Continued
2008’s Popular Applications with Critical Vulnerabilities
1 Mozilla Firefox
Mozilla Firefox 3.x, 2.x Vendor Patch Remote attackers can execute arbitrary code via buffer CVE-2008-5052, CVE-2008-4064,
overflow, malformed URI links, documents, JavaScript CVE-2008-5024, CVE-2008-4063,
and third party tools. CVE-2008-5023, CVE-2008-4062,
CVE-2008-5022, CVE-2008-4061,
CVE-2008-5013 CVE-2008-0016
Apple Safari 6.0.5.20 Vendor Patch Buffer overflow resulting in arbitrary code execution and CVE-2008-3623, CVE-2008-2306
denial of service involving JavaScript arrays that trigger CVE-2008-2307,
memory corruption and crafted images, related to
improper handling of color spaces.
Apple iTunes 3.2, 3.1.2 Vendor Patch Remote Improper update verification allows man-in-the- CVE-2008-3434
middle attacks to execute arbitrary code via a Trojan
horse update.
6 Symantec
Symantec Norton 2.7.0.1 Vendor Patch Stack-based buffer overflow in the AutoFix Support Tool CVE-2008-0312
Products (all flavors ActiveX lead to arbitrary code execution.
2006 to 2008)
7 Trend Micro
Trend Micro 8.0 SP1 before Vendor Patch Stack-based buffer overflow allowing remote attackers CVE-2008-3862, CVE-2008-2437,
OfficeScan build 2439 and to execute arbitrary code. CVE-2008-4402, SVE-2008-3364
8.0 SP1 Patch 1
before build 3087
8 Citrix Products
Citrix Products Deterministic Vendor Patch Privilege escalation in DNE via specially crafter device CVE-2008-5121, CVE-2008-2528,
Network Enhancer interface requests affects Cisco VPN Client, Blue Coat CVE-2008-3485, CVE-2008-0356
(DNE) 2.21.7.233 WinProxy, SafeNet SoftRemote and HighAssurance
through 3.21.7.17464, Remote. Search path vulnerability, authentication bypass
Access Gateway 4.5.7, and buffer overflow lead to arbitrary code execution.
Presentation Server 4.5
Continued
2008’s Popular Applications with Critical Vulnerabilities Continued
9 Aurigma, Lycos
Aurigma Image 4.6.17.0, 4.5.70.0, Vendor Patch Remote attackers can perform remote code execution CVE-2008-0660,
Uploader, Lycos 4.5.126.0 via long extended image information. Aurigma ActiveX CVE-2008-0659,
FileUploader is used by Facebook PhotoUploader and MySpace CVE-2008-0443
MySpaceUploader.
10 Skype
Skype 3.6.0.248 Vendor Patch Improper check of dangerous extensions allows
user-assisted remote attackers to bypass warning CVE-2008-2545,
dialogs. Cross-zone scripting vulnerability allows CVE-2008-1805,
remote attackers to inject script via IE web control. CVE-2008-0454
11 Yahoo! Assistant
Yahoo! Assistant 3.6. Vendor Patch Remote attackers can execute arbitrary code via CVE-2008-2111
memory corruption.
Bit9, Inc.
266 Second Ave.
Waltham, MA 02451
p: +1 617.393.7400
© 2008, Bit9, Inc. All Rights Reserved. Bit9, Inc., FileAdvisor, Find File, Parity, and ParityCenter are trademarks or registered
trademarks of Bit9, Inc. All other names and trademarks are the property of their respective owners. Bit9 reserves the right
f: +1 617.393.7499
to change product specifications or other product information without notice. www.bit9.com