March 2007

Monthly Archive

[Other] PHP “array_user_key_compare()” Double DTOR Vulnerabilit

TITLE:
PHP “array_user_key_compare()” Double DTOR Vulnerability

SECUNIA ADVISORY ID:
SA24542

VERIFY ADVISORY:
http://secunia.com/advisories/24542/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
PHP 5.2.x
http://secunia.com/product/13446/
PHP 4.4.x
http://secunia.com/product/5768/

DESCRIPTION:
Stefan Esser has reported a vulnerability in PHP, which can be exploited
by malicious users to gain escalated privileges.

The vulnerability is caused due to an error in the
“array_user_key_compare()” function where key references are incorrectly
destroyed. This can be exploited to cause memory corruption and allow
execution of arbitrary code, which can lead to security restrictions,
such as the “disable_functions” directive, being bypassed.

The vulnerability is reported in version 4.4.6 and confirmed in version
5.2.1. Other versions may also be affected.

SOLUTION:
Grant only trusted users permissions to execute PHP code.

PROVIDED AND/OR DISCOVERED BY:
Stefan Esser

ORIGINAL ADVISORY: http://www.php-security.org/MOPB/MOPB-24-2007.html

0 comments Friday 16 Mar 2007 | Guardian | Other

[Windows] Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulnerabilit

TITLE:
Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulnerability

SECUNIA ADVISORY ID:
SA24535

VERIFY ADVISORY:
http://secunia.com/advisories/24535/

CRITICAL:
Less critical

IMPACT:
Cross Site Scripting, Spoofing

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 7.x http://secunia.com/product/12366/

DESCRIPTION:
Aviv Raff has discovered a vulnerability in Internet Explorer 7, which
can be exploited by malicious people to conduct phishing attacks.

An input validation error exists in the local resource page
“navcancl.htm” when generating the “Refresh the page” link. This can be
exploited to inject arbitrary script code to e.g. spoof the contents of
an arbitrary site when the user clicks on the “Refresh the page” link.

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/Internet_Explorer_7_navcancl.htm_Cross-Site_Scripting
_Vulnerability/

The vulnerability is confirmed in Internet Explorer 7 on a fully patched
Windows XP SP2 system. Other versions may also be affected.

SOLUTION:
Do not follow links from untrusted sources.

Do not click the “Refresh the page” link when the “Navigation Canceled”
page is displayed.

PROVIDED AND/OR DISCOVERED BY:
Aviv Raff

ORIGINAL ADVISORY:
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerabi
lity.aspx

0 comments Thursday 15 Mar 2007 | Guardian | Windows

Next »