Tagged: vulnerability

VU#184540: Incorrect implementation of NAT-PMP in multiple devices 0

VU#184540: Incorrect implementation of NAT-PMP in multiple devices

Vulnerability Note VU#184540 Incorrect implementation of NAT-PMP in multiple devices Original Release date: 23 Oct 2014 | Last revised: 23 Oct 2014 Overview Many NAT-PMP devices are incorrectly configured, allowing them to field requests received on external network interfaces or map forwarding routes to addresses other than that of the requesting host, making them potentially vulnerable to information disclosure and malicious port mapping requests. Description CWE-200 : Information Exposure NAT-PMP is a port-mapping protocol in which a network address translation (NAT) device, typically a router, is petitioned by a trusted local network host to forward traffic between the external network and the petitioning host. As specified in RFC 6886 , “The NAT gateway MUST NOT accept mapping requests destined to the NAT gateway’s external IP address or received on its external network interface.” Additionally, mapping requests “must” be mapped to the source address of the internal requesting host.

Apple Releases Security Updates for QuickTime 0

Apple Releases Security Updates for QuickTime

Original release date: October 23, 2014 Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service. Users and administrators are encouraged to review Apple Support Article HT6493 and apply any necessary updates

Microsoft Releases Advisory for Unpatched Windows Vulnerability 0

Microsoft Releases Advisory for Unpatched Windows Vulnerability

Original release date: October 22, 2014 Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, ( CVE-2014-6352 ) which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a specially crafted Microsoft Office file