SDS Banner

SmartDefense Services Bulletin
January 2006

Greetings! This bulletin features Check Point SmartDefense Services highlights for the month of . Please feel free to email us if you have any comments or questions.

To sign-up to the mailing list, send an email to listserv@amadeus.us.checkpoint.com with the text "SUBSCRIBE SMARTDEFENSE-NEWS" in the email body. If you'd like to unsubscribe from this bulletin, send an email to listserv@amadeus.us.checkpoint.com with the text "SIGNOFF SMARTDEFENSE-NEWS" in the email body.

 
In This Bulletin

About SmartDefense Services
Advisories
Security Best Practices
Defense Updates

About SmartDefense Services

Check Point SmartDefense Services maintain the most current preemptive security for your Check Point security infrastructure. To help your defenses stay continuously ahead of today’s constantly evolving threat landscape, SmartDefense Services provide:

  • Preemptive, ongoing, and real-time updates to defenses and security policies
  • Ongoing new protocol and application defenses against emerging threats and attacks
  • Step-by-step instructions on how to activate and configure defenses against emerging threats and vulnerabilities – usually before exploits are created by hackers
  • Anti-virus updates and alerts for Check Point VPN-1 Express CI
  • Anti-spyware updates for Check Point Integrity Anti-Spyware 
  • Malicious applications database for automating network access and malware termination policies (Program Advisor Service for Integrity)
Advisories (Sorted by Severity, then Date)
CPAI-2005-357
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor ICMP Source Quench Denial of Service Vulnerabilities
  Sources: Secunia Advisory: SA14904
  Vulnerable Systems:
Microsoft Windows 2000 (all versions)
Microsoft Windows 98
Microsoft Windows 98 SE
Microsoft Windows ME
Microsoft Windows XP (all versions)
Microsoft Windows XP 64-bit Edition (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2000 (Itanium)
Microsoft Windows Server 2003 (Base)
Cisco Systems Carrier Voice Gateways MGX 8250 Series
Cisco Systems Carrier Voice Gateways MGX 8850 Series
Cisco Systems Catalyst Content Services Switch 6608
Cisco Systems Catalyst Content Services Switch 6624
Cisco Systems Catalyst Content Services Switch 11000
Cisco Systems Catalyst Content Services Switch 11500
Cisco Systems Content Switching Module 11000
Cisco Systems Content Switching Module 11500
Cisco Systems Global Site Selector any
Cisco Systems IP Phone 7940
Cisco Systems IP Phone 7960
Cisco Systems IP Phone 7970
Cisco Systems Multilayer Switches MDS 9000 Series
Sun Microsystems Solaris 10.0_x86
Sun Microsystems Solaris 7.0
Sun Microsystems Solaris 10.0
Sun Microsystems Solaris 7.0_x86
Sun Microsystems Solaris 8.0
Sun Microsystems Solaris 8.0_x86
Sun Microsystems Solaris 9.0
Sun Microsystems Solaris 9.0_x86
     
CPAI-2005-356
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor ICMP Connection Reset Denial of Service Vulnerabilities
  Sources: Secunia Advisory: SA14904
  Vulnerable Systems:
Microsoft Windows 2000 (all versions)
Microsoft Windows 98
Microsoft Windows 98 SE
Microsoft Windows ME
Microsoft Windows XP (all versions)
Microsoft Windows XP 64-bit Edition (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2000 (Itanium)
Microsoft Windows Server 2003 (Base)
Cisco Systems Carrier Voice Gateways MGX 8250 Series
Cisco Systems Carrier Voice Gateways MGX 8850 Series
Cisco Systems Catalyst Content Services Switch 6608
Cisco Systems Catalyst Content Services Switch 6624
Cisco Systems Catalyst Content Services Switch 11000
Cisco Systems Catalyst Content Services Switch 11500
Cisco Systems Content Switching Module any
Cisco Systems CRS-1 any
Cisco Systems Global Site Selector any
Cisco Systems IOS XR
Cisco Systems IP Phone 7940
Cisco Systems IP Phone 7960
Cisco Systems IP Phone 7970
Cisco Systems Multilayer Switches MDS 9000 Series
Cisco Systems ONS 15302
Cisco Systems ONS 15303
Cisco Systems ONS 15454
Cisco Systems PIX Security Appliance any
Cisco Systems VPN Concentrator 5000 Series
Sun Microsystems Solaris 10.0_x86
Sun Microsystems Solaris 7.0
Sun Microsystems Solaris 10.0
Sun Microsystems Solaris 7.0_x86
Sun Microsystems Solaris 8.0
Sun Microsystems Solaris 8.0_x86
Sun Microsystems Solaris 9.0
Sun Microsystems Solaris 9.0_x86
     
CPAI-2005-352
  Date:
  Severity:
  Category:
  Description: Update Protection against Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow
  Sources: Secunia Advisory: SA17640
  Vulnerable Systems: Qualcomm WorldMail 3.1 and earlier
     
CPAI-2005-349
  Date:
  Severity:
  Category:
  Description: Update Protection against Symantec AntiVirus RAR Archive Decompression Buffer Overflow
  Sources: Secunia Advisory: SA18131
  Vulnerable Systems: Symantec BrightMail AntiSpam 4.x
Symantec BrightMail AntiSpam 5.x
Symantec BrightMail AntiSpam 6.x
Symantec Client Security 1.x
Symantec Client Security 2.x
Symantec Mail Security For Domino 4.x
Symantec Mail Security For Exchange 4.x
Symantec Mail Security For SMTP 4.x
Symantec Norton AntiVirus 5
Symantec Norton AntiVirus 7.5
Symantec Norton AntiVirus 2001
Symantec Norton AntiVirus 2002
Symantec Norton AntiVirus 2003
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2005
Symantec Norton AntiVirus 5.0 for OS/2
Symantec Norton AntiVirus Corporate 10.x
Symantec Norton AntiVirus Corporate 7.x
Symantec Norton AntiVirus Corporate 8.x
Symantec Norton AntiVirus Corporate 9.x
Symantec Norton AntiVirus For Caching Servers 4.x
Symantec Norton AntiVirus For Exchange 2.x
Symantec Norton AntiVirus For Exchange 3.x
Symantec Norton AntiVirus For Filtering For Domino 3.x
Symantec Norton AntiVirus For Macintosh 10.x
Symantec Norton AntiVirus For Macintosh 9.x
Symantec Norton AntiVirus For Network Attached Storage 4.x
Symantec Norton AntiVirus For SMTP 3.x
Symantec Norton AntiVirus Scan Engine 4.x
Symantec Norton Internet Security 2001
Symantec Norton Internet Security 2002
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2005
Symantec Norton Internet Security For Macintosh 3.x
Symantec Web Security 2.x
Symantec Web Security 3.x
     
CPAI-2005-346
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft IIS Malformed URL Denial of Service (MS07-041)
  Sources: Microsoft Scurity Bulletin MS07-041
  Vulnerable Systems: Microsoft Internet Information Services 5.1
     
CPAI-2005-345
  Date:
  Severity:
  Category:
  Description: Update Protection against Trend Micro Control Manager Chunked Overflow
  Sources: Secunia Advisory: SA18038
  Vulnerable Systems: Trend Micro Control Manager 2.5
Trend Micro Control Manager 3.0
     
CPAI-2005-341
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft ISAPI W3Who Library Buffer Overflow
  Sources: Secunia Advisory: SA13365
  Vulnerable Systems: Microsoft Windows Resource Kit 2000/XP
     
CPAI-2005-334
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows srvsvc Memory Allocation Denial of Service
  Sources: SecurityFocus Bugtraq ID: 15460
  Vulnerable Systems: Microsoft Windows 2000 (All Versions)
Microsoft Windows XP (All Versions)
     
CPAI-2005-330
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows RPC UPnP Memory Allocation Denial of Service
  Sources: Secunia Advisory: SA17595
  Vulnerable Systems: Microsoft Windows 2000 (All versions)
Microsoft Windows XP SP1
     
CPAI-2005-322
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor Anti-Virus Magic Byte Detection Evasion
  Sources: SecurityFocus Bugtraq ID: 15189
  Vulnerable Systems: ArcaBit ArcaVir 2005
CA eTrust 7.0.14 and prior
CA eTrust QuickHeal AntiVirus 8.0 and prior
Doctor Web AntiVirus 4.32b and prior
FORTINET Antivirus 2.48.0.0 and prior
FRISK Software International Antivirus 3.16c and prior
Grisoft AVG Anti-Virus 7.0.323 and prior
Hacksoft Antivirus 5.8.4 .128 and prior
Kaspersky Labs Anti-Virus 5.0.372 and prior
LAKE Group Ikarus 2.32 and prior
McAfee Internet Security Suite 7.1.5 and prior
McAfee VirusScan Corporate 8.0 .0 and prior
Norman Virus Control 5.81 and prior
Panda Software Titanium any
Sophos Anti-Virus 3.91 and prior
Trend Micro Office Scan Corporate Edition 7.0 and prior
Trend Micro PC-cillin Internet Security 2005 and prior
Ukrainian Antivirus Center UNA any
     
CPAI-2005-320
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Application Server 10g emagent.exe Stack Buffer Overflow
  Sources: Secunia Advisory: SA17250
  Vulnerable Systems: Oracle Enterprise Manager Application Server Control 9.0.4.1
Oracle Enterprise Manager Application Server Control 9.0.4.2
Oracle Enterprise Manager Database Control 10g prior to and including 10.0.1.4
     
CPAI-2005-317
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Database sys.pbsde.init Procedure Buffer Overflow
  Sources: Secunia Advisory: SA17250
  Vulnerable Systems: Oracle Database Server 10g 10.1.0.4.2 and priors
Oracle Database Server 9i Release 2 9.2.0.6 and priors
     
CPAI-2005-316
  Date:
  Severity:
  Category:
  Description: Update Protection against IIS RSA Authentication Agent for Web Redirect Buffer Overflow
  Sources: Secunia Advisory: SA17281
  Vulnerable Systems: RSA Security RSA Authentication Agent For Web for IIS 5.2
RSA Security RSA Authentication Agent For Web for IIS 5.3
     
CPAI-2005-315
  Date:
  Severity:
  Category:
  Description: Update Protection against Snort Back Orifice Pre-Processor Buffer Overflow
  Sources: Secunia Advisory: SA17220
  Vulnerable Systems: Snort Project Snort 2.4.0
Snort Project Snort 2.4.1
Snort Project Snort 2.4.2
     
CPAI-2005-314
  Date:
  Severity:
  Category:
  Description: Update Protection against CA Message Queuing Buffer Overflow
  Sources: Secunia Advisory: SA16513
  Vulnerable Systems: CA eTrust Admin 2.x
CA eTrust Admin 8.x
CA Unicenter Application Performance Monitor 3.x
CA Unicenter Asset Management 3.x
CA Unicenter Data Transport Option 2.x
CA Unicenter Enterprise Job Manager 1.x
CA Unicenter Jasmine 3.x
CA Unicenter Management 3.x
CA Unicenter Management 4.x
CA Unicenter Management 5.x
CA Unicenter NSM 3.x
CA Unicenter Remote Control 6.x
CA Unicenter Service Level Management 3.x
CA Unicenter Software Delivery 3.x
CA Unicenter Software Delivery 4.x
CA Unicenter TNG 2.x
     
CPAI-2005-313
  Date:
  Severity:
  Category:
  Description: Update Protection against VERITAS NetBackup Java Authentication Service Format String
  Sources: Secunia Advisory: SA17181
  Vulnerable Systems: Symantec VERITAS NetBackup Enterprise Server and Client 5.0
Symantec VERITAS NetBackup Enterprise Server and Client 5.1
Symantec VERITAS NetBackup Enterprise Server and Client 6.0
Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5FP
Symantec VERITAS NetBackup DataCenter and BusinesServer 4.5MP (Non-Windows)
     
CPAI-2005-312
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Distributed Transaction Controller Denial of Service (MS05-051)
  Sources: Secunia Advisory: SA17161
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP base
Microsoft Windows XP SP1
Microsoft Windows XP SP2
     
CPAI-2005-310
  Date:
  Severity:
  Category:
  Description: Update Protection against CA Multiple Products HTTP Request Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 15025
  Vulnerable Systems: CA iGateway 1.0
CA iGateway 2.0
CA iGateway 3.0
     
CPAI-2005-308
  Date:
  Severity:
  Category:
  Description: Update Protection against Symantec AntiVirus Scan Engine Administrative Interface Buffer Overflow
  Sources: Secunia Advisory: SA17049
  Vulnerable Systems: Symantec Norton AntiVirus Scan for Netapp 4.0
Symantec Norton AntiVirus Scan Engine 4.0
Symantec Norton AntiVirus Scan Engine 4.3
Symantec Norton AntiVirus Scan Engine For Bluecoat 4.0
Symantec Norton AntiVirus Scan Engine For Caching Servers 4.3
Symantec Norton AntiVirus Scan Engine For Clearswift 4.0
Symantec Norton AntiVirus Scan Engine For Clearswift 4.3
Symantec Norton AntiVirus Scan Engine For ISA 4.0
Symantec Norton AntiVirus Scan Engine For ISA 4.3
Symantec Norton AntiVirus Scan Engine For Messaging 4.3
Symantec Norton AntiVirus Scan Engine For Microsoft SharePoint 4.3
Symantec Norton AntiVirus Scan Engine for Netapp Netcache 4.0
Symantec Norton AntiVirus Scan Engine For Network Attached Storage 4.3
     
CPAI-2005-306
  Date:
  Severity:
  Category:
  Description: Update Protection against Kaspersky Antivirus Library Heap Buffer Overflow
  Sources: Secunia Advisory: SA17024
  Vulnerable Systems: Kaspersky Labs Anti-Virus Business Optimal
Kaspersky Labs Anti-Virus Personal 5.0 and prior
Kaspersky Labs Personal Security Suite 1.0
     
CPAI-2005-290
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft IIS WebDAV Request Source Code Disclosure
  Sources: SecurityFocus Bugtraq ID: 14764
  Vulnerable Systems: Microsoft Internet Information Services 5.1
     
CPAI-2005-285
  Date:
  Severity:
  Category:
  Description: Update Protection against Sophos Anti-Virus Visio File Parsing Buffer Overflow
  Sources: Secunia Advisory: SA16245
  Vulnerable Systems: Sophos Anti-Virus For Windows 3.x prior to 3.96
Sophos Anti-Virus For Windows 4.x prior to 4.5.4
Sophos Anti-Virus For Windows 5.x prior to 5.0.5
Sophos Anti-Virus Small Business Edition prior to 3.96.0
Sophos MailMonitor prior to 3.96
Sophos Pure Message For UNIX prior to 3.95.1
Sophos Pure Message For Windows and Exchange 3.x prior to 3.96
Sophos Pure Message For Windows and Exchange 5.x prior to 5.0.5
     
CPAI-2005-284
  Date:
  Severity:
  Category:
  Description: Update Protection against HP OpenView Network Node Manager Remote Command Execution
  Sources: Secunia Advisory: SA16555
  Vulnerable Systems: HP OpenView Network Node Manager 6.41
HP OpenView Network Node Manager 7.01
HP OpenView Network Node Manager 7.5
     
CPAI-2005-281
  Date:
  Severity:
  Category:
  Description: Update Protection against Sun Solaris printd Daemon Arbitrary File Deletion
  Sources: Secunia Advisory: SA16367
  Vulnerable Systems: Sun Microsystems Solaris 10 SPARC
Sun Microsystems Solaris 10 x86
Sun Microsystems Solaris 7 SPARC
Sun Microsystems Solaris 7 x86
Sun Microsystems Solaris 8 SPARC
Sun Microsystems Solaris 8 x86
Sun Microsystems Solaris 9 SPARC
Sun Microsystems Solaris 9 x86
     
CPAI-2005-278
  Date:
  Severity:
  Category:
  Description: Update Protection against Novell eDirectory iMonitor NDS Server Buffer Overflow
  Sources: Secunia Advisory: SA16393
  Vulnerable Systems: Novell eDirectory 8.x
     
CPAI-2005-268
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Application Server Reports Arbitrary System Command Execution
  Sources: Secunia Advisory: SA16092
  Vulnerable Systems: Oracle Application Server 10g
Oracle Application Server 8i and prior
Oracle Application Server 9i
Oracle Developer Suite 10g
Oracle Developer Suite 8i and prior
Oracle Developer Suite 9i
     
CPAI-2005-266
  Date:
  Severity:
  Category:
  Description: Update Protection against MIT Kerberos V5 KDC krb5_unparse_name Heap Overflow
  Sources: Secunia Advisory: SA16041
  Vulnerable Systems: MIT Kerberos Project Kerberos 1.4.1 and prior
     
CPAI-2005-265
  Date:
  Severity:
  Category:
  Description: Update Protection against MIT Kerberos V5 Malformed Authentication Double Free
  Sources: Secunia Advisory: SA16041
  Vulnerable Systems: MIT Kerberos Project Kerberos 1.4.1 and prior
     
CPAI-2005-256
  Date:
  Severity:
  Category:
  Description: Update Protection against Novell eDirectory MS-DOS Device Name Denial of Service
  Sources: Secunia Advisory: SA15676
  Vulnerable Systems: Novell eDirectory 8.7.3
     
CPAI-2005-253
  Date:
  Severity:
  Category:
  Description: Update Protection against IBM WebSphere Application Server Buffer Overflow
  Sources: Secunia Advisory: SA15598
  Vulnerable Systems: IBM WebSphere Application Server 5.0 to 5.0.2 without Cumulative Fix 11
     
CPAI-2005-251
  Date:
  Severity:
  Category:
  Description: Update Protection against RSA Authentication Agent for Web Buffer Overflow
  Sources: Secunia Advisory: SA15222
  Vulnerable Systems: RSA Security RSA Authentication Agent For Web for IIS 5.0
RSA Security RSA Authentication Agent For Web for IIS 5.2
RSA Security RSA Authentication Agent For Web for IIS 5.3
     
CPAI-2005-246
  Date:
  Severity:
  Category:
  Description: Update Protection against Novell ZENworks Remote Management Buffer Overflow
  Sources: Secunia Advisory: SA15433
  Vulnerable Systems: Novell ZENworks Desktop Management 3.2 SP2
Novell ZENworks Desktop Management 4.x
Novell ZENworks Desktop Management 6.5
Novell ZENworks For Servers 3.x
Novell ZENworks For Servers 6.5
     
CPAI-2005-245
  Date:
  Severity:
  Category:
  Description: Update Protection against MySQL MaxDB Webtool GET Command Buffer Overflow
  Sources: Secunia Advisory: SA15109
  Vulnerable Systems: MySQL AB MaxDB Webtool 7.5.00.26 and prior
     
CPAI-2005-238
  Date:
  Severity:
  Category:
  Description: Update Protection against MailEnable HTTP Authorization Header Buffer Overflow
  Sources: Secunia Advisory: SA15062
  Vulnerable Systems: MailEnable MailEnable Enterprise 1.04 and prior
MailEnable MailEnable Professional 1.54 and prior
     
CPAI-2005-235
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle HTTP Server mod_access Restriction Bypass
  Sources: Secunia Advisory: SA15143
  Vulnerable Systems: Oracle HTTP Server 1.0.2.2 - 10.1.2
     
CPAI-2005-228
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection
  Sources: Secunia Advisory: SA14935
  Vulnerable Systems: Oracle Database Server 10g 10.1.0.4 and prior
     
CPAI-2005-227
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Database Server DBMS_METADATA Package SQL Injection
  Sources: Secunia Advisory: SA14935
  Vulnerable Systems: Oracle Database Server 10g 10.1.0.4 and prior
Oracle Database Server 9i 9i v9.2.0.6 and prior
     
CPAI-2005-226
  Date:
  Severity:
  Category:
  Description: Update Protection against CA BrightStor ARCserve Backup Universal Agent Buffer Overflow
  Sources: Secunia Advisory: SA14910
  Vulnerable Systems: CA BrightStor ARCserve Backup (BAB) r11.1 Windows
CA BrightStor ARCserve Backup 11 for Windows
CA BrightStor ARCserve Backup 9.0 Windows
CA BrightStor ARCserve Backup r11.1 (64-bit) for Windows
CA BrightStor ARCserve Backup r11.1 Client Agent for Windows
CA BrightStor ARCserve Backup Release 11 (64-bit) for Windows
CA BrightStor ARCserve Backup v9.01 Client Agent for Windows
CA BrightStor ARCserve Backup v9.01 Client Agent for Windows Non-English
CA BrightStor ARCserve Backup v9.01 for Windows (64bit edition)
CA BrightStor ARCserve Backup v9.01 for Windows Non-English
CA BrightStor Enterprise Backup 10.0
CA BrightStor Enterprise Backup 10.5
CA BrightStor Enterprise Backup v10.5 for Windows (64bit edition)
     
CPAI-2005-223
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Exchange Server Buffer Overflow
  Sources: Secunia Advisory: SA14920
  Vulnerable Systems: Microsoft Exchange Server 2000 SP3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 SP1
     
CPAI-2005-212
  Date:
  Severity:
  Category:
  Description: Update Protection against McAfee Multiple Products LHA Type-2 File Handling Buffer Overflow
  Sources: Secunia Advisory: SA14628
  Vulnerable Systems: McAfee Active Mail Protection any
McAfee Active Threat Protection any
McAfee Active Virus Defense SMB Edition any
McAfee Active VirusScan SMB Edition any
McAfee GroupShield for Exchange
McAfee GroupShield for Exchange 5.5
McAfee GroupShield for Lotus Domino
McAfee GroupShield for Mail Servers with ePO
McAfee Internet Security Suite any
McAfee LinuxShield any
McAfee Managed VirusScan any
McAfee NetShield for Netware any
McAfee PortalShield for Microsoft SharePoint
McAfee Security Shield for Microsoft ISA Server
McAfee Virex any
McAfee VirusScan 1.0
McAfee VirusScan 2.0
McAfee VirusScan 3.0
McAfee VirusScan 4.0
McAfee VirusScan 4.0.3
McAfee VirusScan 4.5.1
McAfee VirusScan 5.0
McAfee VirusScan 6.0
McAfee VirusScan 7.0
McAfee VirusScan 8.0
McAfee VirusScan 9.0
McAfee VirusScan ASaP
McAfee VirusScan Command Line
McAfee VirusScan Enterprise 8.0 i
McAfee VirusScan for NetApp
McAfee VirusScan Professional
McAfee WebShield For SMTP
McAfee WebShield For WebSheild
     
CPAI-2005-211
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Security Products LHA File Handling Buffer Overflow
  Sources: Secunia Advisory: SA14628
  Vulnerable Systems: McAfee Active Mail Protection any
McAfee Active Threat Protection any
McAfee Active Virus Defense SMB Edition any
McAfee Active VirusScan SMB Edition any
McAfee GroupShield for Exchange
McAfee GroupShield for Exchange 5.5
McAfee GroupShield for Lotus Domino
McAfee GroupShield or Mail Servers with ePO
McAfee Internet Security Suite any
McAfee LinuxShield any
McAfee Managed VirusScan any
McAfee NetShield for Netware any
McAfee PortalShield for Microsoft SharePoint
McAfee Security Shield for Microsoft ISA Server
McAfee Virex any
McAfee VirusScan 1.0
McAfee VirusScan 2.0
McAfee VirusScan 3.0
McAfee VirusScan 4.0
McAfee VirusScan 4.0.3
McAfee VirusScan 4.5.1
McAfee VirusScan 5.0
McAfee VirusScan 6.0
McAfee VirusScan 7.0
McAfee VirusScan 8.0
McAfee VirusScan 9.0
McAfee VirusScan ASaP
McAfee VirusScan Command Line
McAfee VirusScan Enterprise 8.0 i
McAfee VirusScan for NetApp
McAfee VirusScan Professional
McAfee WebShield For SMTP
McAfee WebShield For WebSheild
     
CPAI-2005-205
  Date:
  Severity:
  Category:
  Description: Update Protection against CA License Software Invalid Command Buffer Overflow
  Sources: Secunia Advisory: SA14438
  Vulnerable Systems: CA BrightStor ARCserve Backup 2000
CA BrightStor ARCserve Backup Backup 10.x
CA BrightStor ARCserve Backup Backup 11.x
CA BrightStor ARCserve Backup Backup 9.x
CA Common Services 3.x
CA ControlIT 5.x
CA eTrust Common Services 1.x
CA eTrust InoculateIT 4.x for Windows
CA eTrust Security Command Center 1.x
CA eTrust AntiVirus 6.x
CA eTrust AntiVirus 7.x
CA eTrust EZ AntiVirus 6.x
CA eTrust EZ AntiVirus 7.x
CA eTrust EZ Armor 2.x
CA eTrust InoculateIT 6.x for Linux
CA eTrust InoculateIT 6.x for Windows
CA eTrust Intrusion Detection 3.x
CA Ingres Relational Database Enterprise 2.x
CA Unicenter 5.x
CA Unicenter 6.x
CA Unicenter Asset Management 4.x
CA Unicenter Management Portal 2.x
CA Unicenter Management Portal 3.x
CA Unicenter Network and Systems Management 3.x
CA Unicenter Remote Control 5.x
CA Unicenter Remote Control 6.x
CA Unicenter ServicePlus Service Desk 6.x
CA Unicenter TNG 2.x
     
CPAI-2005-203
  Date:
  Severity:
  Category:
  Description: Update Protection against CA License Software PUTOLF Buffer Overflow
  Sources: Secunia Advisory: SA14438
  Vulnerable Systems: CA BrightStor ARCserve Backup 2000
CA BrightStor ARCserve Backup Backup 10.x
CA BrightStor ARCserve Backup Backup 11.x
CA BrightStor ARCserve Backup Backup 9.x
CA Common Services 3.x
CA ControlIT 5.x
CA eTrust Common Services 1.x
CA eTrust InoculateIT 4.x for Windows
CA eTrust Security Command Center 1.x
CA eTrust AntiVirus 6.x
CA eTrust AntiVirus 7.x
CA eTrust EZ AntiVirus 6.x
CA eTrust EZ AntiVirus 7.x
CA eTrust EZ Armor 2.x
CA eTrust InoculateIT 6.x for Linux
CA eTrust InoculateIT 6.x for Windows
CA eTrust Intrusion Detection 3.x
CA Ingres Relational Database Enterprise 2.x
CA Unicenter 5.x
CA Unicenter 6.x
CA Unicenter Asset Management 4.x
CA Unicenter Management Portal 2.x
CA Unicenter Management Portal 3.x
CA Unicenter Network and Systems Management 3.x
CA Unicenter Remote Control 5.x
CA Unicenter Remote Control 6.x
CA Unicenter ServicePlus Service Desk 6.x
CA Unicenter TNG 2.x
     
CPAI-2005-202
  Date:
  Severity:
  Category:
  Description: Update Protection against CA License Software GCR Buffer Overflow
  Sources: Secunia Advisory: SA14438
  Vulnerable Systems: CA BrightStor ARCserve Backup 2000
CA BrightStor ARCserve Backup Backup 10.x
CA BrightStor ARCserve Backup Backup 11.x
CA BrightStor ARCserve Backup Backup 9.x
CA Common Services 3.x
CA ControlIT 5.x
CA eTrust Common Services 1.x
CA eTrust InoculateIT 4.x for Windows
CA eTrust Security Command Center 1.x
CA eTrust AntiVirus 6.x
CA eTrust AntiVirus 7.x
CA eTrust EZ AntiVirus 6.x
CA eTrust EZ AntiVirus 7.x
CA eTrust EZ Armor 2.x
CA eTrust InoculateIT 6.x for Linux
CA eTrust InoculateIT 6.x for Windows
CA eTrust Intrusion Detection 3.x
CA Ingres Relational Database Enterprise 2.x
CA Unicenter 5.x
CA Unicenter 6.x
CA Unicenter Asset Management 4.x
CA Unicenter Management Portal 2.x
CA Unicenter Management Portal 3.x
CA Unicenter Network and Systems Management 3.x
CA Unicenter Remote Control 5.x
CA Unicenter Remote Control 6.x
CA Unicenter ServicePlus Service Desk 6.x
CA Unicenter TNG 2.x
     
CPAI-2005-201
  Date:
  Severity:
  Category:
  Description: Update Protection against CA License Software GETCONFIG Buffer Overflow
  Sources: Secunia Advisory: SA14438
  Vulnerable Systems: CA BrightStor ARCserve Backup 2000
CA BrightStor ARCserve Backup Backup 10.x
CA BrightStor ARCserve Backup Backup 11.x
CA BrightStor ARCserve Backup Backup 9.x
CA Common Services 3.x
CA ControlIT 5.x
CA eTrust Common Services 1.x
CA eTrust InoculateIT 4.x for Windows
CA eTrust Security Command Center 1.x
CA eTrust AntiVirus 6.x
CA eTrust AntiVirus 7.x
CA eTrust EZ AntiVirus 6.x
CA eTrust EZ AntiVirus 7.x
CA eTrust EZ Armor 2.x
CA eTrust InoculateIT 6.x for Linux
CA eTrust InoculateIT 6.x for Windows
CA eTrust Intrusion Detection 3.x
CA Ingres Relational Database Enterprise 2.x
CA Unicenter 5.x
CA Unicenter 6.x
CA Unicenter Asset Management 4.x
CA Unicenter Management Portal 2.x
CA Unicenter Management Portal 3.x
CA Unicenter Network and Systems Management 3.x
CA Unicenter Remote Control 5.x
CA Unicenter Remote Control 6.x
CA Unicenter ServicePlus Service Desk 6.x
CA Unicenter TNG 2.x
     
CPAI-2005-197
  Date:
  Severity:
  Category:
  Description: Update Protection against Arkeia Network Backup Client Buffer Overflow
  Sources: Secunia Advisory: SA14327
  Vulnerable Systems: Arkeia Network Backup prior to 5.3.5
     
CPAI-2005-193
  Date:
  Severity:
  Category:
  Description: Update Protection against BrightStor ARCserve Backup Discovery Service Buffer Overflow
  Sources: Secunia Advisory: SA14293
  Vulnerable Systems: CA BrightStor ARCserve Backup 10.x
CA BrightStor ARCserve Backup 11.x
CA BrightStor ARCserve Backup 2000
CA BrightStor ARCserve Backup 9.x
CA BrightStor Enterprise Backup 10.x
     
CPAI-2005-186
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor AV Gateway Virus Detection Bypass
  Sources: Secunia Advisory: SA13792
  Vulnerable Systems: Check Point Software Technologies VPN-1 SecureClient/FireWall-1 NG R55 HFA08
     
CPAI-2005-185
  Date:
  Severity:
  Category:
  Description: Update Protection against Veritas Backup Exec Agent Browser Registration Request Buffer Overflow
  Sources: Secunia Advisory: SA13495
  Vulnerable Systems: Symantec VERITAS Backup Exec 8.6
Symantec VERITAS Backup Exec 9.1
     
CPAI-2005-355
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer File Download Dialog Box Manipulation (MS05-054)
  Sources: Secunia Advisory: SA15368
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2005-354
  Date:
  Severity:
  Category:
  Description: Update Protection against Macromedia Flash Media Server Administration Service Denial of Service
  Sources: Secunia Advisory: SA17978
  Vulnerable Systems: Adobe Systems Macromedia Flash Media Server 1.5
Adobe Systems Macromedia Flash Media Server 2.0
     
CPAI-2005-353
  Date:
  Severity:
  Category:
  Description: Update Protection against Apple QuickTime and iTunes Movie File Heap Memory Corruption
  Sources: Secunia Advisory: SA18149
  Vulnerable Systems: Apple Computer iTunes 6.0.1
Apple Computer QuickTime 7.0.3
     
CPAI-2005-351
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows WMF Handling Arbitrary Code Execution
  Sources: Secunia Advisory: SA18255
  Vulnerable Systems: Microsoft Windows 98
Microsoft Windows 2000
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows XP
     
CPAI-2005-350
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer WAV File Processing Buffer Overflow
  Sources: Secunia Advisory: SA14456
  Vulnerable Systems: Helix Community Helix Player 1.0.5 and below
RealNetworks RealPlayer 8
RealNetworks RealPlayer 10
RealNetworks RealPlayer 10.5, builds 6.0.12.1056 and below
RealNetworks RealPlayer Enterprise
RealNetworks RealPlayer v1
RealNetworks RealPlayer v2
     
CPAI-2005-348
  Date:
  Severity:
  Category:
  Description: Update Protection against Citrix Program Neighborhood Client Buffer Overflow
  Sources: Secunia Advisory: SA18068
  Vulnerable Systems: Citrix Systems ICA Client 9.1 and prior
     
CPAI-2005-347
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer Install Engine Buffer Overflow
  Sources: Secunia Advisory: SA12806
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2005-344
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer HTTPS Proxy
  Sources: Secunia Advisory: SA15368
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2005-343
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows Media Player Arbitrary File Download (MS03-017)
  Sources: Secunia Advisory: SA8742
  Vulnerable Systems: Microsoft Windows Media Player 7.1
Microsoft Windows Media Player 8.0
     
CPAI-2005-342
  Date:
  Severity:
  Category:
  Description: Update Protection against Ipswitch Collaboration Suite SMTP Format String
  Sources: Secunia Advisory: SA17863
  Vulnerable Systems: IpSwitch IMail Collaboration Suite 2.01 and prior
IpSwitch IMail Server 8.20 - 8.21
     
CPAI-2005-340
  Date:
  Severity:
  Category:
  Description: Update Protection against Panda Antivirus ZOO Archive Decompression Buffer Overflow
  Sources: Secunia Advisory: SA17765
  Vulnerable Systems: Panda Software Antivirus Command Line Secure
Panda Software Antivirus CVP Secure
Panda Software Antivirus Domino Secure
Panda Software Antivirus Enterprise Suite
Panda Software Antivirus Exchange Secure
Panda Software Antivirus File Secure
Panda Software Antivirus ISA Secure
Panda Software Antivirus Perimeter Scan
Panda Software Antivirus Platinum 7.x
Panda Software Antivirus Postfix Secure
Panda Software Antivirus Proxy Secure
Panda Software Antivirus Qmail Secure
Panda Software Antivirus Sendmail Secure
Panda Software Antivirus Small Business Edition
Panda Software Antivirus Titanium
     
CPAI-2005-339
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer CSS Import Cross-Domain Restriction Bypass (MS06-021)
  Sources: SecurityFocus Bugtraq ID: 15660
  Vulnerable Systems: Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0 SP2
     
CPAI-2005-338
  Date:
  Severity:
  Category:
  Description: Update Protection against MediaWiki Language Option PHP Code Execution
  Sources: Secunia Advisory: SA17866
  Vulnerable Systems: Wikimedia Foundation MediaWiki 1.5.x prior to 1.5.3
     
CPAI-2005-335
  Date:
  Severity:
  Category:
  Description: Update Protection against SpamAssassin Long Message Header Denial of Service
  Sources: Secunia Advisory: SA17386
  Vulnerable Systems: Apache Software Foundation SpamAssassin 3.0.4 and prior
     
CPAI-2005-333
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer JavaScript window() Memory Corruption (MS05-054)
  Sources: Secunia Advisory: SA15546
  Vulnerable Systems: Microsoft Internet Explorer 5.0
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
     
CPAI-2005-332
  Date:
  Severity:
  Category:
  Description: Update Protection against Novell NetMail IMAP Buffer Overflow
  Sources: Secunia Advisory: SA17641
  Vulnerable Systems: Novell NetMail 3.52D and earlier
     
CPAI-2005-329
  Date:
  Severity:
  Category:
  Description: Update Protection against VERITAS NetBackup vmd Shared Library Buffer Overflow
  Sources: Secunia Advisory: SA17503
  Vulnerable Systems: Symantec VERITAS NetBackup 5.0
Symantec VERITAS NetBackup 5.1
     
CPAI-2005-328
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer Zipped Skin File Buffer Overflow
  Sources: Secunia Advisory: SA17514
  Vulnerable Systems: RealNetworks RealPlayer 10.5 (builds 6.0.12.1040-1235)
RealNetworks RealPlayer 8
RealNetworks RealPlayer 10
RealNetworks RealPlayer v1
RealNetworks RealPlayer v2
     
CPAI-2005-327
  Date:
  Severity:
  Category:
  Description: Update Protection against Macromedia Flash ActionDefineFunction Memory Access
  Sources: Secunia Advisory: SA17430
  Vulnerable Systems: Adobe Systems Macromedia Flash Player 7.0.19.0 and earlier
     
CPAI-2005-326
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows Graphics Engine EMF and WMF Rendering
  Sources: Secunia Advisory: SA17498
  Vulnerable Systems: Microsoft Windows 2000 SP4
Microsoft Windows 2003 Server x64 Edition
Microsoft Windows 2003 SP1
Microsoft Windows XP SP1
Microsoft Windows XP SP2
     
CPAI-2005-325
  Date:
  Severity:
  Category:
  Description: Update Protection against Macromedia Flash Player Improper Memory Access
  Sources: Secunia Advisory: SA17430
  Vulnerable Systems: Adobe Systems Macromedia Flash Player 7.0.19 and earlier
     
CPAI-2005-324
  Date:
  Severity:
  Category:
  Description: Update Protection against Apple QuickTime MOV File String Handling Integer Overflow
  Sources: Secunia Advisory: SA17428
  Vulnerable Systems: Apple Computer QuickTime For Macintosh prior to 7.0.1
Apple Computer QuickTime For Windows prior to 7.0.1
     
CPAI-2005-323
  Date:
  Severity:
  Category:
  Description: Update Protection against Ipswitch Whatsup Small Business Application Suite Directory Traversal
  Sources: Secunia Advisory: SA15500
  Vulnerable Systems: IpSwitch WhatsUp Small Business Edition 2004
     
CPAI-2005-321
  Date:
  Severity:
  Category:
  Description: Update Protection against Novell ZENworks Patch Management Multiple SQL Injection Vulnerabilities
  Sources: Secunia Advisory: SA17358
  Vulnerable Systems: Novell ZENworks Patch Management 6.0.0.52 and earlier
     
CPAI-2005-318
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows LNK File Shell Buffer Overflow (MS05-049)
  Sources: Secunia Advisory: SA17168
  Vulnerable Systems: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
     
CPAI-2005-311
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft DirectShow AVI Decoder Buffer Overflow (MS05-050)
  Sources: Secunia Advisory: SA17160
  Vulnerable Systems: Microsoft DirectX 7.0
Microsoft DirectX 8.0
Microsoft DirectX 8.0a
Microsoft DirectX 8.1
Microsoft DirectX 8.1a
Microsoft DirectX 8.2
Microsoft DirectX 9.0
Microsoft DirectX 9.0a
Microsoft DirectX 9.0b
Microsoft DirectX 9.0c
     
CPAI-2005-309
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor AntiVirus Extended ASCII Filename Scan Bypass
  Sources: INSERT_VALUE
  Vulnerable Systems: SOFTWIN BitDefender 9.0 and prior
Comodo Group Trustix AntiVirus 2005 and prior
ALWIL Software Avast! AntiVirus 4.6 and prior
CA eTrust QuickHeal AntiVirus 2005 and prior
Abacre Software Abacre Antivirus any
Deerfield.com VisNetic AntiVirus any
Avira AntiVir PersonalEdition Classic
ClamAV Project ClamAV for Windows
Anity Labs Ghostbusters Professional Edition 5 and prior
     
CPAI-2005-305
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer Error Message Format String
  Sources: Secunia Advisory: SA16961
  Vulnerable Systems: Helix Community Helix Player 1.0.x up to and including 1.0.5
RealNetworks RealPlayer For UNIX 10.0.x up to and including 10.0.5
     
CPAI-2005-303
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox Chrome Page Loading Restriction Bypass
  Sources: Secunia Advisory: SA16911
  Vulnerable Systems: Mozilla Foundation Firefox prior to 1.0.7
Mozilla Foundation Mozilla Suite prior to 1.7.12
     
CPAI-2005-302
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox Unicode Sequence Handling Stack Corruption
  Sources: Secunia Advisory: SA16911
  Vulnerable Systems: Mozilla Foundation Firefox prior to 1.0.7
Mozilla Foundation Mozilla Suite prior to 1.7.12
     
CPAI-2005-301
  Date:
  Severity:
  Category:
  Description: Update Protection against Firefox XBM Image Processing Buffer Overflow
  Sources: Secunia Advisory: SA16911
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.7 and prior
Mozilla Foundation Mozilla Suite 1.7.12 and prior
     
CPAI-2005-300
  Date:
  Severity:
  Category:
  Description: Update Protection against Mail Content Firefox Command Line URL Shell Command Injection
  Sources: Secunia Advisory: SA16869
  Vulnerable Systems: Mozilla Foundation Firefox prior to 1.0.7
     
CPAI-2005-299
  Date:
  Severity:
  Category:
  Description: Update Protection against TWiki rev Parameter Shell Command Injection
  Sources: Secunia Advisory: SA16820
  Vulnerable Systems: Peter Thoeny TWiki TWikiRelease01Dec2000
Peter Thoeny TWiki TWikiRelease01Dec2001
Peter Thoeny TWiki TWikiRelease01Feb2003
Peter Thoeny TWiki TWikiRelease01Sep2004
Peter Thoeny TWiki TWikiRelease02Sep2004
     
CPAI-2005-298
  Date:
  Severity:
  Category:
  Description: Update Protection against Squid Authentication Headers Handling Denial of Service
  Sources: Secunia Advisory: SA16992
  Vulnerable Systems: Squid Project Squid Web Proxy Cache 2.5.STABLE7 and prior versions
     
CPAI-2005-297
  Date:
  Severity:
  Category:
  Description: Update Protection against VERITAS Storage Exec and StorageCentral DCOM Server Buffer Overflow
  Sources: Secunia Advisory: SA16871
  Vulnerable Systems: Symantec VERITAS Storage Exec 5.3
Symantec VERITAS StorageCentral 5.2
     
CPAI-2005-295
  Date:
  Severity:
  Category:
  Description: Update Protection against UPX Compressed PE Executable Files
  Sources: Secunia Advisory: SA16848
  Vulnerable Systems: ClamAV Project ClamAV prior to 0.87
     
CPAI-2005-294
  Date:
  Severity:
  Category:
  Description: Update Protection against Gaim AIM-ICQ Protocol Handling Buffer Overflow
  Sources: Secunia Advisory: SA16379
  Vulnerable Systems: Gaim Project Gaim prior to 1.5.0
     
CPAI-2005-292
  Date:
  Severity:
  Category:
  Description: Update Protection against Firefox Image File Dragging Malformed Extension
  Sources: Secunia Advisory: SA14160
  Vulnerable Systems: Mozilla Foundation Firefox prior to 1.0.1
Mozilla Foundation Mozilla Suite prior to 1.7.6
Mozilla Foundation Thunderbird prior to 1.0.2
     
CPAI-2005-291
  Date:
  Severity:
  Category:
  Description: Update Protection against Firefox Domain Name Handling Buffer Overflow
  Sources: Secunia Advisory: SA16764
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.6 and prior
Mozilla Foundation Firefox Firefox 1.5 Beta 1
Mozilla Foundation Mozilla Suite 1.7.11 and prior
     
CPAI-2005-289
  Date:
  Severity:
  Category:
  Description: Update Protection against Windows Media Player PNG Processing Vulnerability
  Sources: Secunia Advisory: SA14174
  Vulnerable Systems: Microsoft Windows Media Player 9.0
     
CPAI-2005-288
  Date:
  Severity:
  Category:
  Description: Update Protection against 3Com Network Supervisor Directory Traversal
  Sources: Secunia Advisory: SA16639
  Vulnerable Systems: 3Com Network Director 1.0
3Com Network Director 2.0
3Com Network Supervisor 5.1 and prior
     
CPAI-2005-287
  Date:
  Severity:
  Category:
  Description: Update Protection against HAURI Anti-Virus ACE Archive Handling Buffer Overflow
  Sources: Secunia Advisory: SA16488
  Vulnerable Systems: HAURI Live Call Suite any
HAURI ViRobot Advanced Server any
HAURI ViRobot Expert 4.0
HAURI ViRobot Linux Server 2.0
     
CPAI-2005-286
  Date:
  Severity:
  Category:
  Description: Update Protection against Sun Solaris DHCP Client Arbitrary Code Execution
  Sources: Secunia Advisory: SA16521
  Vulnerable Systems: Sun Microsystems Solaris 10.0
     
CPAI-2005-283
  Date:
  Severity:
  Category:
  Description: Update Protection against Apache Byte-Range Filter Denial of Service
  Sources: Secunia Advisory: SA16559
  Vulnerable Systems: Apache Software Foundation HTTP Server 2.0.10 - 2.0.54
Apache Software Foundation HTTP Server 2.1.1 - 2.1.5
     
CPAI-2005-282
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft IIS ASP Scripts Source Code Disclosure
  Sources: Secunia Advisory: SA16548
  Vulnerable Systems: Microsoft Internet Information Services 5.x
     
CPAI-2005-279
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Design Tools msdds.dll Memory Corruption (MS05-052)
  Sources: Secunia Advisory: SA16480
  Vulnerable Systems: Microsoft .NET Framework 1.1
Microsoft Office 2000 (Some installations)
Microsoft Office XP
Microsoft Project any
Microsoft Visio any
Microsoft Visual Studio .NET 2002
     
CPAI-2005-277
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer Multiple COM Objects Memory Corruption (MS05-037 MS05-038)
  Sources: Secunia Advisory: SA16373
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
     
CPAI-2005-276
  Date:
  Severity:
  Category:
  Description: Update Protection against avast! Antivirus ACE File Handling Buffer Overflow
  Sources: Secunia Advisory: SA15776
  Vulnerable Systems: ALWIL Software Avast! AntiVirus Home and Professional Editions prior to 4.6.691
ALWIL Software Avast! AntiVirus Managed Client Editions prior to 4.6.394
ALWIL Software Avast! AntiVirus Server Editions prior to 4.6.489
     
CPAI-2005-274
  Date:
  Severity:
  Category:
  Description: Update Protection against Sybase EAServer WebConsole Buffer Overflow
  Sources: Secunia Advisory: SA16108
  Vulnerable Systems: Sybase Enterprise Application Server 4.2.x
Sybase Enterprise Application Server 5.0
Sybase Enterprise Application Server 5.1
Sybase Enterprise Application Server 5.2
     
CPAI-2005-273
  Date:
  Severity:
  Category:
  Description: Update Protection against ClamAV CHM File Handling Integer Overflow
  Sources: Secunia Advisory: SA16180
  Vulnerable Systems: ClamAV Project ClamAV prior to 0.86.2
ClamAV Project ClamWin prior to 0.86.2
     
CPAI-2005-272
  Date:
  Severity:
  Category:
  Description: Update Protection against Sophos Anti-Virus ZIP File Handling Denial of Service
  Sources: Secunia Advisory: SA16082
  Vulnerable Systems: Sophos Anti-Virus 3.x prior to 3.95
Sophos Anti-Virus 4.x prior to 4.5.3
Sophos Anti-Virus 5.x prior to 5.0.4
     
CPAI-2005-271
  Date:
  Severity:
  Category:
  Description: Update Protection against Alt-N MDaemon IMAP Server CREATE Command Buffer Overflow
  Sources: Secunia Advisory: SA8693
  Vulnerable Systems: Alt-N Technologies MDaemon 6.x prior to 6.8.6
Alt-N Technologies MDaemon 7.x prior to 7.2.4
Alt-N Technologies MDaemon 8.x prior to 8.0.4
     
CPAI-2005-270
  Date:
  Severity:
  Category:
  Description: Update Protection against Winamp ID3v2 Tag Handling Buffer Overflow
  Sources: Secunia Advisory: SA16077
  Vulnerable Systems: Nullsoft Winamp 5.093 and prior
     
CPAI-2005-269
  Date:
  Severity:
  Category:
  Description: Update Protection against MailEnable IMAP STATUS Command Buffer Overflow
  Sources: Secunia Advisory: SA15986
  Vulnerable Systems: MailEnable MailEnable Enterprise 1.04 and prior
MailEnable MailEnable Professional 1.54 and prior
     
CPAI-2005-267
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Application Server Forms Arbitrary System Command Execution
  Sources: Secunia Advisory: SA16092
  Vulnerable Systems: Oracle Application Server 10g
Oracle Application Server 8i and prior
Oracle Application Server 9i
Oracle Developer Suite 10g
Oracle Developer Suite 8i and prior
Oracle Developer Suite 9i
     
CPAI-2005-264
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows Color Management JPEG Parsing Buffer Overflow (MS05-036)
  Sources: Secunia Advisory: SA16004
  Vulnerable Systems: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Data Center
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium
Microsoft Windows Server 2003 x64
Microsoft Windows XP 64-Bit (Itanium)
Microsoft Windows XP Home
Microsoft Windows XP Professional
Microsoft Windows XP Professional x64
     
CPAI-2005-263
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Word Font Parsing Buffer Overflow
  Sources: Secunia Advisory: SA15998
  Vulnerable Systems: Microsoft Office 2000
Microsoft Office XP
Microsoft Works Suite 2000
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Works Suite 2004
     
CPAI-2005-262
  Date:
  Severity:
  Category:
  Description: Update Protection against IBM Lotus Notes Cross Site Scripting
  Sources: Secunia Advisory: SA12891
  Vulnerable Systems: IBM Lotus Domino 6.5.4 and prior
IBM Lotus Notes 6.5.4 and prior
     
CPAI-2005-261
  Date:
  Severity:
  Category:
  Description: Update Protection against SpamAssassin Malformed Email Header Denial Of Service
  Sources: Secunia Advisory: SA15704
  Vulnerable Systems: Apache Software Foundation SpamAssassin 3.0.3 and prior
     
CPAI-2005-260
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer RealText Parsing Buffer Overflow
  Sources: Secunia Advisory: SA15806
  Vulnerable Systems: Helix Community Helix Player 1.0.4 and prior
RealNetworks RealPlayer 8
RealNetworks RealPlayer 10
RealNetworks RealPlayer 10.5
RealNetworks RealPlayer Enterprise
RealNetworks RealPlayer v1
RealNetworks RealPlayer v2
     
CPAI-2005-258
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft ISA Server HTTP Content Header (MS05-034)
  Sources: Secunia Advisory: SA15693
  Vulnerable Systems: Microsoft Internet Security and Acceleration Server 2000
     
CPAI-2005-257
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Outlook Web Access Cross-Site Scripting (MS05-029)
  Sources: Secunia Advisory: SA15697
  Vulnerable Systems: Microsoft Exchange Server 5.5
     
CPAI-2005-254
  Date:
  Severity:
  Category:
  Description: Update Protection against GNU Mailutils imap4d Format String
  Sources: Secunia Advisory: SA15442
  Vulnerable Systems: GNU MailUtils Mailutils 0.5
GNU MailUtils Mailutils 0.6
     
CPAI-2005-252
  Date:
  Severity:
  Category:
  Description: Update Protection against Hummingbird InetD LPD Component Buffer Overflow
  Sources: Secunia Advisory: SA15557
  Vulnerable Systems: Hummingbird InetD 9.0
Hummingbird InetD 10.0
     
CPAI-2005-250
  Date:
  Severity:
  Category:
  Description: Update Protection against BEA WebLogic Admin Console Cross Site Scripting
  Sources: Secunia Advisory: SA15486
  Vulnerable Systems: BEA Systems WebLogic Server and Express 7.0 SP6 and prior
BEA Systems WebLogic Server and Express 8.1 SP4 and prior
     
CPAI-2005-249
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Suite DOM Property Code Execution
  Sources: Secunia Advisory: SA15528
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.3 and prior
Mozilla Foundation Mozilla Suite 1.7.7 and prior
     
CPAI-2005-248
  Date:
  Severity:
  Category:
  Description: Update Protection against Ipswitch IMail IMAP LOGIN Special Character Buffer Overflow
  Sources: Secunia Advisory: SA15483
  Vulnerable Systems: IpSwitch IMail Server 8.1x prior to 8.15 Hotfix 2
IpSwitch IMail Server 8.2 prior to Hotfix 2
     
CPAI-2005-247
  Date:
  Severity:
  Category:
  Description: Update Protection against MailEnable SMTP Authentication Buffer Overflow
  Sources: Secunia Advisory: SA15487
  Vulnerable Systems: MailEnable MailEnable Enterprise 1.04 and prior
MailEnable MailEnable Professional 1.54 and prior
     
CPAI-2005-243
  Date:
  Severity:
  Category:
  Description: Update Protection against Squid Proxy DNS Response Spoofing
  Sources: Secunia Advisory: SA15294
  Vulnerable Systems: Squid Project Squid Web Proxy Cache 2.5.STABLE9 and prior versions
     
CPAI-2005-242
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox IFRAME Cross Site Scripting
  Sources: Secunia Advisory: SA15292
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.3 and prior
Mozilla Foundation Mozilla Suite 1.7.7 and prior
     
CPAI-2005-241
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows Web View Script Injection (MS05-024)
  Sources: Secunia Advisory: SA15017
  Vulnerable Systems: Microsoft Windows 2000 SP3
Microsoft Windows 2000 SP4
Microsoft Windows 98
Microsoft Windows 98 SE
Microsoft Windows ME
     
CPAI-2005-240
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox IconURL Arbitrary JavaScript Execution
  Sources: Secunia Advisory: SA15292
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.3 and prior
Mozilla Foundation Mozilla Suite 1.7.7 and prior
     
CPAI-2005-239
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Database DBMS_Scheduler Privilege Escalation
  Sources: SecurityFocus Bugtraq ID: 13509
  Vulnerable Systems: Oracle Application Server 10g 10.1.0.2
Oracle Application Server 10g 10.1.0.3
Oracle Application Server 10g 10.1.0.3.1
Oracle Database Server 10g 10.1.0.2
Oracle Database Server 10g 10.1.0.3
Oracle Database Server 10g 10.1.0.3.1
Oracle Database Server Enterprise Edition 10g Enterprise Edition 10.1.0.2
Oracle Database Server Enterprise Edition 10g Enterprise Edition 10.1.0.3
Oracle Database Server Enterprise Edition 10g Enterprise Edition 10.1.0.3.1
Oracle Database Server Personal Edition 10g Personal Edition 10.1.0.2
Oracle Database Server Personal Edition 10g Personal Edition 10.1.0.3
Oracle Database Server Personal Edition 10g Personal Edition 10.1.0.3.1
     
CPAI-2005-237
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft ASP.NET ViewState Denial of Service
  Sources: Secunia Advisory: SA15241
  Vulnerable Systems: Microsoft Active Server Pages .NET 1.x
     
CPAI-2005-236
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer Content Advisor Memory Corruption (MS05-020)
  Sources: Secunia Advisory: SA14922
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
     
CPAI-2005-233
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Application Server 9i Webcache File Corruption
  Sources: Secunia Advisory: SA15143
  Vulnerable Systems: Oracle Application Server Web Cache 9iAS 2.0.0.0
Oracle Application Server Web Cache 9iAS 2.0.0.1
Oracle Application Server Web Cache 9iAS 2.0.0.2
Oracle Application Server Web Cache 9iAS 2.0.0.2 NT
Oracle Application Server Web Cache 9iAS 2.0.0.3
Oracle Application Server Web Cache 9iAS 2.0.0.4
Oracle Application Server Web Cache 9iAS 9.0.2.2
Oracle Application Server Web Cache 9iAS 9.0.2.3
Oracle Application Server Web Cache 9iAS 9.0.3.1
     
CPAI-2005-232
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer RAM File Processing Buffer Overflow
  Sources: Secunia Advisory: SA15023
  Vulnerable Systems: Helix Community Helix Player 1.0.x prior to 1.0.4
RealNetworks RealPlayer 10.5 builds 6.0.12.1040-1059
RealNetworks RealPlayer 8
RealNetworks RealPlayer 10
RealNetworks RealPlayer Enterprise
RealNetworks RealPlayer for Linux 10 prior to 10.0.4
RealNetworks RealPlayer for Mac
RealNetworks RealPlayer for Mac OS 10 builds 10.0.0.305 - 331
RealNetworks RealPlayer v1
RealNetworks RealPlayer v2
     
CPAI-2005-231
  Date:
  Severity:
  Category:
  Description: Update Protection against Citrix Program Neighborhood Agent Arbitrary Shortcut Creation
  Sources: Secunia Advisory: SA15108
  Vulnerable Systems: Citrix Systems ICA Client 8.x and prior
Citrix Systems MetaFrame Presentation Server Client For Windows CE prior to 8.33
     
CPAI-2005-230
  Date:
  Severity:
  Category:
  Description: Update Protection against Citrix Program Neighborhood Agent Buffer Overflow
  Sources: Secunia Advisory: SA15108
  Vulnerable Systems: Citrix Systems ICA Client 8.x and prior
Citrix Systems MetaFrame Presentation Server Client For Windows CE prior to 8.33
     
CPAI-2005-229
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Database InterMedia Denial of Service
  Sources: Secunia Advisory: SA14935
  Vulnerable Systems: Oracle Database Server 10g 10.1.0.4 and prior
Oracle Database Server 9i 9.2.0.5 and prior
     
CPAI-2005-225
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer DHTML Object Memory Corruption (MS05-020)
  Sources: Secunia Advisory: SA14922
  Vulnerable Systems: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
     
CPAI-2005-224
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Windows Shell MSHTA Script Execution in OLE Files (MS05-016)
  Sources: Secunia Advisory: SA14909
  Vulnerable Systems: Microsoft Windows 2000
Microsoft Windows Windows Server 2003
Microsoft Windows Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
     
CPAI-2005-222
  Date:
  Severity:
  Category:
  Description: Update Protection against BakBone NetVault Messages Buffer Overflow
  Sources: Secunia Advisory: SA14814
  Vulnerable Systems: BakBone Software NetVault 6.x
BakBone Software NetVault 7.x
     
CPAI-2005-221
  Date:
  Severity:
  Category:
  Description: Update Protection against IBM Lotus Domino Web Service Denial of Service
  Sources: Secunia Advisory: SA14858
  Vulnerable Systems: IBM Corporation Lotus Domino 6.5.1
IBM Corporation Lotus Domino 6.0.3
     
CPAI-2005-220
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox JavaScript Engine Information Disclosure
  Sources: Secunia Advisory: SA14820
  Vulnerable Systems: America Online Netscape Communicator 7.2
K-Meleon K-Meleon 0.9
Mozilla Foundation Firefox 1.0.2 and prior
Mozilla Foundation Mozilla Suite 1.7.6 and prior
     
CPAI-2005-219
  Date:
  Severity:
  Category:
  Description: Update Protection against Adobe Acrobat Local File Disclosure
  Sources: Secunia Advisory: SA14813
  Vulnerable Systems: Adobe Systems Acrobat 7.0 and prior
Adobe Systems Acrobat Reader 7.0 and prior
     
CPAI-2005-218
  Date:
  Severity:
  Category:
  Description: Update Protection against Microsoft Jet DB Engine Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 12960
  Vulnerable Systems: Microsoft Jet Database Engine 4.0 (version 4.00.8618.0 and prior)
     
CPAI-2005-217
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor Telnet Client env_opt_add Buffer Overflow
  Sources: Secunia Advisory: SA14745
  Vulnerable Systems: Apple Computer Telnet Client/Server any
Debian Project Telnet Client/Server any
FreeBSD Project Telnet Client/Server any
MIT Kerberos Project Telnet Client/Server any
Red Hat Telnet Client/Server any
Sun Microsystems Telnet Client/Server any
     
CPAI-2005-216
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple Vendor Telnet Client LINEMODE Buffer Overflow
  Sources: Secunia Advisory: SA14745
  Vulnerable Systems: Apple Computer Telnet Client/Server any
Debian Project Telnet Client/Server any
FreeBSD Project Telnet Client/Server any
MIT Kerberos Project Telnet Client/Server any
Red Hat Telnet Client/Server any
Sun Microsystems Telnet Client/Server any
     
CPAI-2005-215
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox Sidebar Panel
  Sources: Secunia Advisory: SA14654
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.1 and prior
     
CPAI-2005-214
  Date:
  Severity:
  Category:
  Description: Update Protection against Apple QuickTime PictureViewer Buffer Overflow
  Sources: Secunia Advisory: SA14745
  Vulnerable Systems: Apple Computer QuickTime 6.5.2 and prior
     
CPAI-2005-213
  Date:
  Severity:
  Category:
  Description: Update Protection against Sun Java Web Start JNLP File Argument Injection
  Sources: Secunia Advisory: SA13271
  Vulnerable Systems: Sun Microsystems Java Development Kit 1.4.2 to 1.4.2_07
Sun Microsystems Java Runtime Environment 1.4.2 to 1.4.2_07
     
CPAI-2005-210
  Date:
  Severity:
  Category:
  Description: Update Protection against Symantec Gateway Products DNS Cache Poisoning
  Sources: Secunia Advisory: SA14595
  Vulnerable Systems: Symantec Gateway Security 5300 Series v1.0
Symantec Gateway Security 5400 Series v2.x
Symantec Norton Enterprise Firewall v7.0.x
Symantec Norton Enterprise Firewall v8.0
Symantec VelociRaptor 1100, 1200, and 1300 v1.5
     
CPAI-2005-209
  Date:
  Severity:
  Category:
  Description: Update Protection against MySQL CREATE FUNCTION Table Arbitrary Library Injection
  Sources: Secunia Advisory: SA14547
  Vulnerable Systems: MySQL AB MySQL 4.0.23 and prior
MySQL AB MySQL 4.1.x up to 4.1.10
     
CPAI-2005-208
  Date:
  Severity:
  Category:
  Description: Update Protection against MySQL CREATE FUNCTION libc Arbitrary Code Execution
  Sources: Secunia Advisory: SA14547
  Vulnerable Systems: MySQL AB MySQL 4.0.23 and prior
MySQL AB MySQL 4.1.x up to 4.1.10
     
CPAI-2005-207
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox XPCOM Plugin Access Control
  Sources: Secunia Advisory: SA14160
  Vulnerable Systems: Mozilla Foundation Firefox 0.8 - 1.0
Mozilla Foundation Mozilla Suite 1.0 - 1.7.5
     
CPAI-2005-206
  Date:
  Severity:
  Category:
  Description: Update Protection against Multiple AV Vendor Invalid Archive Checksum Bypass
  Sources: SecurityFocus Bugtraq ID: 12771
  Vulnerable Systems: SOFTWIN BitDefender 7.0
SOFTWIN BitDefender 8.0
     
CPAI-2005-204
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Database Server SQL Query Directory Traversal
  Sources: Secunia Advisory: SA13862
  Vulnerable Systems: Oracle Database Server 8i 8.1.7.4 and prior
Oracle Database Server 9i 9.2.0.6 and prior
     
CPAI-2005-200
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer SMIL File Handling Buffer Overflow
  Sources: Secunia Advisory: SA14456
  Vulnerable Systems: Helix Community Helix Player 1.0.x Prior to 1.0.3.749
RealNetworks RealPlayer 10.5 builds 6.0.12.1040-1056
RealNetworks RealPlayer 8
RealNetworks RealPlayer 10
RealNetworks RealPlayer Enterprise
RealNetworks RealPlayer for Linux 10 Prior to 10.0.3.748
RealNetworks RealPlayer for Mac OS
RealNetworks RealPlayer for Mac OS 10 builds 10.0.0.305 - 325
RealNetworks RealPlayer v1
RealNetworks RealPlayer v2 builds 6.0.11.818-840 and 853-872
     
CPAI-2005-199
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer CDF Cross Domain Scripting (MS05-014)
  Sources: Secunia Advisory: SA11165
  Vulnerable Systems: Microsoft Internet Explorer 5.01 SP3-SP4
Microsoft Internet Explorer 5.5 SP2 on Windows ME
Microsoft Internet Explorer 6 for Windows Server 2003
Microsoft Internet Explorer 6 for Windows XP SP2
Microsoft Internet Explorer 6 SP1 and earlier
     
CPAI-2005-198
  Date:
  Severity:
  Category:
  Description: Update Protection against Trend Micro Products AntiVirus Library Buffer Overflow
  Sources: Secunia Advisory: SA14396
  Vulnerable Systems: Trend Micro InterScan eManager for Windows 3.x
Trend Micro InterScan Messaging Security Suite 5.x
Trend Micro InterScan VirusWall 3.x
Trend Micro InterScan Web Security Suite 1.x
Trend Micro InterScan Web Security Suite 2.x
Trend Micro InterScan WebManager 2.x
Trend Micro InterScan WebProtect for ISA 3.x
Trend Micro Office Scan Corporate Edition 3.x
Trend Micro Office Scan Corporate Edition 5.x
Trend Micro Office Scan Corporate Edition 6.x
Trend Micro PC-cillin Internet Security 2000
Trend Micro PC-cillin Internet Security 2002
Trend Micro PC-cillin Internet Security 2003
Trend Micro PC-cillin Internet Security 2005
Trend Micro PortalProtect for SharePoint 1.x
Trend Micro ScanMail eManager 3.x
Trend Micro ScanMail eManager 5.x
Trend Micro ScanMail eManager for Lotus Notes 2.x
Trend Micro ScanMail eManager for Lotus Notes 3.x
Trend Micro ScanMail eManager for Microsoft Exchange 3.x
Trend Micro ScanMail eManager for Microsoft Exchange 6.x
Trend Micro Server Protect for Linux 1.x
Trend Micro Server Protect for Windows/NetWare 5.x
     
CPAI-2005-196
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer Popup Title Bar Spoofing
  Sources: Secunia Advisory: SA14335
  Vulnerable Systems: Microsoft Internet Explorer 6 SP2
     
CPAI-2005-194
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Products IDN Spoofing
  Sources: Secunia Advisory: SA14163
  Vulnerable Systems: Mozilla Foundation Firefox 1.0 and prior
Mozilla Foundation Mozilla Suite 1.7.5 and prior
Mozilla Foundation Thunderbird 1.0 and prior
     
CPAI-2005-191
  Date:
  Severity:
  Category:
  Description: Update Protection against Squid Oversized Reply Header Handling
  Sources: Secunia Advisory: SA14091
  Vulnerable Systems: Squid Project Squid Web Proxy Cache 2.5-STABLE7
     
CPAI-2005-189
  Date:
  Severity:
  Category:
  Description: Update Protection against Apple iTunes Playlists Name Handling Buffer Overflow
  Sources: Secunia Advisory: SA13804
  Vulnerable Systems: Apple Computer iTunes 4.7.0 and prior
     
CPAI-2005-188
  Date:
  Severity:
  Category:
  Description: Update Protection against Oracle Create Database Link Buffer Overflow
  Sources: Secunia Advisory: SA13862
  Vulnerable Systems: Oracle Database Server 8 (8.0.63 and earlier)
Oracle Database Server 8i (8.1.7.4 and earlier)
Oracle Database Server 9i (9.0.1.4 and earlier)
     
CPAI-2005-187
  Date:
  Severity:
  Category:
  Description: Update Protection against Squid Gopher Protocol Handling Buffer Overflow
  Sources: Secunia Advisory: SA13825
  Vulnerable Systems: Squid Project Squid Web Proxy Cache 2.5-STABLE7 and earlier
     
CPAI-2005-184
  Date:
  Severity:
  Category:
  Description: Update Protection against SHOUTcast Filename Format String
  Sources: Secunia Advisory: SA13661
  Vulnerable Systems: Nullsoft SHOUTcast 1.9.4 and prior
     
CPAI-2005-183
  Date:
  Severity:
  Category:
  Description: Update Protection against Symantec Norton AntiVirus Stack Exhaustion
  Sources: SecurityFocus Bugtraq ID: 12175
  Vulnerable Systems: Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2005
     
CPAI-2005-182
  Date:
  Severity:
  Category:
  Description: Update Protection against Exim SPA Authentication Buffer Overflow
  Sources: Secunia Advisory: SA13713
  Vulnerable Systems: Exim Project Exim 4.43 and prior
     
CPAI-2005-181
  Date:
  Severity:
  Category:
  Description: Update Protection against Internet Explorer FTP Client Directory Traversal
  Sources: Secunia Advisory: SA13704
  Vulnerable Systems: Microsoft Internet Explorer 5.1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
     
CPAI-2005-180
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla NNTP URL Handling Buffer Overflow
  Sources: Secunia Advisory: SA13687
  Vulnerable Systems: Mozilla Foundation Mozilla Suite 1.7.3 and earlier
Mozilla Foundation Thunderbird 0.8 and earlier
America Online Netscape Communicator 6.0 - 7.2
     
CPAI-2005-163
  Date:
  Severity:
  Category: Remote Code Execution
  Description: Preemptive Protection against a 0-day Microsoft WMF Handling Vulnerability (MS06-001)
  Sources: Microsoft Security Advisory (912840)
Microsoft Security Bulletin MS06-001
  Vulnerable Systems: Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
     
CPAI-2005-158
  Date:
  Severity:
  Category: Remote Code Execution
  Description: Microsoft Internet Explorer COM Object Vulnerability (MS05-054)
  Sources:

Microsoft Security Bulletin (MS05-054)

  Vulnerable Systems: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition family
     
CPAI-2005-155
  Date:
  Severity:
  Category: Remote Code Execution
  Description: Protection against Microsoft Internet Explorer Mismatched DOM Objects Vulnerability (MS05-054)
  Sources:

Microsoft Security Bulletin (MS05-054)

  Vulnerable Systems: Microsoft Internet Explorer 5
Microsoft Internet Explorer 6.x
     
CPAI-2005-337
  Date:
  Severity:
  Category:
  Description: Update Protection against Symantec pcAnywhere Message Buffer Overflow
  Sources: Secunia Advisory: SA17797
  Vulnerable Systems: Symantec Norton pcAnywhere 11.5.1 and earlier
     
CPAI-2005-336
  Date:
  Severity:
  Category:
  Description: Update Protection against Qualcomm WorldMail IMAP Server Directory Traversal
  Sources: Secunia Advisory: SA17640
  Vulnerable Systems: Qualcomm Eudora WorldMail Server 3.x
     
CPAI-2005-331
  Date:
  Severity:
  Category:
  Description: Update Protection against MailEnable IMAP Service Mailbox Name Buffer Overflow
  Sources: Secunia Advisory: SA17633
  Vulnerable Systems: MailEnable MailEnable Enterprise 1.1 and earlier
MailEnable MailEnable Professional 1.6 and earlier
     
CPAI-2005-319
  Date:
  Severity:
  Category:
  Description: Update Protection against Skype URI Handling Buffer Overflow
  Sources: Secunia Advisory: SA17305
  Vulnerable Systems: Skype Technologies Skype for Windows 1.1.*.0 - 1.4.*.83
     
CPAI-2005-307
  Date:
  Severity:
  Category:
  Description: Update Protection against 7-Zip ARJ Archive Handling Buffer Overflow
  Sources: Secunia Advisory: SA16664
  Vulnerable Systems: Igor Pavlov 7-Zip prior to 4.27
     
CPAI-2005-304
  Date:
  Severity:
  Category:
  Description: Update Protection against BitDefender Antivirus Logging Function Format String
  Sources: Secunia Advisory: SA16991
  Vulnerable Systems: SOFTWIN BitDefender 7.2
SOFTWIN BitDefender 8.0
SOFTWIN BitDefender 9.0
     
CPAI-2005-296
  Date:
  Severity:
  Category:
  Description: Update Protection against Apple QuickTime PictureViewer GIF Rendering Denial of Service
  Sources: INSERT_VALUE
  Vulnerable Systems: Apple Computer QuickTime Picture Viewer Component 6.5.2 and prior
     
CPAI-2005-293
  Date:
  Severity:
  Category:
  Description: Update Protection against GNU Mailutils imap4d SEARCH Format String
  Sources: Secunia Advisory: SA16783
  Vulnerable Systems: GNU MailUtils Mailutils 0.6 and prior
     
CPAI-2005-280
  Date:
  Severity:
  Category:
  Description: Update Protection against MySQL CREATE FUNCTION init_syms Buffer Overflow
  Sources: SecurityFocus Bugtraq ID: 14509
  Vulnerable Systems: MySQL AB MySQL 4.0.x up to 4.0.25
MySQL AB MySQL 4.1.x up to 4.1.13
MySQL AB MySQL 5.0.x up to 5.0.7-beta
     
CPAI-2005-275
  Date:
  Severity:
  Category:
  Description: Update Protection against MDaemon Content Filter Directory Traversal
  Sources: Secunia Advisory: SA16173
  Vulnerable Systems: Alt-N Technologies MDaemon 8.x prior to 8.1.0
     
CPAI-2005-259
  Date:
  Severity:
  Category:
  Description: Update Protection against Ipswitch WhatsUp Web Interface SQL Injection
  Sources: Secunia Advisory: SA15503
  Vulnerable Systems: IpSwitch WhatsUp Professional 2005
IpSwitch WhatsUp Professional 2005 Service Pack 1
     
CPAI-2005-255
  Date:
  Severity:
  Category:
  Description: Update Protection against Ipswitch IMail Web Calendaring Arbitrary File Read
  Sources: Secunia Advisory: SA15483
  Vulnerable Systems: IpSwitch IMail Server 8.15 and prior
IpSwitch IMail Server 8.2 and prior
     
CPAI-2005-244
  Date:
  Severity:
  Category:
  Description: Update Protection against Mozilla Firefox Wrapped JavaScript Code Execution
  Sources: SecurityFocus Bugtraq ID: 13641
  Vulnerable Systems: Mozilla Foundation Firefox 1.0.3 and prior
Mozilla Foundation Mozilla Suite 1.7.7 and prior
     
CPAI-2005-234
  Date:
  Severity:
  Category:
  Description: Update Protection against CVS Annotate Command Revision String Buffer Overflow
  Sources: Secunia Advisory: SA14976
  Vulnerable Systems: CVS Project Concurrent Versions System 1.11.19 and prior
CVS Project Concurrent Versions System 1.12.11 and prior
     
CPAI-2005-195
  Date:
  Severity:
  Category:
  Description: Update Protection against Yahoo! Messenger File Transfer Filename Spoofing
  Sources: Secunia Advisory: SA13712
  Vulnerable Systems: Yahoo! Yahoo! Messenger 6.0.0.1921 and earlier
     
CPAI-2005-192
  Date:
  Severity:
  Category:
  Description: Update Protection against RealNetworks RealPlayer RealMedia Security Bypass
  Sources: Secunia Advisory: SA14087
  Vulnerable Systems: RealNetworks RealPlayer For Windows 10.x
     
CPAI-2005-190
  Date:
  Severity:
  Category:
  Description: Update Protection against Squid WCCP Message Parsing Denial Of Service
  Sources: Secunia Advisory: SA13825
  Vulnerable Systems: Squid Project Squid Web Proxy Cache 2.5-STABLE7 and earlier
     
CPAI-2005-162
  Date:
  Severity:
  Category: Endpoint Security
  Description: Integrity Clientless Security (ICS) version 3.7.49.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2005-161
  Date:
  Severity:
  Category: Remote Code Execution
  Description: Protection against Macromedia JRun 4 Web Server Buffer Overflow Vulnerability
  Sources:  iDEFENSE ADVISORY: 12.21.05
  Vulnerable Systems: Macromedia JRun 4.0 prior to Updater 5

     
CPAI-2005-160
  Date:
  Severity:
  Category: Denial of Service
  Description: Protection against Malformed Microsoft IIS URI Denial of Service Vulnerability
  Sources: Inge Henriksen
  Vulnerable Systems: Microsoft Internet Information Server (IIS) version 5.1

     
CPAI-2005-159
  Date:
  Severity:
  Category: Command Injection
  Description: Protection against Cisco IOS HTTP Server Code Injection Vulnerability
  Sources:  Cisco Security Advisory ID: 68322  
  Vulnerable Systems: All Cisco products that run Cisco Software versions 11.0 through 12.4 with the HTTP server enabled
     
CPAI-2005-157
  Date:
  Severity:
  Category: Endpoint Security
  Description: Integrity Clientless Security (ICS) version 3.7.48.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2005-156
  Date:
  Severity:
  Category: Remote Code Execution
  Description: Protection against Sony Digital Rights Management (DRM) Security Flaw
  Sources:

Sysinternals

  Vulnerable Systems: First4Internet XCP Content Management
     
CPAI-2005-154
  Date:
  Severity:
  Category: Endpoint Security
  Description: Integrity Clientless Security (ICS) version 3.7.47.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2005-153
  Date:
  Severity:
  Category: Endpoint Security
  Description: Integrity Clientless Security (ICS) version 3.7.46.0
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft Windows clients
     
CPAI-2005-152
  Date:
  Severity:
  Category: Cross-Site Scripting
  Description: Preemptive Protection against Citrix Cross Site Scripting Vulnerability
  Sources: FrSIRT/ADV-2005-2676
  Vulnerable Systems: MetaFrame Secure Access Manager 2.0
MetaFrame Secure Access Manager 2.1
MetaFrame Secure Access Manager 2.2
NFuse Elite 1.0
     
Security Best Practices (Sorted by Severity, then Date)
CPSA-2005-18
  Date:
  Severity:
  Category: MS-SQL Protections
  Description: New SmartDefense Protections for InterSpect NGX: MS-SQL Server Protections
  Sources: SmartDefense Research Center
  Vulnerable Systems: Microsoft SQL servers
     
cpsa-2005-17
  Date:
  Severity:
  Category: Security Best Practices
  Description: Security Best Practice: Blocking SSL Tunneling on Non Standard SSL Ports
  Sources: SmartDefense Research Center
  Vulnerable Systems: Any application using SSL (e.g Peer-to-Peer applications)
     
CPSA-2005-16
  Date:
  Severity:
  Category: Information Disclosure
  Description: Security Best Practice: Protecting against Well-known SNMP Community Strings
  Sources:  SmartDefense Research Center
  Vulnerable Systems: Network devices that support SNMP
     
Defense Updates
CPAI-2005-162
  Date:
  Update Number: 690051227 (Connectra 2.0)
691051227 (Connectra NGX)
  Description: Integrity Clientless Security (ICS) version 3.7.49.0
     
CPAI-2005-161
  Date:
  Update Number: 547051228 (InterSpect)
541051228 (VPN-1 NGAI R54/R55)
550051228 (VPN-1 NGAI R55W)
  Description: Macromedia JRun 4 Web Server Protection
     
CPAI-2005-160
  Date:
  Update Number: 547051228 (InterSpect)
541051228 (VPN-1 NGAI R54/R55)
550051228 (VPN-1 NGAI R55W)
591051228 (VPN-1 NGX)
  Description: Microsoft IIS URI DoS Protection
     
CPAI-2005-159
  Date:
  Update Number: 547051228 (InterSpect)
541051228 (VPN-1 NGAI R54/R55)
550051228 (VPN-1 NGAI R55W)
591051228 (VPN-1 NGX)
  Description: Cisco IOS HTTP Server Protection
     
CPAI-2005-158
  Date:
  Update Number: 547051228 (InterSpect)
541051228 (VPN-1 NGAI R55)
550051228 (VPN-1 NGAI R55W)
591051228 (VPN-1 NGX)
  Description: Microsoft Internet Explorer COM object (MS05-054)
     
CPAI-2005-157
  Date:
  Update Number: 690051214 (Connectra 2.0)
691051214 (Connectra NGX)
  Description: Integrity Clientless Security (ICS) version 3.7.48.0
     
CPSA-2005-17
  Date:
  Update Number: 547051214 (InterSpect)
591051214 (VPN-1 NGX R60)
550051214 (VPN-1 NGAI R55W)
  Description: SSL Tunneling on Non Standard Ports Protection
     
CPAI-2005-156
  Date:
  Update Number: 547051214 (InterSpect)
591051214 (VPN-1 NGX R60)
550051214 (VPN-1 NGAI R55W)
541051214 (VPN-1 NG R54/R55)
  Description: Sony DRM Protection
     
CPAI-2005-155
  Date:
  Update Number: 547051214 (InterSpect)
591051214 (VPN-1 NGX R60)
550051214 (VPN-1 NGAI R55W)
541051214 (VPN-1 NG R54/R55)
  Description: Microsoft Internet Explorer DOM Objects Protection (MS05-054)
     
CPAI-2005-154
  Date:
  Update Number: 690051207 (Connectra 2.0)
691051207 (Connectra NGX)
  Description: Integrity Clientless Security (ICS) version 3.7.47.0
     
SDS Footer

You received this email because our records indicate that you wish to be contacted about SmartDefense Updates, Advisories, product news, and security information. If you do not want to receive further mailings, unsubscribe by sending a message with "SIGNOFF SMARTDEFENSE-NEWS" command to LISTSERV@AMADEUS.US.CHECKPOINT.COM in the first line (not the subject).

Copyright 2003-2008 Check Point Software Technologies LTD (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065