SAINT top bar Go to home page Search this site Contact SAINT Corporation
[an error occurred while processing this directive]
SAINT logo
SAINT Support banner





Vulnerability Checks

 

 

 

 

 

At SAINT, we respond quickly to vulnerability discoveries. Our engineers continuously update and refine our products to meet the latest security protocols. In addition, when a security alert is issued, we inform our customers via e-mail. You can download updates to correct the latest vulnerability discoveries below.

Windows insecure library loading vulnerability

Mac OS X Security Update 2010-005.

Shockwave vulnerabilities fixed by APSB10-20.

Exploits now available via SAINT Express:

  Microsoft Windows Movie Maker MediaClipString Buffer Overflow exploit

SAINT® 7.4.6 Released 08/27/2010 –

New features in this version:

SAINTexploit:
  • ARP Spoof exploit tool
SCAP Compliance:
  • Added XCCDF Benchmark Evaluation (XCCDF Scan Level)
  • Added XCCDF Reporting
  • Added support for External Variable files (OVAL variables schema and .var files)
  • Added XCCDF Profile creation/selection tool

Administrative Functions:

  • When selecting backup and restore admin function, the previously SAINTwriter saved reports
    would be included in the functionality as well.

SAINTwriter:

  • Added PCI vulnerability severity levels in compliance with PCI DSS.

Database Format:

The all-hosts file, which keeps track of what hosts SAINT has seen while scanning networks, now includes two new fields:

  • System Class - The host's general system type, such as Windows or Linux
  • System Type - The host's specific operating system, including the version number of service pack level, if known.

New vulnerability checks in version 7.4.6:

  • Windows insecure library loading vulnerability
  • Mac OS X Security Update 2010-005. (CVE 2010-1800 CVE 2010-1808 and etc.)
  • Shockwave vulnerabilities fixed by APSB10-20. (CVE 2010-2863 through CVE 2010-2882)
  • Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability. (CVE 2010-2862)
  • Opera 'opera:config' Security Bypass Vulnerability. (BID41927)
  • Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability.(CVE 2010-1214)
  • Sophos Filter Driver NtQueryAttributesFile Vulnerability. (CVE 2010-2308)
  • Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities. (CVE 2010-1452)
  • vBulletin 'faq.php' Information Disclosure Vulnerability.(BID41875)
  • PHP Multiple Vulnerabilities fixed in 5.2.14.(CVE 2010-2484 CVE 2010-2531)
  • Cisco ASA 5580 series multiple vulnerabilities. (CVE 2009-4910 CVE 2009-4911 etc.)
  • Linux Kernel CIFS DNS Lookup Cache Poisoning Vulnerability. (CVE 2010-2524)
  • Linux Kernel Btrfs Overwrite Append-Only Files Local Security Bypass Vulnerability. (CVE 2010-2537)
  • Juniper Cross Site Scripting
  • Panda local kernel stack corruption vulnerability
  • FreeType multiple vulnerabilities fixed in version 2.4.0. (CVE 2010-2497 CVE 2010-2498 etc.)
  • Multiple Vulnerabilities fixed in Safari 5.0.1. (CVE 2010-1778 CVE 2010-1780 and etc.)
  • Xerver Multiple Vulnerabilities. (BID42110)
  • Avast! Internet Security 'aswFW.sys' Driver IOCTL Handling Local Denial of Service Vulnerability. (BID42148)
  • Oracle Secure Backup Server Authentication Bypass Vulnerability. (CVE 2010-0904)
  • Symantec Alert Management System Arbitrary Command Execution Vulnerability. (BID41959)
  • GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability. (CVE 2010-2547)
  • Palo Alto Firewall XSS Vulnerability. (CVE 2010-0475)
  • AIX FTP Information Disclosure Vulnerability. (SA40617)
  • PHP-Fusion Remote Command Execution Vulnerability.(BID41758)
  • HP OpenView Network Node Manager 'OvJavaLocale' Cookie Value Remote Code Execution Vulnerability. (CVE 2010-2709)
  • Novell iPrint Client ExecuteRequest debug Parameter Remote Code Execution. (BID42100)
  • Opera Web Browser prior to 10.61 Multiple Security Vulnerabilities. (CVE 2010-2576 CVE 2010-3021 and etc.)
  • Linux Kernel Userspace Stack Growth Memory Corruption. (CVE 2010-2240)
  • Drupal Actions Feature Nodes and Taxonomy XSS. (SA40930)
  • Multiple vulnerabilities fixed in Serv-U 10.2.0.0. (SA41018)
  • Microsoft Windows Service Isolation Bypass Local Privilege Escalation. (Advisory 2264072) (CVE 2010-1886)
  • VLC Media Player Meta-Information Remote Denial of Service Vulnerability. (CVE 2010-2937)
  • WordPress 'wp-admin/plugins.php' Cross Site Scripting Vulnerability. (BID42440)

New exploits in this version:

  • Microsoft Office Word RTF Parsing Engine Memory Corruption exploit. (CVE 2010-1901)
  • Novell iPrint Client ExecuteRequest exploit
  • Microsoft Office Excel PivotTable Cache Data Record Handling Overflow exploit. (CVE 2010-2562)
  • Symantec Alert Management Service hndlrsvc exploit
  • HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow exploit. (CVE 2010-1554)
  • Novell iPrint Client ActiveX control call-back-url exploit. (CVE 2010-1527)
  • Microsoft Windows Movie Maker MediaClipString Buffer Overflow exploit. (CVE 2010-2564)
  Copyright SAINT Corporation. All Rights Reserved Privacy information Legal information Site map