---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: nProtect Netizen Arbitrary File Placement Vulnerability SECUNIA ADVISORY ID: SA15101 VERIFY ADVISORY: http://secunia.com/advisories/15101/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: nProtect Netizen http://secunia.com/product/4975/ DESCRIPTION: Keigo Yamazaki has reported a vulnerability in nProtect Netizen, which can be exploited by malicious people to place arbitrary files on a vulnerable system. The vulnerability is caused due to an error, which allows any web site to use the nProtect Netizen ActiveX control to place arbitrary code in any location on the vulnerable system. The vulnerability has been reported in version 2005.3.17.1. Other versions may also be affected. SOLUTION: The vulnerability has been fixed in nProtect Netizen ActiveX control version 2005.4.20.1, which is available from the vendor web site. PROVIDED AND/OR DISCOVERED BY: Keigo Yamazaki, SNS. ORIGINAL ADVISORY: http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/80_e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------