[ACSA-2012-12] - HP WJA Multiple XSS vulnerabilities

First, I would like to thank HP SSRT security team for great communication and cooperation on the report.

Other advisory numbers: HPSBPI02779 SSRT100855, CVE-2012-2011

HP WJA
- uses non-secure transport protocol (read MITM)
- does not implement or at least verify secure-hashing i.e. authenticated&authorized origins of the DOWNLOADED files
- has several XSS vulnerabilities (perhaps many more to be discovered)

Read more! »

[ACSA-2012-05] - MSOffice EPS Stack based overflow crash

For a specially crafted EPS file, inserting it as a picture in one of the mentioned applications will result in a stack based overflow in the EPSIMP32.FLT
EPSIMP32.FLT is a graphical filter used to process cetain embedded file-types into MSOffice documents.
Specifically, EPSIMP32.FLT will process EPS (Encapsulated PostScript) files.

MS confirmed crash, but marked as NOT exploitable.

Other advisory numbers: MS-12305cw

More details here.

[ACSA-2012-11] - HP SmartInstall updates non-secure-verified and non-origin-verified are enabled by default for non-privileged users

NOTE: this was a valid security advisory when discovered, but because of bad timing for reporting, the issue is confirmed as fixed by side-effect of firmwares signature verification patch by HP during Nov 2011.

More details here