Vulnerability Summary for the Week of March 3, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity adrotate#lugin ** adrotate 'QL in,ection vulnerability in 2014-02-27 7.5 CVE-2014-1854 library/clic$trac$er.ph# in the .dRotate Pro #lugin 0.9 through 0.9.5 and .dRotate 3ree #lugin 0.9 through 0.9.4 for 5ordPress allows remote attac$ers to e6ecute arbitrary 'QL commands via the trac$ #arameter. a##le ** 7uic$time .##le +uic$Time before 8.8.5 does not initialize 2014-02-26 9.3 CVE-2014-1243 an uns#ecified #ointer, which allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted trac$ list in a movie file. a##le ** 7uic$time 9uffer overflow in .##le Quic$Time before 8.7.5 2014-02-26 9.3 CVE-2014-1244 allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted movie file with H.2;4 encoding. a##le ** 7uic$time %nteger signedness error in .##le Quic$Time 2014-02-26 9.3 CVE-2014-1245 before 8.7.2 allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted stsz atom in a movie file. a##le ** 7uic$time 9uffer overflow in .##le Quic$Time before 8.7.5 2014-02-26 9.3 CVE-2014-1246 allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted ftab atom in a movie file. a##le ** 7uic$time .##le +uic$Time before 8.8.5 allows remote 2014-02-26 9.3 CVE-2014-1247 attac$ers to e6ecute arbitrary code or cause a denial of service (memory corru#tion and a##lication crash) via a crafted dref atom in a movie file. a##le ** 7uic$time 9uffer overflow in .##le Quic$Time before 8.7.5 2014-02-26 9.3 CVE-2014-1248 allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted ldat atom in a movie file. a##le ** 7uic$time 9uffer overflow in .##le Quic$Time before 8.7.5 2014-02-26 9.3 CVE-2014-1249 allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted P'D image. a##le ** 7uic$time .##le +uic$Time before 8.8.5 does not #roperly 2014-02-26 9.3 CVE-2014-1250 #erform a byte*swa##ing operation, which allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (out*of*bounds memory access and a##lication crash) via a crafted ttfo element in a movie file. a##le ** 7uic$time 9uffer overflow in .##le Quic$Time before 8.7.5 2014-02-26 9.3 CVE-2014-1251 allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted clef atom in a movie file. a##le ** mac<os<6 .##le Type 'ervices (.T') in .##le =' > before 2014-02-26 7.5 CVE-2014-1255 [email protected] does not #roperly validate calls to the free function, which allows attac$ers to bypass the .## 'andbox #rotection mechanism via crafted Mach messages. a##le ** mac<os<6 9uffer overflow in .##le Type 'ervices (.T') in 2014-02-26 7.5 CVE-2014-1256 .##le =' > before [email protected] allows attac$ers to bypass the .## 'andbox #rotection mechanism via crafted Mach messages. a##le ** mac<os<6 %nteger signedness error in oreTe6t in .##le =' 2014-02-26 7.5 CVE-2014-1261 > before [email protected] allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted Anicode font. a##le ** mac<os<6 .##le Type 'ervices (.T') in .##le =' > before 2014-02-26 7.5 CVE-2014-1262 [email protected] allows attac$ers to bypass the .## 'andbox #rotection mechanism via crafted Mach messages that trigger memory corru#tion. autodes$ ** autocad .utodes$ .utoC.D before :@?4 allows remote 2014-02-22 7.5 CVE-2014-0818 attac$ers to e6ecute arbitrary !9'cri#t code via a crafted 3.' file search #ath. belkin ** The #eer.ddresses .P% in 9elkin 5eMo Home 2014-02-22 7.8 CVE-2013-6948 wemo_home<automation .utomation firmware before 0141 allows remote <firmware attac$ers to conduct >ML in,ection attac$s and read arbitrary files via uns#ecified vectors. belkin ** The 9el$in 5eMo Home .utomation firmware 2014-02-22 9.3 CVE-2013-6949 wemo_home<automation before 0141 does not #ro#erly restrict the use of <firmware 'TAN and TA/N #roxies, which allows man*in* the*middle attac$ers to bypass intended access restrictions via crafted #ac$ets. belkin ** The 9el$in 5eMo Home .utomation firmware 2014-02-22 7.8 CVE-2013-6950 wemo_home<automation before 0141 does not use ''L for the distribution <firmware feed, which allows remote attac$ers to obtain sensitive information by sniffing the networ$. belkin ** The 9el$in 5eMo Home .utomation firmware 2014-02-22 7.1 CVE-2013-6951 wemo_home<automation before 0141 does not maintain a set of <firmware ertification .uthority #ublic $eys, which allows man*in*the*middle attac$ers to s#oof ''L servers via an arbitrary >.5@1 certificate. Medium Severity Vulnerabilities The Primary Description Date Published CVSS The CVE Vendor --- Product Score Identity 8andi*fs.co ** The &ennyBs a##lication before :.0.? for .ndroid 26/02/14 5.8 CVE-2014-1967 dennyBs does not verify >.5@1 certificates from ''L servers, which allows man*in*the*middle attac$ers to s#oof servers and obtain sensitive information via a crafted certificate. a#ache ** tomcat .#ache Tomcat before ;[email protected], 8.x before [email protected], and 2014-02-26 5.8 CVE-2013-4286 C.x before C.0.0*/ 0, when an HTTP connector or .DP connector is used, does not #ro#erly handle certain inconsistent HTTP re7uest headers, which allows remote attac$ers to trigger incorrect identification of a re7uestBs length and conduct re7uest*smuggling attac$s via (?) multi#le ontent* Length headers or (:) a ontent*Length header and a ETransfer*Encoding: chun$ed" header. NOTE: this vulnerability e6ists because of an incom#lete fi6 for !"*:@@2*:@1@. a#ache ** tomcat .#ache Tomcat before ;[email protected], 8.x before [email protected]@, and 2014-02-26 4.3 CVE-2013-4322 C.x before C.0.0*/ ?@ #rocesses chun$ed transfer coding without #roperly handling (?) a large total amount of chun$ed data or (:) whites#ace characters in an HTTP header value within a trailer field, which allows remote attac$ers to cause a denial of service by streaming data. NOTE: this vulnerability e6ists because of an incom#lete fi6 for !"*:@?:*0244. a#ache ** tomcat .#ache Tomcat before ;[email protected], 8.x before [email protected]@, and 2014-02-26 4.3 CVE-2013-4590 C.x before C.0.0*/ ?@ allows attac$ers to obtain ETomcat internalsE information by leveraging the #resence of an untrusted web a##lication with a conte6t.xml, web.xml, F.js#6, F.tag6, or F.tld >ML document containing an e6ternal entity declaration in con,unction with an entity reference, related to an >ML "6ternal Entity (>>") issue. a#ache ** tomcat org-a#ache-catalina-connector- oyote.da#ter.java 2014-02-26 4.3 CVE-2014-0033 in .#ache Tomcat ;.0.30 through ;.0.08 does not consider the disableA/L/ewriting setting when handling a session %& in a A/L, which allows remote attac$ers to conduct session fi6ation attac$s via a crafted A/L. a##le ** mac<os<6 .##le Type 'ervices (.T') in .##le =' > before 2014-02-26 6.8 CVE-2014-1254 [email protected] allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (memory corru#tion) via a crafted Type ? font that is embedded in a document. a##le ** mac<os<6 Hea#*based buffer overflow in ore.nimation in 2014-02-26 6.8 CVE-2014-1258 .##le =' > before [email protected] allows remote attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted image. a##le ** mac<os<6 9uffer overflow in 3ile 9ookmar$ in .##le =' > 2014-02-26 6.8 CVE-2014-1259 before [email protected] allows attac$ers to e6ecute arbitrary code or cause a denial of service (a##lication crash) via a crafted filename. a##le ** mac<os<6 +uic$Look in .##le =' > through [email protected] allows 2014-02-26 6.8 CVE-2014-1260 remote attac$ers to e6ecute arbitrary code or cause a denial of service (memory corru#tion and a##lication crash) via a crafted Microsoft Office document. a##le ** mac<os<6 curl in .##le =' > [email protected] before [email protected] does not 2014-02-26 4.3 CVE-2014-1263 verify >.5@1 certificates from HTTP' servers that are accessed using a numerical %P address, which allows man*in*the*middle attac$ers to s#oof servers via a crafted certificate.