Title: Microsoft Office TIFF Integer Overflow

Description:  An integer overflow exists in a graphic rendering library used by Office products or by some versions of Windows.

Reference:

http://blogs.technet.com/b/srd/archive/2013/11/05/cve-2013-3906-a-graphics-vulnerability-exploited-through-word-documents.aspx

http://blog.snort.org/2013/11/sourcefire-vrt-certified-snort-rules.html

Snort SID:  28464-28471

ClamAV:  Win.Exploit.CVE_2013_3906-1

Win.Exploit.CVE_2013_3906

Win.Exploit.CVE_2013_3906-2

Title: HP Intelligent Management Center BIMS UploadServlet Arbitrary File Upload

Description: A lack of authentication and sanitization of PUT requests leads to an arbitrary file upload vulnerability

Reference: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03943425/

Snort SID:  28407

ClamAV:N/A

 Title: HP Intelligent Management Center BIMS bimsDownload Information Disclosure

Description: A lack of authentication and insufficient input validation of path and filename parameters reveals an information disclosure vulnerability

Reference: h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03943425

Snort SID: 28448

ClamAV: N/A

Title: CryptoLocker Ransomware Gets a Decryption Service

Description: As CryptoLocker Ransomware makes its rounds, criminals have launched a “CryptoLocker Decryption Service”.

Reference: http://thehackernews.com/2013/11/CryptoLocker-Ransomware-Decryption-service-malware-keys.html

Snort SID: 28044, 28416

ClamAV: Multiple

============================================================

 INTERESTING NEWS FROM AROUND THE SECURITY COMMUNITY

 Using Nessus to Detect Suspicious Windows Processes http://www.tenable.com/blog/using-nessus-to-detect-suspicious-windows-processes

 26th Annual FIRST Conference Call for Papers

https://cfp.first.org/conferenceDisplay.py?confId=2

 How a grad student trying to build the first botnet brought the Internet to its knees http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/01/how-a-grad-student-trying-to-build-the-first-botnet-brought-the-internet-to-its-knees/

 Cloud-Based Sandboxing: An Elevated Approach to Network Security http://www.securityweek.com/cloud-based-sandboxing-elevated-approach-network-security

 =========================================================

 RECENT VULNERABILITIES FOR WHICH EXPLOITS ARE AVAILABLE COMPILED BY THE QUALYS VULNERABILITY RESEARCH TEAM

 This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.

 ID:     CVE-2013-3906

Title:      Microsoft Graphics Component Could Allow Remote Code Execution

Vendor: Microsoft

Description: Remote exploitation of a memory corruption vulnerability in multiple Microsoft products could allow attackers to execute arbitrary code on the targeted host. The issue occurs with how the TIFF codec in Microsoft’s graphics component handles crafted TIFF files.

Processing crafted TIFF files can corrupt system memory and create an exploitable condition.

CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

 ID:     CVE-2012-1823

Title:      PHP Group PHP CGI Query String Parameter Processing Remote Code Execution

Vendor: PHP

Description: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ‘d’ case.

CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

 ID:     CVE-2013-4822

Title:      HP Intelligent Management Center BIMS UploadServlet Directory Traversal

Vendor: HP

Description: Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.

CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

 ID:     Not Available

Title:      D-Link Authentication Security Bypass Vulnerability

Vendor: D-Link

Description: A remote exploitation of a design error vulnerability in D-Link Systems Inc.’s routers could allow attackers to bypass authentication security restrictions. The router allows any user with a Web browser having the user agent string “xmlset_roodkcableoj28840ybtide” to gain access to the Web interface of the device without the requirement for any authentication credentials.

Affects D-Link Firmware v1.13 and other versions may also be affected.

CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)

 ID:     CVE-2013-3897

Title:      Microsoft Internet Explorer CDisplayPointer Use-After-Free (MS13-080)

Vendor: Microsoft

Description: Use-after-free vulnerability in the CDisplayPointer class in mshtml.dll in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory

corruption) via crafted JavaScript code that uses the onpropertychange event handler, as exploited in the wild in September and October 2013, aka “Internet Explorer Memory Corruption Vulnerability.”

CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

 ID:     CVE-2013-2251

Title:      Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

Vendor: Apache

Description: Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.

CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)