SAINT® 7.1.1 Released

New features in version 7.1.1:

• SAINTexploit
• E-mail notification when a connection is established.
  • Find out instantly whenever a client exploit or exploit tool succeeds.
• New exploit tools (currently available on 64-bit Linux version only)
  • Automatic Drive-by Download exploit tool
  • Encoder/Decoder exploit tool

• SAINTmanager
• Search tickets by vulnerability text
• Option to specify ticket assignee from the scan page
  • Overrides ticket rules
  • Assigns all tickets resulting from a single scan to the designated assignee

• SAINTwriter
• Ability to delete custom reports through the GUI.
• Ability to create reports from datasets of sessions other than the current session.

New vulnerability checks in version 7.1.1:

• Mac OS X Security Update 2009-003.(CVE 2009-1726 CVE 2009-2193 and etc.)
• Sun Java Updates - Aug 2009. (CVE 2009-2625 CVE 2009-2675 and etc.)
• Multiple Vulnerabilities fixed in Safari 4.0.3. (CVE 2009-2196 CVE 2009-2200 and etc.)
• IBM WebSphere Application Server Stax XMLStreamWrite Security Bypass Vulnerability. (CVE 2009-0904)
• multiple vulnerabilities fixed in Wireshark 1.2.1.(CVE 2009-2559 CVE 2009-2560 and etc.)
• Linux Kernel SGI GRU Driver Off By One Vulnerability. (CVE 2009-2584)
• Linux Kernel ’tun_chr_pool()’ NULL Pointer Dereference Vulnerability. (CVE 2009-1897)
• Java Web Console 3.0.2 to 3.0.5 XSS Vulnerability (CVE 2009-2283)
• MyBB ’birthdayprivacy’ Parameter SQL Injection Vulnerability (CVE 2009-2230)
• MPlayer and VLC Player Real Data Transport Remote Integer Underflow Vulnerability. (BID35821)
• Oracle Secure Enterprise Search cross-site scripting vulnerability. (CVE 2009-1968)
• Multiple Vulnerabilities fixed in Firefox 3.5.2.(CVE 2009-2470 CVE 2009-2654 and etc.)
• Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability. (BID35840)
• Asterisk RTP Text Frames Processing Remote Denial of Service Vulnerability. (CVE 2009-2725)
• Adobe Shockwave Player Active Template Library Remote Code Execution Vulnerability. (BID35845)
• multiple vulnerabilities in Google Chrome 2.0.172.37. (BID35839 BID35841)
• XM Easy Personal FTP Server Denial of Service Vulnerabilities version 5.7.0 (SA35271)
• Apple Safari Error Page Address Bar URI Spoofing Vulnerability. (BID35829)
• Linux Kernel eCryptfs ’parse_tag_11()’ Remote Stack Buffer Overflow Vulnerability. (CVE 2009-2406)
• Mozilla Firefox and Seamonkey Regular Expression Parsing Heap Buffer Overflow Vulnerability.(CVE 2009-2404)
• PHP Interruptions and Calltime Arbitrary Code Execution Vulnerability. (BID35867)
• Linux Kernel ’clear_child_tid()’ Local Denial of Service Vulnerability. (CVE 2009-2848)
• Oracle Secure Backup Administration Server Authentication Bypass. (CVE 2009-1977)
• Asterisk SIP Channel Driver "scanf" Multiple Remote Denial of Service Vulnerabilities. (CVE 2009-2726)
• Python Expat Wrapper Library Unspecified XML Parsing Remote Denial of Service Vulnerability.(BID35988)
• Cisco ASA Cross Site Scripting Vulnerabilities (CVE 2009-1201, CVE 2009-1202, CVE 2009-1203)
• multiple vulnerabilities in PHP 5.3.0.(BID36007 and BID36009)
• Invision Power Board Multiple HTML-Injection and Information Disclosure Vulnerabilities (BID34725)
• Cisco ASA XSS attack vectors (CVE 2009-1201 CVE 2009-1202 CVE 2009-1203)
• Oracle Secure Backup Administration Server Command Injection. (CVE 2009-1978)

New exploits in this version:

• Windows ATL object type mismatch vulnerability exploit. (CVE 2009-2494)
• Microsoft Office Web Components OWC.Spreadsheet ActiveX control BorderAround heap corruption exploit. (CVE 2009-2496)
• Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow exploit. (CVE 2009-1534)
• Adobe Flash Player command execution exploit. (CVE 2009-1862)