Mitja Kolsek

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.20 Thunderbird versions prior to 3.1.12 **Description** The issue allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running process. This is due to an untrusted search path vulnerability in the ThinkPadSensor::Startup function. **Recommendations** For Mozilla Firefox versions prior to 3.6.20, update to version 3.6.20 or later. For Thunderbird versions prior to 3.1.12, update to version 3.1.12 or later.

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.

**Name of the Vulnerable Software and Affected Versions** VMware Tools in VMware Workstation versions 6.5.x through 6.5.3 VMware Player versions 2.5.x through 2.5.3 VMware ACE versions 2.5.x through 2.5.3 VMware Server versions 2.x through 2.0.1 VMware Fusion versions 2.x through 2.0.5 VMware ESXi versions 3.5 and 4.0 VMware ESX versions 2.5.5, 3.0.3, 3.5, and 4.0 **Description** The issue might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk, due to improper loading of VMware programs. **Recommendations** For VMware Workstation versions 6.5.x through 6.5.3, update to version 6.5.4 build 246459 or later. For VMware Player versions 2.5.x through 2.5.3, update to version 2.5.4 build 246459 or later. For VMware ACE versions 2.5.x through 2.5.3, update to version 2.5.4 build 246459 or later. For VMware Server versions 2.x through 2.0.1, update to version 2.0.2 build 203138 or later. For VMware Fusion versions 2.x through 2.0.5, update to version 2.0.6 build 246742 or later. For VMware ESXi versions 3.5 and 4.0, and VMware ESX versions 2.5.5, 3.0.3, 3.5, and 4.0, update to a version that properly loads VMware programs.

**Name of the Vulnerable Software and Affected Versions** BEA WebLogic Server and Express versions 7.0 through Service Pack 6 BEA WebLogic Server and Express versions 8.1 through Service Pack 4 **Description** The issue allows remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges. This can be achieved via the `j username` or `j password` parameters in the login page (LoginForm.jsp), parameters to the error page in the Administration Console, unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or an alternate vector in the Server Console that does not require an active session but also leaks the username and password. **Recommendations** For BEA WebLogic Server and Express versions 7.0 through Service Pack 6, update to a version later than Service Pack 6 to resolve the issue. For BEA WebLogic Server and Express versions 8.1 through Service Pack 4, update to a version later than Service Pack 4 to resolve the issue. As a temporary workaround, consider restricting access to the login page (LoginForm.jsp) and the Administration Console to minimize the risk of exploitation. Avoid using the `j username` and `j password` parameters in the login page until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Internet Explorer versions 5.01, 5.5, and 6 Description: The issue allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. This occurs because the browser does not properly cache SSL content. Recommendations: For Internet Explorer versions 5.01, 5.5, and 6, consider disabling SSL caching as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.