Search

See Resources

@RISK: The Consensus Security Vulnerability Alert
Week 18 2014



This is a weekly newsletter that provides in-depth analysis of
the latest vulnerabilities with straightforward remediation advice. Qualys
supplies a large part of the newly-discovered vulnerability content used in
this newsletter.

@RISK: The Consensus Security Vulnerability Alert
Week 18 2014

CONTENTS
NOTABLE RECENT SECURITY ISSUES
INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY
VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE
MOST PREVALENT MALWARE FILES 4/29/2014 - 5/6/2014


TOP VULNERABILITY THIS WEEK: Adobe Flash Player contains a coding
deficiency that may lead to remote code execution (CVE-2014-0515)


NOTABLE RECENT SECURITY ISSUES SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM

Title Covert Redirect Vulnerability Related to OAuth 2.0 and OpenID
Description The vulnerability could lead to open redirect attacks to
both clients and providers of OAuth 2.0 or OpenID, according to Jing
Wang, a doctorate student in mathematics at the Nanyang Technological
University in Singapore.
Reference
http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html

Title Microsoft patches Heartbleed in Windows 8.1 VPN client
Description A Juniper VPN client that shipped with Windows 8.1 is
vulnerable to Heartbleed. Microsoft has released a fix through Windows
Update.
Reference
http://www.zdnet.com/microsoft-patches-heartbleed-in-win-8-1-vpn-client-7000029079/

Title Adobe Flash Player Pixel Bender component (CVE-2014-0515)
Description A vulnerability in the Pixel Bending component was
leveraged in watering hole attacks, targeting Syrian dissidents.
Reference
http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
http://securityaffairs.co/wordpress/24461/hacking/adobe-zero-day-watering-syria.html
Snort SID 30876 & 30877


INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

Students Reveal Loophole in DNS Security
http://www.technion.ac.il/en/2014/04/students-reveal-loophole-in-dns-security/

Anatomy of an exploit: CVE 2014-1776
http://vrt-blog.snort.org/2014/05/anatomy-of-exploit-cve-2014-1776.html

The evolution of Rovnix: new Virtual File System (VFS)
http://blogs.technet.com/b/mmpc/archive/2014/05/05/the-evolution-of-rovnix-new-virtual-file-system-vfs.aspx

ModSecurity Advanced Topic of the Week: JSON Support
http://blog.spiderlabs.com/2014/05/modsecurity-advanced-topic-of-the-week-json-support.html


RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

This is a list of recent vulnerabilities for which exploits are
available. System administrators can use this list to help in
prioritization of their remediation activities. The Qualys Vulnerability
Research Team compiles this information based on various exploit
frameworks, exploit databases, exploit kits and monitoring of internet
activity.

ID     CVE-2014-0094
Title  Apache Struts ClassLoader Manipulation Remote Code Execution
Vendor Apache
Description The ParametersInterceptor in Apache Struts before 2.3.16.1
allows remote attackers to "manipulate" the ClassLoader via the class
parameter, which is passed to the getClass method.
CVSS v2 Base Score 5.0 (AV:N/AC:L/AU:N/C:N/I:P/A:N)

ID     CVE-2014-0497
Title  Adobe Flash Player Integer Underflow Remote Code Execution
Vendor Adobe
Description Integer underflow in Adobe Flash Player before 11.7.700.261
and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and
before 11.2.202.336 on Linux, allows remote attackers to execute
arbitrary code via unspecified vectors.
CVSS v2 Base Score 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)

ID     CVE-2014-1776
Title  Microsoft Internet Explorer Use-after-Free Vulnerability
Vendor Microsoft
Description Use-after-free vulnerability in VGX.DLL in Microsoft
Internet Explorer 6 through 11 allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via
unspecified vectors, as exploited in the wild in April 2014.
CVSS v2 Base Score 10.0 (AV:N/AC:L/AU:N/C:C/I:C/A:C)

ID     CVE-2013-0634
Title  Adobe Flash Player 11.5.502.146 Memory Corruption Vulnerability
Vendor Adobe
Description Adobe Flash Player before 10.3.183.51 and 11.x before
11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before
11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and
before 11.1.115.37 on Android 4.x allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption) via
crafted SWF content, as exploited in the wild in February 2013.
CVSS v2 Base Score 9.3 (AV:N/AC:M/AU:N/C:C/I:C/A:C)

ID     CVE-2014-0160
Title  OpenSSL TLS Heartbeat Extension Buffer Oveflow Information
Disclosure Vulnerability (Heartbleed)
Vendor OpenSSL Project
Description The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1
before 1.0.1g do not properly handle Heartbeart Extension packets, which
allows remote attackers to obtain sensitive information from process
memory via crafted packets that trigger a buffer over-read, as
demonstrated by reading private keys, related to d1_both.c and t1_lib.c.
CVSS v2 Base Score 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)


MOST PREVALENT MALWARE FILES 4/29/2014 - 5/6/2014 COMPILED BY SOURCEFIRE

SHA 256 318424F30D18009192F0CE1E3BEDF260A77B260E109F1E4C5759284E5CD5E399
MD5 5297fb1249f57832ef390d0a0cdccc71
VirusTotal
https://www.virustotal.com/file/ 318424F30D18009192F0CE1E3BEDF260A77B260E109F1E4C5759284E5CD5E399/analysis/#additional-info
Typical Filename wajam_update.exe
Claimed Product Wajam Internet Technologies Inc
Detection Name W32.Auto.318424.MASH.RT.SBX.VIOC

SHA 256 CC8E385DB847E9DA2B460EF275AB7B4DF5900F6C84006193958D9A7A2019BBF7
MD5 deabb07bc9b0009d826d2ca04c43f90f
VirusTotal
https://www.virustotal.com/file/ CC8E385DB847E9DA2B460EF275AB7B4DF5900F6C84006193958D9A7A2019BBF7/analysis/#additional-info
Typical Filename SPSetup.exe
Claimed Product Conduit Search Protect
Detection Name W32.CC8E385DB8-100.SBX.VIOC

SHA 256 CAB5B67B2FFD8DA04F3E0E8713DF2AAABF69334EA2CC049368A499809B519ED7
MD5 e5575149a477dc94af527fc7d751a407
VirusTotal
https://www.virustotal.com/file/ CAB5B67B2FFD8DA04F3E0E8713DF2AAABF69334EA2CC049368A499809B519ED7/analysis/#additional-info
Typical Filename SPSetup.exe
Claimed Product Conduit Search Protect
Detection Name W32.CAB5B67B2F-100.SBX.VIOC

SHA 256 AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615
MD5 3291e1603715c47a23b60a8bf2ca73db
VirusTotal
https://www.virustotal.com/file/ AA0BBAECB678868E1E7F57C7CA9D61B608B3D788BE490790EB1D148BEADF4615/analysis/#additional-info
Typical Filename 0D92F.tmp
Claimed Product Conficker
Detection Name W32.Worm:GN.17fr.1201

SHA 256 3706B20574F1AFF6F103B9BA085F54C95E78AE70A26F90BAA59AA212B08480B4
MD5 122e0fe0bd52d264ffb874e538114473
VirusTotal
https://www.virustotal.com/file/ 3706B20574F1AFF6F103B9BA085F54C95E78AE70A26F90BAA59AA212B08480B4/analysis/#additional-info
Typical Filename cbsidlm-cbsi188-APK_Installer_and_Launcher-ORG-75915554.exe
Claimed Product CNET Download.com Downloader
Detection Name W32.3706B20574-61.SBX.VIOC

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics