Description

Download Security Update 29 Release Notes (PDF)

Use the LiveUpdate feature of Symantec NetRecon 3.6 to download the security update.

Symantec NetRecon 3.6 Security Update 29 (SU 29) detects and reports 121 new vulnerabilities.

New vulnerabilities

ID	Vulnerability name
15332	Macromedia Flash Array Index Memory Access Vulnerability
17106	Macromedia Flash Multiple Unspecified Security Vulnerabilities
4849	Microsoft Active Data Objects Buffer Overflow Vulnerability
5372	Microsoft Data Access Components Buffer Overflow Vulnerability
8455	Microsoft Data Access Components ODBC Buffer Overflow Vulnerability
18303	Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
17908	Microsoft Exchange Server Calendar Remote Code Execution Vulnerability
1869	Microsoft Exchange Server Invalid MIME Header charset = "" DoS Vulnerability
18381	Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability
1476	Microsoft IIS 3.0 .htr Missing Variable Denial of Service Vulnerability
1488	Microsoft IIS 4.0/5.0 Source Fragment Disclosure Vulnerability
3193	Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability
2717	Microsoft IIS FTP Denial of Service Vulnerability
4486	Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
4479	Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability
2440	Microsoft IIS Multiple Invalid URL Request DoS Vulnerability
6069	Microsoft IIS Out Of Process Privilege Escalation Vulnerability
3190	Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability
2453	Microsoft IIS WebDAV Denial of Service Vulnerability
12427	Microsoft Internet Explorer AddChannel Cross-Zone Scripting Vulnerability
17404	Microsoft Internet Explorer Address Bar Spoofing Vulnerability
4411	Microsoft Internet Explorer Cascading Style Sheet File Disclosure Vulnerability
17453	Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
18328	Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability Variant
13117	Microsoft Internet Explorer Content Advisor File Handling Buffer Overflow Vulnerability
4085	Microsoft Internet Explorer Content-Type Field Arbitrary File Execution Vulnerability
17196	Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability
15660	Microsoft Internet Explorer CSS Import Cross-Domain Restriction Bypass Vulnerability
12475	Microsoft Internet Explorer DHTML Method Buffer Overflow Vulnerability
13120	Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability
5561	Microsoft Internet Explorer Dialog Same Origin Policy Bypass Variant Vulnerability
4527	Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability
6306	Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability
17454	Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability
5559	Microsoft Internet Explorer Download Dialogue File Source Obfuscation Vulnerability
6749	Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability
17455	Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability
3767	Microsoft Internet Explorer GetObject File Disclosure Vulnerability
18309	Microsoft Internet Explorer HTML Decoding Remote Code Execution Vulnerability
4080	Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vulnerability
5610	Microsoft Internet Explorer HTML Same Origin Policy Violation Vulnerability
5672	Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability
17450	Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability
5558	Microsoft Internet Explorer Legacy Text Formatting ActiveX Component Buffer Overflow Vulnerability
13123	Microsoft Internet Explorer Malformed URI Buffer Overflow Vulnerability
18320	Microsoft Internet Explorer Multipart HTML File Handling Remote Code Execution Vulnerability
6217	Microsoft Internet Explorer Object Tag Temporary Internet File Folder Vulnerability
18321	Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability
17460	Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability
6216	Microsoft Internet Explorer PNG Buffer Overflow Vulnerability
6366	Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability
17457	Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability
3693	Microsoft Internet Explorer Remote File Viewing Vulnerability
17131	Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability
6961	Microsoft Internet Explorer Self Executing HTML File Vulnerability
3597	Microsoft Internet Explorer Spoofable File Extensions Vulnerability
12477	Microsoft Internet Explorer Unspecified ActiveX Image Control Vulnerability
17820	Microsoft Internet Explorer Unspecified OBJECT Tag Memory Corruption Variant Vulnerability
17181	Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability
12473	Microsoft Internet Explorer URI Decoding Vulnerability
11466	Microsoft Internet Explorer Valid File Drag and Drop Embedded Code Vulnerability
16516	Microsoft Internet Explorer WMF Image Parsing Memory Corruption Vulnerability
5560	Microsoft Internet Explorer XML Redirect File Disclosure Vulnerability
654	Microsoft JET/ODBC Patch and RDS Fix Registry Key Vulnerabilities
18359	Microsoft JScript Memory Corruption Vulnerability
9407	Microsoft MDAC Function Broadcast Response Buffer Overrun Vulnerability
17462	Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability
17459	Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability
18357	Microsoft SMB Driver Local Denial Of Service Vulnerability
8016	Microsoft Windows HTML Converter HR Align Buffer Overflow Vulnerability
18394	Microsoft Windows Malformed ART Image Remote Code Execution Vulnerability
8035	Microsoft Windows Media Services NSIISlog.DLL Remote Buffer Overflow Vulnerability
17905	Microsoft Windows MSDTC Heap Buffer Overflow Vulnerability
17906	Microsoft Windows MSDTC Invalid Memory Access Denial Of Service Vulnerability
18358	Microsoft Windows Routing and Remote Access RASMAN Registry Remote Code Execution Vulnerability
18325	Microsoft Windows Routing and Remote Access Remote Code Execution Vulnerability
18389	Microsoft Windows RPC Mutual Authentication Service Spoofing Vulnerability
7146	Microsoft Windows Script Engine JScript.DLL Heap Overflow Vulnerability
17464	Microsoft Windows Shell COM Object Remote Code Execution Vulnerability
18356	Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability
4205	Microsoft Windows SMTP Service Authorization Bypass Vulnerability
18374	Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Vulnerability
10363	Microsoft Windows XP Self-Executing Folder Vulnerability
10517	Multiple Browser URI Obfuscation Weakness
6068	Multiple Microsoft IIS Vulnerabilities
5557	Multiple Microsoft Internet Explorer Vulnerabilities
4930	Multiple Microsoft Product Gopher Client Buffer Overflow Vulnerability
9587	Multiple Oracle Database Parameter/Statement Buffer Overflow Vulnerabilities
8375	Multiple Oracle XDB FTP / HTTP Services Buffer Overflow Vulnerabilities
307	NT IIS4 Buffer Overflow Vulnerability
11091	Oracle 10g Database DBMS_SCHEDULER Remote Command Execution Vulnerability
13236	Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability
13509	Oracle 10g DBMS_Scheduler Privilege Escalation Vulnerability
4523	Oracle 9i ANSI Outer Join Access Control Bypass Vulnerability
9703	Oracle 9i Application/Database Server SOAP XML DTD Denial Of Service Vulnerability
6085	Oracle 9i Database Server iSQL Plus Malformed USERID Buffer Overflow Vulnerability
4391	Oracle 9i TNS Denial of Service Vulnerability
13510	Oracle 9i/10g Database Fine Grained Audit Logging Failure Vulnerability
13238	Oracle 9i/10g Database OBJECT_TYPE Remote SQL Injection Vulnerability
4034	Oracle 9IAS OracleJSP Information Disclosure Vulnerability
10656	Oracle Database 10g Installer Insecure Temporary File Creation Vulnerability
11120	Oracle Database 9i SQL Command Buffer Overflow Vulnerability
17426	Oracle Database Access Restriction Bypass Vulnerability
13145	Oracle Database MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
12296	Oracle Database Multiple Unspecified Vulnerabilities
13235	Oracle Database Server ALTER_MANUALLOG_CHANGE_SOURCE SQL Injection Vulnerability
13234	Oracle Database Server CREATE_SCN_CHANGE_SET Standard Procedure SQL Injection Vulnerability
13239	Oracle Database Server InterMedia Denial of Service Vulnerability
8844	Oracle Database Server Oracle Binary Local Buffer Overflow Vulnerability
8845	Oracle Database Server OracleO Binary Local Buffer Overflow Vulnerability
16294	Oracle Database SYS.KUPV$FT Multiple SQL Injection Vulnerabilities
3138	Oracle DBSNMP Oracle Home Environment Variable Buffer Overflow
15032	Oracle iSQL*Plus TLS Listener Remote Denial Of Service Vulnerability
15030	Oracle iSQLPlus Cross-Site Scripting Vulnerability
16287	Oracle January Security Update Multiple Vulnerabilities
6414	Oracle Startup Script LD_LIBRARY_PATH Vulnerability
4845	Oracle TNSListener SERVICE_NAME Remote Buffer Overflow Vulnerability
15034	Oracle XML DB Cross-Site Scripting Vulnerability
14281	Oracle9i 9.0.1.5 FIPS Single Sign-On Server Unspecified Cross-Site Scripting Vulnerability
9705	Oracle9i Database Server Unspecified Security Vulnerabilities
7395	Oracle9iAS Web Cache Administration Interface Plaintext Password Vulnerability

For vulnerability details, download the Security Update 29 Release Notes (PDF).