Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 12, 2007

by Marianna Schmudlach / December 12, 2007 12:22 AM PST

Apache mod_imap Module Cross-Site Scripting Vulnerability

Secunia Advisory: SA28073
Release Date: 2007-12-12


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Workaround


Software: Apache 1.3.x

Description:
A vulnerability has been reported in the mod_imap module for Apache, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "mod_imap" is enabled and a mapfile is publicly accessible.

The vulnerability is reported in versions 1.3.39, 1.3.37, 1.3.36, 1.3.35, 1.3.34, 1.3.33, 1.3.32, 1.3.31, 1.3.29, 1.3.28, 1.3.27, 1.3.26, 1.3.24, 1.3.22, 1.3.20, 1.3.19, 1.3.17, 1.3.14, 1.3.12, 1.3.11, 1.3.9, 1.3.6, 1.3.4, 1.3.3, 1.3.2, 1.3.1, and 1.3.0.

Solution:
Fixed in the development version 1.3.40-dev.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://httpd.apache.org/security/vulnerabilities_13.html

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 12, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 12, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Linux Kernel "mmap_min_addr" Security Bypass
by Marianna Schmudlach / December 12, 2007 12:23 AM PST

Secunia Advisory: SA28070
Release Date: 2007-12-12


Critical:
Not critical
Impact: Security Bypass

Where: Local system

Solution Status: Vendor Workaround


OS: Linux Kernel 2.6.x

Description:
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions.

The security issue is caused due to the improper enforcing of the "mmap_min_addr" limit. This can be exploited to allocate pages lower than "mmap_min_addr" by expanding the stack or via "do_brk()" in specially crafted binaries.

The security issue affects all 2.6.23 versions.

Solution:
Fixed in version 2.6.24-rc5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.24-rc5

Collapse -
Rainboard Unspecified Cross-Site Scripting
by Marianna Schmudlach / December 12, 2007 12:25 AM PST

Secunia Advisory: SA28069
Release Date: 2007-12-12


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Rainboard 1.x
Rainboard 2.x

Description:
A vulnerability has been reported in Rainboard, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in all versions before 2.10.

Solution:
Update to version 2.10.

Provided and/or discovered by:
Reported in a JVN advisory.

Original Advisory:
Rainboard:
http://udon.be/xss.uhtml

JVN#23120863:
http://jvn.jp/jp/JVN%2323120863/index.html

Collapse -
Sun Solaris update for Adobe Flash Player
by Marianna Schmudlach / December 12, 2007 12:26 AM PST

Secunia Advisory: SA28068
Release Date: 2007-12-12


Critical:
Highly critical
Impact: Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Sun Solaris 10

Description:
Sun has issued an update for Adobe Flash Player. This fixes some vulnerabilities, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.

For more information:
SA26027

The vulnerability reportedly affects Sun Solaris 10 on both the SPARC and x86 platforms.

Solution:
Apply patches.

-- SPARC Platform --
Apply patch 125332-02 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125332-02-1

-- x86 Platform --
Apply patch 125333-02 or later.
http://sunsolve.sun.com/search/docume...setkey=urn:cds:docid:1-21-125333-02-1

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103167-1

Other References:
SA26027:
http://secunia.com/advisories/26027/

Collapse -
Mandriva update for samba
by Marianna Schmudlach / December 12, 2007 12:28 AM PST

Secunia Advisory: SA28067
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: Mandriva Linux 2007

Description:
Mandriva has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27760

Solution:
Apply updated packages.

Original Advisory:
http://www.mandriva.com/en/security/advisories?name=MDKSA-2007:244

Other References:
SA27760:
http://secunia.com/advisories/27760/

Collapse -
ViArt CMS/HelpDesk/Shop "root_folder_path" File Inclusion
by Marianna Schmudlach / December 12, 2007 12:29 AM PST

Secunia Advisory: SA28066
Release Date: 2007-12-12


Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: ViArt CMS 3.x
ViArt HelpDesk 3.x
ViArt Shop 3.x
ViArt Shop Free 3.x

Description:
RoMaNcYxHaCkEr has discovered a vulnerability in various ViArt products, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.

Input passed to the "root_folder_path" parameter in blocks/block_site_map.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is confirmed in ViArt CMS 3.3.2, ViArt HelpDesk 3.3.2, ViArt Shop Evaluation 3.3.2, and ViArt Shop Free 3.3.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
RoMaNcYxHaCkEr

Original Advisory:
http://milw0rm.com/exploits/4722

Collapse -
MySQL Security Issue and Two Vulnerabilities
by Marianna Schmudlach / December 12, 2007 12:30 AM PST

Secunia Advisory: SA28063
Release Date: 2007-12-12


Critical:
Less critical
Impact: Manipulation of data
Privilege escalation
DoS

Where: From remote

Solution Status: Vendor Patch


Software: MySQL 5.x

Description:
A security issue and two vulnerabilities have been reported in MySQL, which can be exploited by malicious users to gain escalated privileges, manipulate certain data, or to cause a DoS (Denial of Service).

1) A security issue exists due to the command "ALTER VIEW" retaining the original "DEFINER" value, which may allow another user to gain the access rights of the view.

2) An error in the FEDERATED engine when handling responses of remote servers can be exploited to crash the local server when the response contains fewer columns than expected.

3) An error when renaming a table can be exploited by malicious users to manipulate certain data.

For more information:
SA27981

The security issue and vulnerabilities have been reported in MySQL Enterprise prior to version 5.0.52 [MRU].

Solution:
Update to MySQL Enterprise version 5.0.52 [MRU].

Provided and/or discovered by:
1) Martin Friebe
2) Philip Stoev
3) Reported by the vendor.

Original Advisory:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-52.html

Other References:
SA27981:
http://secunia.com/advisories/27981/

Collapse -
Debian update for htdig
by Marianna Schmudlach / December 12, 2007 12:32 AM PST

Secunia Advisory: SA28062
Release Date: 2007-12-12


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Secunia Advisory: SA28062
Release Date: 2007-12-12


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid





CVE reference: CVE-2007-6110 (Secunia mirror)



Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS!



Description:
Debian has issued an update for htdig. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

For more information:
SA14255

Solution:
Apply updated packages.



Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00210.html

Other References:
SA14255:
http://secunia.com/advisories/14255/

Collapse -
Debian update for libnss-ldap
by Marianna Schmudlach / December 12, 2007 12:33 AM PST

Secunia Advisory: SA28061
Release Date: 2007-12-12


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for nss-ldap. This fixes a security issue, which can be exploited by malicious persons to manipulate certain data.

For more information:
SA27670

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00211.html

Other References:
SA27670:
http://secunia.com/advisories/27670/

Collapse -
Debian update for ruby-gnome2
by Marianna Schmudlach / December 12, 2007 12:35 AM PST

Secunia Advisory: SA28060
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for ruby-gnome2. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

For more information:
SA27825

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00212.html

Other References:
SA27825:
http://secunia.com/advisories/27825/

Collapse -
Avaya CMS / IR Solaris Remote Procedure Call Module Denial o
by Marianna Schmudlach / December 12, 2007 12:36 AM PST

Avaya CMS / IR Solaris Remote Procedure Call Module Denial of Service

Secunia Advisory: SA28057
Release Date: 2007-12-12


Critical:
Not critical
Impact: DoS

Where: Local system

Solution Status: Partial Fix


OS: Avaya Call Management System (CMS)



Software: Avaya Interactive Response 1.x

Description:
Avaya has acknowledged a vulnerability in Avaya CMS / IR, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

For more information:
SA27831

The vulnerability affects the following versions:
* Avaya CMS (R12, R13/R13.1, R14)
* Avaya IR (1.3, 2.0, 3.0)

Solution:
Avaya CMS:
Patches are currently being tested by the vendor.

Avaya IR 1.3 and 2.0 on Solaris 8:
Install Sun patch 116959-20.

Avaya IR 2.0 and 3.0 on Solaris 10:
Install Sun patch 127739-01.

Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2007-508.htm

Other References:
SA27831:
http://secunia.com/advisories/27831/

Collapse -
Red Hat update for java-1.4.2-bea
by Marianna Schmudlach / December 12, 2007 12:37 AM PST

Secunia Advisory: SA28056
Release Date: 2007-12-12


Critical:
Highly critical
Impact: System access
DoS

Where: From remote

Solution Status: Vendor Patch


Software: Red Hat Enterprise Linux Extras v. 4

Description:
Red Hat has issued an update for java-1.4.2-bea. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a user's system.

For more information:
SA25295
SA26015
SA26402

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2007-1086.html

Other References:
SA25295:
http://secunia.com/advisories/25295/

SA26015:
http://secunia.com/advisories/26015/

SA26402:
http://secunia.com/advisories/26402/

Collapse -
HP Info Center HPInfo Class ActiveX Control Insecure Methods
by Marianna Schmudlach / December 12, 2007 12:39 AM PST

Secunia Advisory: SA28055
Release Date: 2007-12-12


Critical:
Highly critical
Impact: Manipulation of data
Exposure of system information
System access

Where: From remote

Solution Status: Unpatched


Software: HP Info Center 1.x

Description:
porkythepig has reported some vulnerabilities in HP Info Center, which can be exploited by malicious people to gain knowledge of certain system information, manipulate registry data, and to compromise a user's system.

1) The HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll) includes the insecure "LaunchApp()" method, which can be exploited to execute arbitrary commands on a vulnerable system.

2) The HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll) includes the insecure "GetRegValue()" and "SetRegValue()" insecure methods, which can be exploited to read registry information or to write to the registry.

The vulnerabilities are reported in version 1.0.1.1 included in various HP notebooks. Other versions may also be affected.

Solution:
Set the kill-bit for the affected ActiveX control.

Provided and/or discovered by:
porkythepig

Original Advisory:
http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

Collapse -
Mcms Easy Web Make "template" Local File Inclusion
by Marianna Schmudlach / December 12, 2007 12:40 AM PST

Secunia Advisory: SA28053
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Mcms Easy Web Make 1.x

Description:
MhZ91 has discovered a vulnerability in Mcms Easy Web Make, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "template" parameter in modules/cms/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources using directory traversal attacks and URL-encoded NULL bytes.

Successful exploitation requires that "register_globals" is enabled and that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
MhZ91

Original Advisory:
http://milw0rm.com/exploits/4719

Collapse -
Apache mod_imagemap Module Cross-Site Scripting Vulnerabilit
by Marianna Schmudlach / December 12, 2007 12:41 AM PST

Secunia Advisory: SA28046
Release Date: 2007-12-12


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Workaround


Software: Apache 2.2.x


Description:
A vulnerability has been reported in the mod_imagemap module for Apache, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that "mod_imagemap" is enabled and a mapfile is publicly accessible.

The vulnerability is reported in versions 2.2.6, 2.2.5, 2.2.4, 2.2.3, 2.2.2, and 2.2.0.

Solution:
Fixed in the development version 2.2.7-dev.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://httpd.apache.org/security/vulnerabilities_22.html

Collapse -
IBM AIX Multiple Unspecified Vulnerabilities
by Marianna Schmudlach / December 12, 2007 12:42 AM PST

Secunia Advisory: SA28044
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


OS: AIX 5.x

Description:
Multiple vulnerabilities have been reported in IBM AIX, which have unknown impacts.

The vulnerabilities are caused due to unspecified errors in various components. No further information is available.

Solution:
Apply APARs (see vendor's advisories for more information).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www-1.ibm.com/support/docview.wss?uid=isg1IY96095
http://www-1.ibm.com/support/docview.wss?uid=isg1IY97257
http://www-1.ibm.com/support/docview.wss?uid=isg1IY98331
http://www-1.ibm.com/support/docview.wss?uid=isg1IY98340
http://www-1.ibm.com/support/docview.wss?uid=isg1IY99537
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ02810
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ03269
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ04704
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ05851
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ06001
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ06022
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ06260
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ06261
http://www-912.ibm.com/eserver/suppor...pseriesfixpackdetails/5300-07-00-0747

Collapse -
Trend Micro Products UUE File Parsing Buffer Overflow
by Marianna Schmudlach / December 12, 2007 12:43 AM PST

ecunia Advisory: SA28038
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Trend Micro AntiVirus plus AntiSpyware 2008
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008



Description:
Sowhat has reported a vulnerability in some Trend Micro products, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within PccScan.dll when decoding UUE files and can be exploited to cause a buffer overflow via a specially crafted UUE file.

NOTE: The vendor's advisory states that the vulnerability is caused due to a format-string error when handling certain fields of a UUE file during decoding. It is not clear if this is a separate vulnerability.

The vulnerability affects English versions of the following products:
* Trend Micro Internet Security Pro
* Trend Micro Internet Security/Virus Buster 2008
* Trend Micro Antivirus plus AntiSpyware 2008

Solution:
Apply patch.
http://solutionfile.trendmicro.com/so.../tis_160_win_en_patch_pccscan1451.exe

Provided and/or discovered by:
Sowhat, Nevis Labs

Original Advisory:
Trend Micro:
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464

Sowhat:
http://secway.org/advisory/AD20071211.txt

Collapse -
rPath update for e2fsprogs
by Marianna Schmudlach / December 12, 2007 12:45 AM PST

Secunia Advisory: SA28030
Release Date: 2007-12-12


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: rPath Linux 1.x

Description:
rPath has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.

For more information:
SA27889

Solution:
Update to:
e2fsprogs=conary.rpath.com@rpl:1/1.37-3.3-1

Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0262

Other References:
SA27889:
http://secunia.com/advisories/27889/

Collapse -
aurora framework "pack_var()" SQL Injection Vulnerability
by Marianna Schmudlach / December 12, 2007 12:46 AM PST

Secunia Advisory: SA28014
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: aurora framework


Description:
A vulnerability has been reported in aurora framework, which can be exploited by malicious people to conduct SQL injection attacks against applications using the framework.

Input passed via the "value" parameter to the "pack_var()" function in module/db.lib/db_mysql.lib is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions prior to 20071208.

Solution:
Update to version 20071208.
http://sourceforge.net/project/showfi...ckage_id=242238&release_id=560073

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=560073

Collapse -
SUSE update for samba
by Marianna Schmudlach / December 12, 2007 12:48 AM PST

Secunia Advisory: SA28003
Release Date: 2007-12-12


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux 10
SUSE Linux 10.1
SuSE Linux Desktop 1.x
SUSE Linux Enterprise Server 10
SuSE Linux Enterprise Server 8
SUSE Linux Enterprise Server 9
SuSE Linux Openexchange Server 4.x
SuSE Linux Standard Server 8
UnitedLinux 1.0



Software: Novell Open Enterprise Server

Description:
SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27760

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00006.html

Other References:
SA27760:
http://secunia.com/advisories/27760/

Collapse -
Symantec Mail Security Lotus 1-2-3 File Viewer Buffer Overfl
by Marianna Schmudlach / December 12, 2007 12:49 AM PST

Secunia Advisory: SA27871
Release Date: 2007-12-12


Critical:
Highly critical
Impact: DoS
System access

Where: From remote

Solution Status: Unpatched


OS: Symantec Mail Security Appliance 5.0.x



Software: Symantec Mail Security for Domino 7.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Mail Security for SMTP 4.x
Symantec Mail Security for SMTP 5.x



Description:
Some vulnerabilities have been reported in Symantec Mail Security, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to various errors within the third-party Lotus 1-2-3 file viewer and can be exploited to cause buffer overflows when a specially crafted file is checked.

For more information:
SA27849

Successful exploitation allows execution of arbitrary code, but requires that e.g. a policy is setup for scanning the contents of messages.

The vulnerabilities are confirmed in Symantec Mail Security for SMTP version 5.0.1 with Patch 187. Other versions may also be affected.

Solution:
Disable scanning of message content if enabled.

Provided and/or discovered by:
Originally reported in IBM Lotus Notes by Sebasti

Collapse -
Vulnerability in SMBv2 Allows Code Execution (MS07-063)
by Marianna Schmudlach / December 12, 2007 12:50 AM PST
Collapse -
Cumulative Security Update for Internet Explorer (MS07-069)
by Marianna Schmudlach / December 12, 2007 12:52 AM PST

Summary
This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx

http://www.securiteam.com/windowsntfocus/6V00B0KKKU.html

Collapse -
Vulnerabilities in DirectX Allows Code Execution (MS07-064)
by Marianna Schmudlach / December 12, 2007 12:53 AM PST

Summary
This critical security update resolves two privately reported vulnerabilities in Microsoft DirectX. These vulnerabilities could allow code execution if a user opened a specially crafted file used for streaming media in DirectX.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Credit:
The information has been provided by Microsoft Security Bulletin MS07-064.
The original article can be found at:
http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

http://www.securiteam.com/windowsntfocus/6Z00F0KKKE.html

Collapse -
MS Office 2007 Digital Signature does not Protect Meta-Data
by Marianna Schmudlach / December 12, 2007 12:54 AM PST

Summary
MS Office 2007 does not protect/sign the content of the data found in the core.xml file which is part of the data saved whenever MS Office 2007 is asked to save data in OOXML format, this allows attakers to spoof the data found in it - creator name, last modified date, etc - without invalidating the signature of the file.

Credit:
The information has been provided by Henrich C. Poehls.

http://www.securiteam.com/windowsntfocus/6V00A0KKLE.html

Collapse -
Vulnerability in Macrovision Driver Allows Local Elevation o
by Marianna Schmudlach / December 12, 2007 12:56 AM PST

Vulnerability in Macrovision Driver Allows Local Elevation of Privilege (MS07-067)

Summary
This important security update resolves one publicly disclosed vulnerability. A local elevation of privilege vulnerability exists in the way that the Macrovision driver incorrectly handles configuration parameters.

A local attacker who successfully exploited this vulnerability could take control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

Credit:
The information has been provided by Microsoft Security Bulletin MS07-067.
The original article can be found at:
http://www.microsoft.com/technet/security/bulletin/ms07-067.mspx

http://www.securiteam.com/windowsntfocus/6X00D0KKKM.html

Collapse -
Vulnerability in Windows Media File Format Allows Code Execu
by Marianna Schmudlach / December 12, 2007 12:57 AM PST

Vulnerability in Windows Media File Format Allows Code Execution (MS07-068)

Summary
This critical security update resolves a privately reported vulnerability in Windows Media File Format.

This vulnerability could allow remote code execution if a user viewed a specially crafted file in Windows Media Format Runtime. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Credit:
The information has been provided by Microsoft Security Bulletin MS07-068.
The original article can be found at:
http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx

http://www.securiteam.com/windowsntfocus/6W00C0KKKI.html

Collapse -
Security update from Trend Micro
by Marianna Schmudlach / December 12, 2007 1:01 AM PST

Antivirus software manufacturer Trend Micro has published an update (exe. file) for its scan engine (PccScan.dll) which closes a security hole in some of its products. A memory error can cause the scanner to crash when scanning specially crafted ZIP or UUE format files. The person who reported the hole believes, however, that these files could also write and execute malicious code in memory.

Only the English language versions of Trend Micro AntiVirus and AntiSpyware 2008, Trend Micro Internet Security 2008 and Trend Micro Internet Security Pro 2008 are affected. According to Trend Micro, the vulnerability does not exist in PC-cillin Internet Security 14.x and 15.x or in Trend Micro AntiVirus 15.x.

More: http://www.heise-security.co.uk/news/100457

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!