiple Vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1710 CVE: CVE-2006-5464 Description The Mozilla Foundation released version 1.5.0.8 of both their popular Firefox web browser and Thunderbird email clients today, and version 1.0.6 of Seamonkey. These versions address some security issues covered in MFSA2006-65, MFSA2006-66 and MFSA2006-67. Observation If you have not already upgraded to the new Firefox 2.0 web browser, you should be sure to update to Firefox 1.5.0.8. MFSA2006-65 MFSA2006-66 MFSA2006-67 4740 - (MS06-068) Microsoft Agent Memory Corruption Vulnerability (920213) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-3445 Description A vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks. Observation
  • 6.
    Microsoft Windows inan industry-standard operating system. A vulnerability exists in Microsoft Windows that may allow for remote-code-execution attacks. The vulnerability lies in the way Microsoft Agent handles ACF files. A malicious, specially-crafted ACF file could corrupt system memory. A user would have to visit a malicious website or open an HTML email for an attack to be successful. 4663 - (MS06-067) Microsoft DirectAnimation ActiveX Controls Memory Corruption Vulnerability II (922760) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-4446 Description A vulnerability exists in a Microsoft Internet Explorer that may allow for arbitrary code execution or a denial of service attack. Observation Microsoft Internet Explorer is an industry standard web browser. Microsoft Internet Explorer contains a flaw when processing a specially crafted COM object. The flaw lies specifically in processing of daxctle.ocx objects that contain 0xffffffff as the beginning parameter. The resulting heap overflow could allow for a remote denial of service or arbitrary code execution. 4664 - (MS06-067) Microsoft HTML Rendering Memory Corruption Vulnerability (922760) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-4687 Description A vulnerability is present in Microsoft Internet Explorer that may allow for arbitrary code execution. Observation
  • 7.
    Microsoft Internet Exploreris an industry standard web browser. A vulnerability exists in Internet Explorer that may allow for the remote execution of arbitrary code. The flaw lies in processing of malicious HTML in crafted layout combinations. Code execution is at the rights level of the victim's user account rights level. Successful exploitation can be accomplished by coercing a victim to a website hosting the malicious document or through an email attachment containing it. 4741 - (MS060-069) Microsoft Excel Macromedia Flash ActiveX Object Code Execution (923789) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-3014 Description A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for arbitrary code execution. Observation Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows dynamic web content to be displayed. A vulnerability exists in this distribution of Macromedia Flash player that may allow for arbitrary code execution. This could successfully be exploited remotely when visiting a malicious website or opening an email attachment. The flaw is due to processing a specially crafted Excel document with an embedded ActiveX Shockwave object. 4742 - (MS060-069) Microsoft Macromedia Flash Player Long String SWF Buffer Overflow (923789) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-3311 Description A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for arbitrary code execution.
  • 8.
    Observation Microsoft Windows XPSP2 includes a distribution of the Macromedia Flash player that allows dynamic web content to be displayed. A vulnerability exists in this distribution of Macromedia Flash player that may allow for arbitrary code execution. This could successfully be exploited remotely when visiting a malicious website or opening an email attachment. The flaw is due to processing a specially crafted SWF movie with an unusually long string within it. 4743 - (MS060-069) Microsoft Macromedia Flash Player Malformed SWF Improper Memory Access (923789) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-3587 Description A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for arbitrary code execution. Observation Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows dynamic web content to be displayed. A vulnerability exists in this distribution of Macromedia Flash player that may allow for arbitrary code execution. This could successfully be exploited remotely when visiting a malicious website or opening an email attachment. The memory access flaw is due to processing a specially crafted SWF file. 4744 - (MS060-069) Microsoft Macromedia Flash Player Compressed SWF Denial of Service (923789) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-3588 Description A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for a denial of service attack.
  • 9.
    Observation Microsoft Windows XPSP2 includes a distribution of the Macromedia Flash player that allows dynamic web content to be displayed. A vulnerability exists in this distribution of Macromedia Flash player that may allow for a denial of service attack. This could successfully be exploited remotely when visiting a malicious website or opening an email attachment. The flaw is due to processing a specially crafted compressed SWF file. 4737 - (MS060-069) Microsoft Macromedia Flash Player Unspecified allowScriptAccess Bypass (923789) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-4640 Description A vulnerability in the Microsoft Windows XP SP2 supplied Macromedia Flash Player could allow for a security bypass. Observation Microsoft Windows XP SP2 includes a distribution of the Macromedia Flash player that allows dynamic web content to be displayed. A vulnerability exists in this distribution of Macromedia Flash player that may allow for a security bypass. This could successfully be exploited remotely when visiting a malicious website or opening an email attachment. The flaw lies in the ability to bypass the allowScriptAccess control. 4739 - (MS06-066) Microsoft Windows Netware Driver Denial of Service Vulnerability (923980) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: Medium Check Version: 1.1738 CVE: CVE-2006-4689 Description A vulnerability exists in Microsoft Client Service for Netware that may allow for a denial of service attack.
  • 10.
    Observation Microsoft Client Servicesfor Netware allows for communication with Netware network resources. A vulnerability exists in Microsoft Client Service for Netware that may allow for a denial of service attack. The flaw is due to an unchecked buffer within the client service. Successful exploitation would necessitate that the attacker was authenticated with local access to the network. ENHANCED CHECKS The following checks have been updated. Enhancements may include optimizations, changes that reflect new information on a vulnerability and anything else that improves upon an existing FSL check. 4612 - Mozilla Firefox 1.5.0.7 fixed multiple vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High Check Version: 1.1706 CVE: CVE-2006-4253 4613 - Mozilla Thunderbird 1.5.0.7 fixed multiple vulnerabilities Category: Windows Host Assessment -> Miscellaneous (CATEGORY REQUIRES CREDENTIALS) Risk Level: High Check Version: 1.1706 CVE: CVE-2006-4253 4729 - (MS06-071) Microsoft XML Core Services Remote Code Execution Vulnerability (928088) Category: Windows Host Assessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High Check Version: 1.1738 CVE: CVE-2006-5745 4616 - (MS06-067) Microsoft DirectAnimation ActiveX Controls Memory Corruption Vulnerability I (922760)
  • 11.
    Category: Windows HostAssessment -> Patches and Hotfixes (CATEGORY REQUIRES CREDENTIALS) Risk Level: High Check Version: 1.1738 CVE: CVE-2006-4777 3915 - Apache SSLVerifyClient Bypass Restrictions Category: General Vulnerability Assessment -> NonIntrusive -> Web Risk Level: Medium Check Version: 1.1732 CVE: CVE-2005-2700 3916 - Apache HTTP Request Smuggling Category: General Vulnerability Assessment -> NonIntrusive -> Web Risk Level: Medium Check Version: 1.1732 CVE: CVE-2005-2088 1249 - Apache Scoreboard Memory Segment Overwriting Denial-of-Service Category: General Vulnerability Assessment -> NonIntrusive -> Web Risk Level: Medium Check Version: 1.1732 CVE: CVE-2002-0839 ARMY IAVA: 2002-A-0008 2168 - Apache mod_ssl Wildcard DNS Cross-Site Scripting Category: General Vulnerability Assessment -> NonIntrusive -> Web Risk Level: Low Check Version: 1.1732 CVE: CVE-2002-1157 2976 - OpenSSL Klima-Pokorny-Rosa Attack Category: General Vulnerability Assessment -> NonIntrusive -> Web
  • 12.
    Risk Level: Low CheckVersion: 1.1732 CVE: CVE-2003-0131 1849 - Microsoft Windows Maximum Application Log Size Policy Enumeration Category: Windows Host Assessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low Check Version: 1.1737 1850 - Microsoft Windows Maximum Security Log Size Policy Enumeration Category: Windows Host Assessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low Check Version: 1.1737 1851 - Microsoft Windows Maximum System Log Size Policy Enumeration Category: Windows Host Assessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS) Risk Level: Low Check Version: 1.1737 70002 - http-helpers.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational Check Version: 1.1730 70014 - netbios-helpers.fasl3.inc Category: General Vulnerability Assessment -> NonIntrusive -> Invalid Category Risk Level: Informational Check Version: 1.1712 4024 - Microsoft Windows Directory Service Access Audit Policy
  • 13.
    Category: Windows HostAssessment -> Security Policy/Options (CATEGORY REQUIRES CREDENTIALS) Risk Level: Informational Check Version: 1.1736 HOW TO UPDATE FS1000 APPLIANCE customers should follow the instructions for Enterprise/Professional customers, below. In addition, we strongly urge all appliance customers to authorize and install any Windows Update critical patches. The appliance will auto-download any critical updates but will wait for your explicit authorization before installing. FOUNDSTONE ENTERPRISE and PROFESSIONAL customers may obtain these new scripts using the FSUpdate Utility by selecting "FoundScan Update" on the help menu. Make sure that you have a valid FSUpdate username and password. The new vulnerability scripts will be automatically included in your scans if you have selected that option by right-clicking the selected vulnerability category and checking the "Run New Checks" checkbox. MANAGED SERVICE CUSTOMERS already have the newest update applied to their environment. The new vulnerability scripts will be automatically included when your scans are next scheduled, provided the Run New Scripts option has been turned on. MCAFEE TECHNICAL SUPPORT PrimeSupport ServicePortal: https://mysupport.nai.com/login.asp Multi-National Phone Support available here: http://www.mcafeesecurity.com/us/contact/home.htm PGP Key: http://www.foundstone.com/pgpkeys/techsupport.asc This email may contain confidential and privileged material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. Copyright 2004-2007 McAfee, Inc. McAfee is a registered trademark of McAfee, Inc. and/or its affiliates.