{"hash": "918b7af4067f5178c1175119ed9f72615c9f46b2fe884f76ba10c5053a2f9989", "id": "SMNTC-32622", "lastseen": "2018-03-12T12:26:11", "viewCount": 1, "hashmap": [{"hash": "617f44b3b3f502c65f0c0604b972bc45", "key": "affectedSoftware"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "2a86988c382f1cc347103e1796b6aeb3", "key": "description"}, {"hash": "082ae8789d1731a465ff1bd6148d09e7", "key": "href"}, {"hash": "cffc4a21ec9864b1f88227b45e4fc885", "key": "modified"}, {"hash": "cffc4a21ec9864b1f88227b45e4fc885", "key": "published"}, {"hash": "137ae33a1dca7a953380768cddf35a71", "key": "references"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}, {"hash": "bbd50599d089312c04eb6e51ece35010", "key": "title"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}], "bulletinFamily": "software", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 9.3, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-03-12T12:26:11"}, "vulnersScore": 9.3}, "type": "symantec", "description": "### Description\n\nMicrosoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.\n\n### Technologies Affected\n\n * Microsoft Excel 2000 SP3 \n * Microsoft Excel 2002 SP3 \n * Microsoft Excel 2003 SP3 \n * Microsoft Office 2004 for Mac \n * Microsoft Office 2008 for Mac \n * Microsoft Office Excel Viewer 2003 \n * Microsoft Office Excel Viewer 2003 SP3 \n * Microsoft Open XML File Format Converter for Mac \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities.\n\nMicrosoft has released a security bulletin along with fixes that address this vulnerability.\n", "title": "Microsoft Excel Name Record Array Remote Code Execution Vulnerability", "history": [{"bulletin": {"hash": "5761ddd0d194606e4bee0ecc52af7dac61c96c01f7802cf92025fae367d23cbe", "viewCount": 1, "edition": 1, "lastseen": "2016-09-04T11:42:43", "history": [], "objectVersion": "1.2", "hashmap": [{"hash": "7a77efe4834e85557526e500d9b9be70", "key": "affectedSoftware"}, {"hash": "bbd50599d089312c04eb6e51ece35010", "key": "title"}, {"hash": "b53054d10a030c7f2d0ee27ccaaf17e3", "key": "href"}, {"hash": "cffc4a21ec9864b1f88227b45e4fc885", "key": "modified"}, {"hash": "52e3bbafc627009ac13caff1200a0dbf", "key": "type"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "cffc4a21ec9864b1f88227b45e4fc885", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "137ae33a1dca7a953380768cddf35a71", "key": "references"}, {"hash": "108263b9fa9a57e8dfecde8f9d493e07", "key": "description"}, {"hash": "d6218597dc7a1b025a781373296b2b63", "key": "reporter"}], "cvelist": [], "bulletinFamily": "software", "published": "2008-12-09T00:00:00", "description": "### Description\n\nMicrosoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. \n\n### Technologies Affected\n\n * Microsoft Excel 2000 SP3\n * Microsoft Excel 2002 SP3\n * Microsoft Excel 2003 SP3\n * Microsoft Office 2004 for Mac\n * Microsoft Office 2008 for Mac\n * Microsoft Office Excel Viewer 2003\n * Microsoft Office Excel Viewer 2003 SP3\n * Microsoft Open XML File Format Converter for Mac\n\n### Recommendations\n\n#### Run all software as a nonprivileged user with minimal access rights.\n\nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n#### Do not accept or execute files from untrusted or unknown sources.\n\nTo reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.\n\n#### Do not follow links provided by unknown or untrusted sources.\n\nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\n#### Implement multiple redundant layers of security.\n\nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploits of memory-corruption vulnerabilities. \n\nMicrosoft has released a security bulletin along with fixes that address this vulnerability. \n", "cvss": {"score": 0.0, "vector": "NONE"}, "id": "SMNTC-32622", "reporter": "Symantec Security Response", "references": ["http://secunia.com/secunia_research/2008-36/"], "affectedSoftware": [{"version": "2003", "name": "Microsoft Office Excel Viewer", "operator": "eq"}, {"version": "2000 SP3", "name": "Microsoft Excel", "operator": "eq"}, {"version": "Mac", "name": "Microsoft Office 2004 for", "operator": "eq"}, {"version": "2003 SP3", "name": "Microsoft Excel", "operator": "eq"}, {"version": "Mac", "name": "Microsoft Office 2008 for", "operator": "eq"}, {"version": "2002 SP3", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2003 SP3", "name": "Microsoft Office Excel Viewer", "operator": "eq"}, {"version": "any", "name": "Microsoft Open XML File Format Converter for Mac", "operator": "eq"}], "title": "Microsoft Excel Name Record Array Remote Code Execution Vulnerability", "modified": "2008-12-09T00:00:00", "enchantments": {"score": {"value": 8.5, "modified": "2016-09-04T11:42:43"}}, "href": "https://www.symantec.com/security_response/vulnerability.jsp?bid=32622", "type": "symantec"}, "lastseen": "2016-09-04T11:42:43", "edition": 1, "differentElements": ["description", "href", "affectedSoftware"]}], "objectVersion": "1.3", "cvelist": [], "published": "2008-12-09T00:00:00", "references": ["http://secunia.com/secunia_research/2008-36/"], "reporter": "Symantec Security Response", "affectedSoftware": [{"version": "2002 SP3 ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2003 ", "name": "Microsoft Office Excel Viewer", "operator": "eq"}, {"version": "2003 SP3 ", "name": "Microsoft Excel", "operator": "eq"}, {"version": "2008 for Mac ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2004 for Mac ", "name": "Microsoft Office", "operator": "eq"}, {"version": "2003 SP3 ", "name": "Microsoft Office Excel Viewer", "operator": "eq"}, {"version": "2000 SP3 ", "name": "Microsoft Excel", "operator": "eq"}], "modified": "2008-12-09T00:00:00", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/32622"}

{"metasploit": [{"lastseen": "2019-05-01T20:27:47", "bulletinFamily": "exploit", "description": "This module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet with the opcode 0x40020002 (GetFooterRequest) to the 6905/UDP port. The module, which allows code execution under the context of SYSTEM, has been successfully tested on Windows Server 2003 SP2 and Windows XP SP3.", "modified": "2017-07-24T13:26:21", "published": "2012-05-31T21:21:43", "id": "MSF:EXPLOIT/WINDOWS/MISC/CITRIX_STREAMPROCESS_GET_FOOTER", "href": "", "type": "metasploit", "title": "Citrix Provisioning Services 5.6 SP1 Streamprocess Opcode 0x40020002 Buffer Overflow", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/citrix_streamprocess_get_footer.rb"}, {"lastseen": "2019-04-30T10:36:49", "bulletinFamily": "exploit", "description": "This module will log into the Web API of VMWare and 'tag' a specified Virtual Machine. It does this by logging a user event with user supplied text", "modified": "2017-07-24T13:26:21", "published": "2012-02-16T06:45:48", "id": "MSF:AUXILIARY/ADMIN/VMWARE/TAG_VM", "href": "", "type": "metasploit", "title": "VMWare Tag Virtual Machine", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Auxiliary\n include Msf::Exploit::Remote::HttpClient\n include Msf::Auxiliary::Report\n include Msf::Exploit::Remote::VIMSoap\n\n def initialize\n super(\n 'Name' => 'VMWare Tag Virtual Machine',\n 'Description' => %Q{\n This module will log into the Web API of VMWare and\n 'tag' a specified Virtual Machine. It does this by\n logging a user event with user supplied text\n },\n 'Author' => ['theLightCosine'],\n 'License' => MSF_LICENSE,\n 'DefaultOptions' => { 'SSL' => true }\n )\n\n register_options(\n [\n Opt::RPORT(443),\n OptString.new('USERNAME', [ true, \"The username to Authenticate with.\", 'root' ]),\n OptString.new('PASSWORD', [ true, \"The password to Authenticate with.\", 'password' ]),\n OptString.new('VM', [true, \"The VM to try to Power On\"]),\n OptString.new('MSG', [true, \"The message to put in the log\", 'Pwned by Metasploit'])\n ])\n end\n\n def run\n\n if vim_do_login(datastore['USERNAME'], datastore['PASSWORD']) == :success\n vm_ref = vim_find_vm_by_name(datastore['VM'])\n case vm_ref\n when String\n result = vim_log_event_vm(vm_ref, datastore['MSG'])\n case result\n when :noresponse\n print_error \"Received no response\"\n when :expired\n print_error \"The login session appears to have expired\"\n when :error\n print_error \"An error occurred\"\n else\n print_good \"User Event Logged\"\n end\n when :noresponse\n print_error \"Received no response\"\n when :expired\n print_error \"The login session appears to have expired\"\n when :error\n print_error @vim_soap_error\n end\n else\n print_error \"Login failure on #{datastore['RHOST']}\"\n return\n end\n end\nend\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/vmware/tag_vm.rb"}]}