-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0087 Title: UPDATED - Microsoft Security Advisory 2737111 Released on July 24, 2012 [1] Version history: 25.07.2012 Initial publication 06/08/2012 CVE-2012-3108 - Updates are marked with NEW !! 22/08/2012 CVE-2012-1770 - Updates are marked with NEW !!! Summary ======= Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution. NEW !!! Oracle Outside In Technology is prone to a remote code-execution vulnerability. The 'Outside In Filters' sub component is affected. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This vulnerability affects the following supported versions: 8.3.5, 8.3.7 [5] CVE-2012-1766 CVE-2012-1767 CVE-2012-1768 CVE-2012-1769 CVE-2012-1770 CVE-2012-1771 CVE-2012-1772 CVE-2012-1773 CVE-2012-3106 CVE-2012-3107 CVE-2012-3108 CVE-2012-3109 CVE-2012-3110 CVSS v2 Base Score:2.1 (LOW) (AV:L/AC:L/Au:N/C:N/I:N/A:P) [2] Vulnerable systems ================== NEW !!! AccessData Group FTK 3.4 NEW !!! AccessData Group FTK 3.3 NEW !!! AccessData Group FTK 3.2 NEW !!! Oracle Outside In Technology - Supported versions 8.3.5, 8.3.7 [6] NEW !! Microsoft Exchange Server 2007 SP2 [4] Microsoft Exchange Server 2007 Service Pack 3 Microsoft Exchange Server 2010 Service Pack 1 Microsoft Exchange Server 2010 Service Pack 2 Microsoft SharePoint Server 2010 Service Pack 1 FAST Search Server 2010 for SharePoint Microsoft SharePoint Server is only affected by this issue when FAST Search with Advanced Filter Pack is enabled. By default, Advanced Filter Pack in FAST is disabled. When Advanced Filter Pack is enabled, the component that uses the Oracle Outside In libraries is running with a restricted token. Original Details ================ Microsoft is investigating new public reports of vulnerabilities in third-party code, Oracle Outside In libraries, that affect Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, and FAST Search Server 2010 for SharePoint, which ship that component. Customers that apply the workarounds described in this advisory are not exposed to the vulnerabilities described in Oracle Critical Patch Update Advisory - July 2012 [3] What can you do? ================ NEW !!! Vendor updates are available. [7] Apply Workarounds (See recommendations by Microsoft) [1] What to tell your users? ======================== N/A More information ================ [1] 1technet.microsoft.com/en-us/security/advisory/2737111 [2] More information abut CVE - http://nvd.nist.gov/cvss.cfm?vectorinfo&version=2 [3] http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html [4] http://www.securityfocus.com/bid/54550/info [5] NEW !!! http://www.securityfocus.com/bid/54541/discuss [6] NEW !!! http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html [7] NEW !!! http://www.oracle.com/index.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJQNPTOAAoJEPpzpNLI8SVoWHoP+wfs9DC9WpZ2naqMDDc9ttRy cqMJknVM3fILH0EQNJSjuu6WoCPjUm1+L1M8iak1v4np2x2VB44pgoH9TqiXOXcG UwVqUqPbrB+JBOlvyw5ItY6QzwNnlWEGTX9fXXr1rBks0ksvzZGon+ilzDDN/NJU mrpQYXGSzrpdEsV9/+Dr6Xh4DYbnXfltLsJUClOYekPc4CgadpnHHGXa3W2ybNC7 BAJzH/B3XoAvfkL2JfyKnU9pjzKZ1SEglJsn5UGQWIQ+IWToc/raWwx0M1u2KRIp YZnuWsgJr0VsEH3jc4F9FxnI1/aYe6b2bTWTmfHceOP/9y1TF4ExJQuTqqmIHQ4V pKCX6MDfTuUm+1tSfhOkMRidIYt+qa3jzJnQiNRDW8IxgspngFZmu6cHul5+ZRpN Gxur+WKYQ916G2MjpQOnCAUNXUyokbOOgjZv6gOl7oHZ50k5GS9netyw1rL8A9Ky Dtoh7jyvXivQu2hA5PDtf/fdM04ed6z4+B2pgtp9Ll06vMDp4EL6hvZOqhCmc+hP w6Fhs+sZ07F31ZJXxW88CJAb/UaLBd2Gnbi9xENQgJUpA+dce5P7tSDRjnFPvFW1 +NLxPRS1/UYlo2+06rDGjl5kdBUXDF6QTrr+lDDnQeyhmSMKoMX5lasAxvnyq3zU X+IBrnq5oG3p5pxP6A8H =OGXW -----END PGP SIGNATURE-----