Vulnerability Summary for the Week of March 13 2017 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The CVSS (Common Vulnerability Scoring 'ystem) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adobe ** flash+#layer ,dobe -lash Player versions ./.0.0.2.1 and 2017-03-14 10.0 CVE-2017-2997 BID (link is earlier have an e2#loitable buffer overflow 3 external) underflow vulnerability in the Primetime T!'&4 CONFIRM (link that su##orts customizing ad information. is external) 'uccessful e2#loitation could lead to arbitrary code e2ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0.2.1 and 2017-03-14 10.0 CVE-2017-2998 BID (link is earlier have an e2#loitable memory corru#tion external) vulnerability in the Primetime T!'&4 ,P% CONFIRM (link functionality related to timeline interactions. is external) 'uccessful e2#loitation could lead to arbitrary code e2ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0.2.1 and 2017-03-14 10.0 CVE-2017-2999 BID (link is earlier have an e2#loitable memory corru#tion external) vulnerability in the Primetime T!'&4 CONFIRM (link functionality related to hosting #laybac$ surface. is external) 'uccessful e2#loitation could lead to arbitrary code e2ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0.2.1 and 2017-03-14 10.0 CVE-2017-3001 BID (link is earlier have an e2#loitable use after free external) CONFIRM (link vulnerability related to garbage collection in the is external) ,ction'cri#t . !M. 'uccessful e2#loitation could lead to arbitrary code e2ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0.2.1 and 2017-03-14 10.0 CVE-2017-3002 BID (link is earlier have an e2#loitable use after free external) vulnerability in the ,ction'cri#t. Te2t-ield CONFIRM (link ob5ect related to the variable #roperty. is external) 'uccessful e2#loitation could lead to arbitrary code e2ecution. adobe ** flash+#layer ,dobe -lash Player versions ./.0.0.2.1 and 2017-03-14 10.0 CVE-2017-3003 BID (link is earlier have an e2#loitable use after free external) vulnerability related to an interaction between CONFIRM (link the #rivacy user interface and the ,ction'cri#t . is external) amera ob5ect. 'uccessful e2#loitation could lead to arbitrary code e2ecution. alienvault ** ossim The logchec$ function in session.inc in 2017-03-15 7.5 CVE-2016-7955 BUGTRAQ ,lien!ault 6''%M before 7.3.1, when an action (link is external) has been created, and 9'M before 7.3.1 allows MISC (link is remote attac$ers to bypass authentication and external) CONFIRM (link conse:uently obtain sensitive information, is external) modify the a##lication, or e2ecute arbitrary code as root via an ;,! <e#ort 'cheduler; HTTP 9ser* ,gent header. a#ache ** struts The =a$arta Multi#art #arser in ,#ache 'truts . 2017-03-10 10.0 CVE-2017-5638 MISC (link is ..8.x before ..3.3. and ..5.x before ..5.10.1 external) mishandles file u#load, which allows remote MISC (link is attac$ers to e2ecute arbitrary commands via a external) MISC (link is >cmd= string in a crafted ontent*Type HTTP external) header, as e2#loited in the wild in March .01@. BID (link is external) MISC (link is external) CONFIRM EXPLOIT-DB (link is external) CONFIRM CONFIRM MISC (link is external) MISC (link is external) MISC (link is external) MISC MISC (link is external) MISC (link is external) azure+de2 ** %n ,zure Data "2#ert 9ltimate ..2.1A, the 'MTP 2017-03-10 7.5 CVE-2017-6506 MISC (link is data+e2#ert+ultimate verification function suffers from a buffer external) overflow vulnerability, leading to remote code BID (link is e2ecution. The attac$ vector is a crafted 'MTP external) EXPLOIT-DB daemon that sends a long ..0 (a$a ;'ervice (link is external) ready") string. bitlbee ** bitlbee 9se*after*free vulnerability in bitlbee*lib#ur#le 2017-03-14 7.5 CVE-2016- 10188 before 8.5 allows remote servers to cause a MLIST (link is denial of service (crash) or #ossibly e2ecute external) arbitrary code by causing a file transfer MLIST (link is external) connection to e2#ire. BID (link is external) CONFIRM bitlbee ** bitlbee*lib#ur#le bitlbee*lib#ur#le before 8.5.1 allows remote 2017-03-14 7.5 CVE-2017-5668 MLIST (link is attac$ers to cause a denial of service (NULL external) #ointer dereference and crash) and #ossibly MLIST (link is e2ecute arbitrary code via a file transfer re:uest external) BID (link is for a contact that is not in the contact list. NOTE: external) this vulnerability e2ists because of an CONFIRM incom#lete fi2 for !"*.01A*101BC. CONFIRM (link is external) cambium+networ$s ** On ambium Networ$s cnPilot <.003.01 devices 2017-03-10 10.0 CVE-2017-5859 CONFIRM (link cn#ilot+r.00+series+firm before /.3, there is a vulnerability involving the is external) ware certificate of the device and its <', $eys, a$a <DN-1B8. embedthis ** goahead , command-in5ection vulnerability e2ists in a 2017-03-13 9.0 CVE-2017-5675 MISC (link is web a##lication on a custom*built EoAhead web external) server used on -oscam, !starcam, and multi#le MISC (link is white*label %P camera models. The mail-sending external) form in the mail.htm #age allows an attac$er to in5ect a command into the receiver1 field in the formF it will be e2ecuted with root #rivileges. f*secure ** -*'ecure 'oftware 9#dater ..20, as distributed in 2017-03-11 9.3 CVE-2017-6466 MISC software+u#dater several -*'ecure #roducts, downloads BID (link is installation #ac$ages over #lain htt# and does external) not #erform file integrity validation after download. Man*in*the*middle attac$ers can re#lace the file with their own e2ecutable which will be e2ecuted under the 'G'TEM account. Note that when 'oftware 9#dater is configured to install u#dates automatically, it chec$s if the downloaded file is digitally signed by default, but does not chec$ the author of the signature. Hhen running in manual mode (default), no signature chec$ is #erformed. imagemagic$ ** Memory lea$ in the %s6#tionMember function in 2017-03-14 7.8 CVE-2016- 10252 imagemagic$ Magic$ ore3option.c in %mageMagic$ before CONFIRM A.C.2*., as used in 6&<*PadEnc and other CONFIRM #roducts, allows attac$ers to trigger memory CONFIRM (link is external) consum#tion. imagemagic$ ** The gnu#lot delegate functionality in 2017-03-15 7.5 CVE-2016-5239 MISC imagemagic$ %mageMagic$ before A.9.4*0 and Era#hicsMagic$ MLIST (link is allows remote attac$ers to e2ecute arbitrary external) commands via uns#ecified vectors. BID (link is external) libgd ** libgd %nteger underflow in the +gdContributions,lloc 2017-03-15 7.5 CVE-2016- 10166 function in gd_inter#olation.c in the ED CONFIRM (link Era#hics Library (a$a libgd) before ..2.4 allows is external) remote attac$ers to have uns#ecified im#act via MLIST (link is external) vectors related to decrementing the u variable. MLIST (link is external) BID (link is external) CONFIRM (link is external) logbac$ ** logbac$ I6'.ch Logbac$ before 1.2.0 has a serialization 2017-03-13 7.5 CVE-2017-5929 CONFIRM (link vulnerability affecting the 'oc$et'erver and is external) 'erver'oc$et<eceiver com#onents. microsoft ** edge , remote code e2ecution vulnerability e2ists 2017-03-16 7.6 CVE-2017-0034 BID (link is when Microsoft Edge im#roperly accesses external) ob5ects in memory. The vulnerability could CONFIRM (link is external) corru#t memory in a way that enables an attac$er to e2ecute arbitrary code in the conte2t of the current user. ,n attac$er who successfully e2#loited the vulnerability could gain the same user rights as the current user. %f the current user is logged on with administrative user rights, an attac$er could ta$e control of an affected system. ,n attac$er could then install #rogramsF view, change, or delete dataF or create new accounts with full user rights. microsoft ** The scri#ting engine in Microsoft %nternet 2017-03-16 7.6 CVE-2017-0040 BID (link is internet+e2#lorer "2#lorer C through 11 allows remote attac$ers to external) e2ecute arbitrary code or cause a denial of CONFIRM (link service (memory corru#tion) via a crafted web is external) site, a$a ;'cri#ting Engine Memory orru#tion !ulnerability." This vulnerability is different from that described in !"*.01@*0180. microsoft ** Microsoft %nternet "2#lorer C through 11 allow 2017-03-16 7.6 CVE-2017-0149 BID (link is internet+e2#lorer remote attac$ers to e2ecute arbitrary code or external) cause a denial of service (memory corru#tion) via CONFIRM (link a crafted web site, a$a ;%nternet "2#lorer is external) Memory orru#tion !ulnerability." This vulnerability is different from those described in !"*.01@*001B and !"*.01@*008@. microsoft ** The 'MDv1 server in Microsoft Hindows !ista 2017-03-16 9.3 CVE-2017-0143 BID (link is server+message+bloc$ 'P.F Hindows 'erver .00B 'P. and <. 'P1F external) Hindows @ 'P1F Hindows B.1F Hindows 'erver CONFIRM (link .01. Eold and <.F Hindows <T B.1F and is external) Hindows 10 Eold, 1711, and 1A0@F and Hindows 'erver .01A allows remote attac$ers to e2ecute arbitrary code via crafted #ac$ets, a$a ;Hindows 'MD <emote ode "2ecution !ulnerability." This vulnerability is different from those described in !"*.01@*01//, !"*.01@*01/7, !"*.01@*01/A, and !"*.01@*01/B.