A vulnerability is reported to affect the Sygate Personal Firewall fail-closed functionality. It is reported that the kernel-space NDIS driver does not verify the origin of messages that are received through the associated device. As a result of this it is possible for a local user to transmit a message to the kernel-space NDIS driver device in order to disable the firewall fail-closed functionality. A local attacker may exploit this condition to disable the affected firewall completely.
A weakness is reported in Mozilla that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. It is reported that the weakness exists when form method GET action URI's that are appended with the %2F encoded character, several space characters and an appended '.' URI are followed.
Sambar Server is reportedly prone to multiple vulnerabilities. These issues may allow an attacker to access sensitive files and carry out directory traversal and cross-site scripting attacks. These issues require an attacker to have administrative privileges, however, it is reported that an administrative password is not set on the server by default. An administrator who is not intended to have certain privileges may also exploit these vulnerabilities. An example of a cross-site scripting attack is http://www.example.com/sysadmin/system/showperf.asp?area=search&title=<script>alert(document.cookie)</script>
Orenosv HTTP/FTP server is prone to a denial of service vulnerability that may occur when an overly long HTTP GET request is sent to the server. When the malicious request is handled, it is reported that both the HTTP and FTP daemons will stop responding.
A vulnerability identified in Internet Explorer may allow an attacker to cause the application to crash when the browser attempts to process an HTML page containing a table and loads a css style sheet from a file.
Microsoft Outlook Express has been reported prone to a URI obfuscation vulnerability. An attacker could reportedly get a user to visit an attacker controlled site without the usual address bar feature in a web browser. This could potentially make it easier for an attacker to fool a user into trusting the site contents. The HTML code will cause the browser to display the link as http://www.example1.com, but the link will actually point to http://www.example2.com.
Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known (and potential) Internet Explorer vulnerabilities depend on the attacker being able to directly reference malicious content on a victim system. Given both the ability to place such content on the file system and reference it specifically by location, exploitation of many browser-based vulnerabilities becomes possible.
It has been reported that the Qualcomm Eudora MTA is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a "^A" control character is located after the user value. The user value may then be appended with space characters to obfuscate status bar and mouseover details. It is said that, when doing a mouseover of such a URI, it will cause the status bar to only display the contents of the user value, not the entire link.
Sambar improperly validates the IP address of an originating connection and can be used to gain access the administration interface without authorization. Once the remote attacker has gained access to the administrative interface, further attacks are possible, including privilege escalation and unauthorized system access.
It is possible to embed a certificate and content from a foreign domain (via SSL) into a web page. When the web page is visited by the client user, the user will be prompted to authorize the certificate from the foreign domain. This will make it appear as though the web page they are visiting is in the foreign domain. It should be noted that while the connection will appear to be secure, as denoted by the closed lock icon in the right bottom corner of the browser window, the spoofed certicate may not be manually inspected (by clicking the lock icon). The browser will return a message stating that the document does not have a certificate associated with it when the lock is clicked by the user. This may give an indication that the certificate has been spoofed.