TITLE:
Symantec Norton SystemWorks Protected Recycle Bin Weakness
SECUNIA ADVISORY ID:
SA18402
VERIFY ADVISORY:
http://secunia.com/advisories/18402/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
Local system
SOFTWARE:
Symantec Norton SystemWorks 2005
http://secunia.com/product/4847/
Symantec Norton SystemWorks 2006
http://secunia.com/product/6636/
DESCRIPTION:
A weakness has been reported in Norton SystemWorks, which can be
exploited by malicious, local users, or by malware, to bypass certain
security restrictions.
The weakness is caused due to a design error in SystemWorks in which
files within the NProtect directory of the Norton Protected Recycle
Bin are hidden from the "FindFirst/FindNext" Windows APIs. This
prevents virus scanning software from detecting malicious or
virus-infected files that are placed in the directory. On-access
virus scanners reportedly are still able to detect the malicious
files when they are accessed.
The weakness has been reported in the following versions.
* Norton SystemWorks 2005/2006
* Norton SystemWorks Premier 2005/2006
SOLUTION:
Apply the patch by running LiveUpdate.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mark Russinovich of Sysinternals and the F-Secure
Blacklight team.
ORIGINAL ADVISORY:
http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html
TITLE:
QuickTime Multiple Image/Media File Handling Vulnerabilities
SECUNIA ADVISORY ID:
SA18370
VERIFY ADVISORY:
http://secunia.com/advisories/18370/
CRITICAL:
Highly critical
IMPACT:
DoS, System access
WHERE:
From remote
SOFTWARE:
Apple QuickTime 7.x
http://secunia.com/product/5090/
DESCRIPTION:
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.
1) A boundary error in the handling of QTIF images can be exploited
to cause a heap-based buffer overflow. This may allow arbitrary code
execution when a malicious QTIF image is viewed.
2) Some boundary and integer overflow/underflow errors in the
handling of TGA images can be exploited to cause a buffer overflow.
This may allow arbitrary code execution when a malicious TGA image is
viewed.
3) An integer overflow error exists in the handling of TIFF images.
This can potentially be exploited to execute arbitrary code when a
malicious TIFF image is viewed.
4) A boundary error in the handling of GIF images can be exploited to
cause a heap-based buffer overflow. This may allow arbitrary code
execution when a malicious GIF image is viewed.
5) A boundary error in the handling of certain media files can be
exploited to cause a heap-based buffer overflow. This may allow
arbitrary code execution when a malicious media file is viewed.
The vulnerabilities affect both the Mac OS X and the Windows
platforms.
SOLUTION:
Update to version 7.0.4.
Mac OS X (version 10.3.9 or later):
http://www.apple.com/support/downloads/quicktime704.html
Windows 2000/XP:
http://www.apple.com/quicktime/download/win.html
PROVIDED AND/OR DISCOVERED BY:
1) Varun Uppal, Kanbay.
2-3) Dejun Meng, Fortinet.
4-5) Karl Lynn, eEye Digital Security.
ORIGINAL ADVISORY:
http://docs.info.apple.com/article.html?artnum=303101
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic