WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
November 17, 2006
Symantec NetRecon 3.6 Security Update 30

Description

Download Security Update 30 Release Notes (PDF)

Use the LiveUpdate feature of Symantec NetRecon 3.6 to download the security update.

Symantec NetRecon 3.6 Security Update 30 (SU 30) detects and reports 70 new vulnerabilities.

New vulnerabilities

ID	Vulnerability name
19922	Microsoft PGM Remote Buffer Overflow Vulnerability
19927	Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability
11826	Microsoft Internet Explorer FTP URI Arbitrary FTP Server Command Execution Vulnerability
18198	Microsoft Windows MHTML URI Buffer Overflow Vulnerability
18277	Microsoft Internet Explorer Frameset Memory Corruption Vulnerability
18500	Microsoft HLINK.DLL Link Memory Corruption Vulnerability
18682	Microsoft Internet Explorer OuterHTML Redirection Handling Information Disclosure Vulnerability
18769	Microsoft Windows HTML Help HHCtrl ActiveX Control Memory Corruption Vulnerability
18855	Microsoft Internet Explorer Structured Graphics Control Denial Of Service Vulnerability
18873	Microsoft Internet Explorer Table Frameset Denial Of Service Vulnerability
18900	Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service Vulnerability
18902	Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of Service Vulnerability
18903	Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of Service Vulnerability
18929	Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of Service Vulnerability
18946	Microsoft Internet Explorer TriEditDocument Denial Of Service Vulnerability
18960	Microsoft Internet Explorer RevealTrans Denial Of Service Vulnerability
19030	Microsoft Internet Explorer WebViewFolderIcon Denial Of Service Vulnerability
19069	Microsoft Internet Explorer DataSourceControl Denial of Service Vulnerability
19079	Microsoft Internet Explorer OVCtl Denial Of Service Vulnerability
19092	Microsoft Internet Explorer Content-Type Denial Of Service Vulnerability
19102	Microsoft Internet Explorer String To Binary Function Denial Of Service Vulnerability
19109	Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service Vulnerability
19113	Microsoft Internet Explorer Multiple Object ListWidth Property Denial Of Service Vulnerability
19114	Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability
19135	Microsoft Windows Remote Denial of Service Vulnerability
19140	Microsoft Internet Explorer Native Function Iterator Denial Of Service Vulnerability
19184	Microsoft Internet Explorer NDFXArtEffects Stack Overflow Vulnerability
19215	Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability
19221	Microsoft Windows Graphical Device Interface Plus Library Denial Of Service Vulnerability
19227	Microsoft Internet Explorer ADODB.Recordset NextRecordset Denial of Service Vulnerability
19228	Microsoft Internet Explorer Deleted Frame Object Denial Of Service Vulnerability
19300	Microsoft Windows Routing and Remote Access Denial of Service Vulnerability
19312	Microsoft Internet Explorer HTML Layout and Positioning Remote Code Execution Vulnerability
19316	Microsoft Internet Explorer Chained Cascading Style Sheets Remote Code Execution Vulnerability
19319	Microsoft Winsock Gethostbyname Buffer Overflow Vulnerability
19339	Microsoft Internet Explorer Window Location Cross-Domain Information Disclosure Vulnerability
19340	Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
19375	Microsoft Windows User Profile Privilege Escalation Vulnerability
19384	Microsoft Windows Unhandled Exception Remote Code Execution Vulnerability
19388	Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
19389	Microsoft Windows Explorer Drag and Drop Remote Code Execution Vulnerability
19400	Microsoft Internet Explorer Source Element Cross-Domain Information Disclosure Vulnerability
19404	Microsoft Windows DNS Client Buffer Overrun Vulnerability
19405	Microsoft Hyperlink Object Library Function Remote Buffer Overflow Vulnerability
19409	Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
19417	Microsoft Management Console Zone Bypass Vulnerability
7539	Internet Explorer file:// Request Zone Bypass Vulnerability
18858	Microsoft IIS ASP Remote Code Execution Vulnerability
3116	Microsoft Internet Explorer Arbitrary HTML File Execution Vulnerability
6779	Microsoft Internet Explorer Dialog Box Cross-Domain Violation Vulnerability
17468	Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
6205	Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability
11515	Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow Vulnerability
5196	Microsoft Internet Explorer OBJECT Tag Same Origin Policy Violation Vulnerability
7419	Microsoft Internet Explorer Remote URLMON.DLL Buffer Overflow Vulnerability
6780	Microsoft Internet Explorer ShowHelp Arbitrary Command Execution Vulnerability
5963	Microsoft Internet Explorer Unauthorized Document Object Model Access Vulnerability
18923	Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability
18863	Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow Vulnerability
18891	Microsoft Windows Server Driver Remote Information Disclosure Vulnerability
9320	Microsoft Windows showHelp CHM File Execution Weakness
14480	Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
18116	PHP cURL Encoded NULL Character Safe_Mode Restriction Bypass Vulnerability
16803	PHP Error Message Cross-Site Scripting Vulnerability
18645	PHP Error_Log Safe_Mode Restriction-Bypass Vulnerability
17296	PHP Html_Entity_Decode() Information Disclosure Vulnerability
17439	PHP Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
16878	PHP Multiple Security Bypass Vulnerabilities
17843	PHP Multiple Unspecified Vulnerabilities
17362	PHP PHPInfo Large Input Cross-Site Scripting Vulnerability


Updated vulnerabilities

Symantec NetRecon 3.6 Security Update 30 (SU 30) detects and reports 193 updated vulnerabilities.
ID Vulnerability name 2206 PHP .htaccess Attribute Transfer Vulnerability 6557 PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability 16220 PHP 5 User-Supplied Session ID Input Validation Vulnerability 15177 PHP Apache 2 Local Denial of Service Vulnerability 15413 PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability 7256 PHP array_pad() Integer Overflow Memory Corruption Vulnerability 6875 PHP CGI SAPI Code Execution Vulnerability 15411 PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities 11557 PHP cURL Open_Basedir Restriction Bypass Vulnerability 8405 PHP DLOpen Memory Disclosure Vulnerability 7199 PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability 2205 PHP Engine Disable Source Viewing Vulnerability 1786 PHP Error Logging Format String Vulnerability 15250 PHP File Upload GLOBAL Variable Overwrite Vulnerability 5681 PHP Function CRLF Injection Vulnerability 12701 PHP Glob Function Local Information Disclosure Vulnerability 13164 PHP Group Exif Module IFD Nesting Denial Of Service Vulnerability 13163 PHP Group Exif Module IFD Tag Integer Overflow Vulnerability 15358 PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability 12962 PHP Group PHP Image File Format Remote Denial Of Service Vulnerability 13143 PHP Group PHP Multiple Unspecified Vulnerabilities 12963 PHP Group PHP Remote JPEG File Format Remote Denial Of Service Vulnerability 5669 PHP Header Function Script Injection Vulnerability 5278 PHP HTTP POST Incorrect MIME Header Parsing Vulnerability 4063 PHP Include File Relative Directory Information Disclosure Vulnerability 10427 PHP Input/Ouput Wrapper Remote Include Function Command Execution Weakness 5280 PHP Interpreter Direct Invocation Denial Of Service Vulnerability 11992 PHP JPEG Image Buffer Overflow Vulnerability 5562 PHP Mail Function ASCII Control Character Header Spoofing Vulnerability 15571 PHP MB_Send_Mail TO Argument Header Injection Vulnerability 10725 PHP memory_limit Remote Code Execution Vulnerability 10471 PHP Microsoft Windows Shell Escape Functions Command Execution Vulnerability 4325 PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability 11964 PHP Multiple Local And Remote Vulnerabilities 11981 PHP Multiple Remote Vulnerabilities 4026 PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability 16145 PHP MySQL_Connect Remote Buffer Overflow Vulnerability 16219 PHP MySQLI Error Logging Remote Format String Vulnerability 17688 PHP MySQLI Error Logging Remote Format String Vulnerability_copy 14957 PHP Open_BaseDir Security Restriction Bypass Vulnerability 7210 PHP openlog() Buffer Overflow Vulnerability 15249 PHP Parse_Str Register_Globals Activation Weakness 11334 PHP PHP_Variables Remote Memory Disclosure Vulnerability 7805 PHP PHPInfo Cross-Site Scripting Vulnerability 15248 PHP PHPInfo Cross-Site Scripting Vulnerability 15248 PHP PHPInfo Cross-Site Scripting Vulnerability 4606 PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability 4183 PHP Post File Upload Buffer Overflow Vulnerabilities 11190 PHP Remote Arbitrary Location File Upload Vulnerability 15119 PHP Safedir Restriction Bypass Vulnerabilities 2954 PHP SafeMode Arbitrary File Execution Vulnerability 14858 PHP Session Handling Local Session Hijacking Vulnerability 12045 PHP Shared Memory Module Offset Memory Corruption Vulnerability 7187 PHP socket_iovec_alloc() Integer Overflow Vulnerability 7197 PHP socket_recv() Signed Integer Memory Corruption Vulnerability 7198 PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability 7259 PHP STR_Repeat Boundary Condition Error Vulnerability 10724 PHP Strip_Tags() Function Bypass Vulnerability 7761 PHP Transparent Session ID Cross Site Scripting Vulnerability 8201 PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability 6488 PHP wordwrap() Heap Corruption Vulnerability 911 PHP3 'safe_mode' Failure Vulnerability 8693 PHP4 Base64_Encode() Integer Overflow Vulnerability 8696 PHP4 Multiple Vulnerabilities 12665 PHP4 Readfile Denial Of Service Vulnerability 3873 PHP4 Session Files Local Information Disclosure Vulnerability 14088 XML-RPC for PHP Remote Code Injection Vulnerability 10118 Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability 17453 Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability 17196 Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability 5561 Microsoft Internet Explorer Dialog Same Origin Policy Bypass Variant Vulnerability 17454 Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability 5559 Microsoft Internet Explorer Download Dialogue File Source Obfuscation Vulnerability 17455 Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability 5610 Microsoft Internet Explorer HTML Same Origin Policy Violation Vulnerability 5672 Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability 17450 Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability 14087 Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability 5558 Microsoft Internet Explorer Legacy Text Formatting ActiveX Component Buffer Overflow Vulnerability 6217 Microsoft Internet Explorer Object Tag Temporary Internet File Folder Vulnerability 17460 Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability 6216 Microsoft Internet Explorer PNG Buffer Overflow Vulnerability 6366 Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability 17457 Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability 17131 Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability 17181 Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability 5560 Microsoft Internet Explorer XML Redirect File Disclosure Vulnerability 10112 Microsoft Jet Database Engine Remote Code Execution Vulnerability 10113 Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability 8458 Microsoft RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption Vulnerability 8459 Microsoft RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability 10117 Microsoft Virtual DOS Machine Local Privilege Escalation Vulnerability 11378 Microsoft Window Management API Local Privilege Escalation Vulnerability 10114 Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability 2988 Microsoft Windows 2000 SMTP Improper Authentication Vulnerability 10123 Microsoft Windows COM Internet Service/RPC Over HTTP Remote Denial Of Service Vulnerability 8205 Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability 15064 Microsoft Windows Explorer Web View Script Injection Vulnerability 10111 Microsoft Windows H.323 Remote Buffer Overflow Vulnerability 10119 Microsoft Windows Help And Support Center URI Validation Code Execution Vulnerability 11365 Microsoft Windows Kernel Local Denial of Service Vulnerability 11369 Microsoft Windows Kernel Virtual DOS Machine Privilege Escalation Vulnerability 12481 Microsoft Windows License Logging Service Buffer Overflow Vulnerability 10122 Microsoft Windows Local Descriptor Table Local Privilege Escalation Vulnerability 10126 Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability 10108 Microsoft Windows LSASS Buffer Overrun Vulnerability 15070 Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability 15069 Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability 10121 Microsoft Windows Object Identity Network Communication Vulnerability 10116 Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability 8234 Microsoft Windows RPCSS DCOM Interface Denial of Service Vulnerability 8811 Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability 10127 Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability 7146 Microsoft Windows Script Engine JScript.DLL Heap Overflow Vulnerability 9510 Microsoft Windows Shell CLSID File Extension Misrepresentation Vulnerability 10115 Microsoft Windows SSL Library Denial of Service Vulnerability 10708 Microsoft Windows Task Scheduler Remote Buffer Overflow Vulnerability 10124 Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability 11763 Microsoft Windows WINS Association Context Data Remote Memory Corruption Vulnerability 11922 Microsoft Windows WINS Name Value Handling Remote Buffer Overflow Vulnerability 11375 Microsoft Windows WMF/EMF Image Format Rendering Remote Buffer Overflow Vulnerability 10120 Microsoft Windows WMF/EMF Image Formats Remote Buffer Overflow Vulnerability 9892 Microsoft Windows XP explorer.exe Remote Denial of Service Vulnerability 5557 Multiple Microsoft Internet Explorer Vulnerabilities 4930 Multiple Microsoft Product Gopher Client Buffer Overflow Vulnerability 9694 Windows NtSystemDebugControl() Kernel API Function Privilege Escalation 13767 GNU SHTool Insecure Temporary File Deletion Vulnerability 2206 PHP .htaccess Attribute Transfer Vulnerability 6557 PHP 4.0.3 IMAP Module Buffer Overflow Vulnerability 16220 PHP 5 User-Supplied Session ID Input Validation Vulnerability 15177 PHP Apache 2 Local Denial of Service Vulnerability 15413 PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability 7256 PHP array_pad() Integer Overflow Memory Corruption Vulnerability 6875 PHP CGI SAPI Code Execution Vulnerability 15411 PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities 11557 PHP cURL Open_Basedir Restriction Bypass Vulnerability 8405 PHP DLOpen Memory Disclosure Vulnerability 7199 PHP emalloc() Unspecified Integer Overflow Memory Corruption Vulnerability 2205 PHP Engine Disable Source Viewing Vulnerability 1786 PHP Error Logging Format String Vulnerability 15250 PHP File Upload GLOBAL Variable Overwrite Vulnerability 5681 PHP Function CRLF Injection Vulnerability 12701 PHP Glob Function Local Information Disclosure Vulnerability 13164 PHP Group Exif Module IFD Nesting Denial Of Service Vulnerability 13163 PHP Group Exif Module IFD Tag Integer Overflow Vulnerability 15358 PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability 12962 PHP Group PHP Image File Format Remote Denial Of Service Vulnerability 13143 PHP Group PHP Multiple Unspecified Vulnerabilities 12963 PHP Group PHP Remote JPEG File Format Remote Denial Of Service Vulnerability 5669 PHP Header Function Script Injection Vulnerability 5278 PHP HTTP POST Incorrect MIME Header Parsing Vulnerability 4063 PHP Include File Relative Directory Information Disclosure Vulnerability 10427 PHP Input/Ouput Wrapper Remote Include Function Command Execution Weakness 5280 PHP Interpreter Direct Invocation Denial Of Service Vulnerability 11992 PHP JPEG Image Buffer Overflow Vulnerability 5562 PHP Mail Function ASCII Control Character Header Spoofing Vulnerability 15571 PHP MB_Send_Mail TO Argument Header Injection Vulnerability 10725 PHP memory_limit Remote Code Execution Vulnerability 10471 PHP Microsoft Windows Shell Escape Functions Command Execution Vulnerability 4325 PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability 11964 PHP Multiple Local And Remote Vulnerabilities 11981 PHP Multiple Remote Vulnerabilities 4026 PHP MySQL Safe_Mode Filesystem Circumvention Vulnerability 16145 PHP MySQL_Connect Remote Buffer Overflow Vulnerability 16219 PHP MySQLI Error Logging Remote Format String Vulnerability 17688 PHP MySQLI Error Logging Remote Format String Vulnerability_copy 14957 PHP Open_BaseDir Security Restriction Bypass Vulnerability 7210 PHP openlog() Buffer Overflow Vulnerability 15249 PHP Parse_Str Register_Globals Activation Weakness 11334 PHP PHP_Variables Remote Memory Disclosure Vulnerability 7805 PHP PHPInfo Cross-Site Scripting Vulnerability 15248 PHP PHPInfo Cross-Site Scripting Vulnerability 4606 PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability 4183 PHP Post File Upload Buffer Overflow Vulnerabilities 11190 PHP Remote Arbitrary Location File Upload Vulnerability 15119 PHP Safedir Restriction Bypass Vulnerabilities 2954 PHP SafeMode Arbitrary File Execution Vulnerability 14858 PHP Session Handling Local Session Hijacking Vulnerability 12045 PHP Shared Memory Module Offset Memory Corruption Vulnerability 7187 PHP socket_iovec_alloc() Integer Overflow Vulnerability 7197 PHP socket_recv() Signed Integer Memory Corruption Vulnerability 7198 PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability 7259 PHP STR_Repeat Boundary Condition Error Vulnerability 10724 PHP Strip_Tags() Function Bypass Vulnerability 7761 PHP Transparent Session ID Cross Site Scripting Vulnerability 8201 PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability 6488 PHP wordwrap() Heap Corruption Vulnerability 911 PHP3 'safe_mode' Failure Vulnerability 8693 PHP4 Base64_Encode() Integer Overflow Vulnerability 8696 PHP4 Multiple Vulnerabilities 12665 PHP4 Readfile Denial Of Service Vulnerability 3873 PHP4 Session Files Local Information Disclosure Vulnerability 14088 XML-RPC for PHP Remote Code Injection Vulnerability

For vulnerability details, download the Security Update 30 Release Notes (PDF).


Initial Post on: Friday, 17-Nov-06 10:45:00
Last modified on: Friday, 17-Nov-06 10:49:50