Wednesday, 13 October 2010

Oracle Java IE Browser Plugin Stack Buffer Overflow Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a stack based buffer overflow vulnerability (CVE-2010-3552) in Oracle's Java for Internet Explorer. The flaw is found within the JP2IEXP.dll module which is used by Internet Explorer for managing the Java plugin. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-206/

And the Oracle advisory here:
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html

This vulnerability was also independently discovered by Berend-Jan Wever who has written a blog post detailing the vulnerability along with several interesting proof of concept exploit modules (specifically iExploit12-DEP.zip) which can be found here

Wednesday, 6 October 2010

Novell iManager Arbitrary File Upload Remote Code Execution Vulnerability

TippingPoint's Zero Day Initiative (ZDI) have published an advisory for a remote pre authentication arbitrary file upload vulnerability in Novell iManager that leads to arbitrary code execution. This vulnerability was discovered by Stephen Fewer of Harmony Security.

You can read the full ZDI advisory here:
http://www.zerodayinitiative.com/advisories/ZDI-10-190/

And the Novell advisory here:
http://www.novell.com/support/viewContent.do?externalId=7006515&sliceId=2