SSD Advisory – Comtrol RTS Configuration Modification and Memory Corruption

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
The DeviceMaster RTS family of serial device servers enables browser-based remote port/device monitoring and configuration and provides an application software platform for local processing. The DeviceMaster RTS product is a network-attached solid-state embedded device server network serial port that delivers exceptional price, performance and reliability.

Vulnerability Details
The Comtrol DeviceMaster RTS DB9M 2-Port 1E fails to protect several key resources related to configuration and operations by default. Combining that failure with a memory corruption vulnerability, at least exploitable to cause a device denial-of-service, a user can remotely modify the configuration of the device and force the operator to reboot the device in order to resume normal operations, forcing the arbitrary changes to take effect.

SSD Advisory – OneNote 2007 Arbitrary Code Execution

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
Microsoft OneNote (formerly called Microsoft Office OneNote) is a computer program for free-form information gathering and multi-user collaboration. It gathers users’ notes (handwritten or typed), drawings, screen clippings and audio commentaries. Notes can be shared with other OneNote users over the Internet or a network.

Vulnerability Details
MS Office OneNote 2007 contains a vulnerability that causes the program to extract files contained inside a OneNote file (.onepkg) which uses the “CAB archive format”, to be extracted to an arbitrary location in the system by using parent directory (\..\) in the file names. Since Onenote also does not check file extensions, it is possible to extract unsafe files to arbitrary locations.

SSD Advisory – Trend Micro Threat Intelligence Manager Multiple Vulnerabilities Remote Code Execution

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
Threat Intelligence Manager provides actionable security intelligence to quickly respond to advanced and hidden threats to enable you to practively resond to enterprise security threats.

Vulnerabilities Details
Trend Micro Threat Intelligence Manager installs a secure web interface (httpd.exe, tcp port 443/https) which listens for incoming requests. Several vulnerabilities have been found in the product that would allow a remote attacker to cause the product to execute arbitrary code.

SSD Advisory – LibreOffice Impress Remote Control Use-after-Free Vulnerability

SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.

Introduction
LibreOffice is a powerful office suite; Its clean interface and its powerful tools let you unleash your creativity and grow your productivity. LibreOffice embeds several applications that make it the most powerful Free & Open Source Office suite on the market

Vulnerability Details
A vulnerability in LibreOffice’s Impress Remote Protocol, allows a remote attacker to cause the product to crash, potentially executing arbitrary code by sending the TCP port 1599 (used by the protocol) a malformed request.