December 2006 - Posts
http://secunia.com/advisories/23445/
Description:
Some vulnerabilities have been reported in Sun
Java JRE (Java Runtime Environment), which can be exploited by
malicious people to compromise a user's system.
1) Two errors exist in the Java Runtime Environment, which can be
exploited by malicious, untrusted applets to read and write local
files, or to execute local applications.
2) Two errors related to serialisation exist in the Java Runtime
Environment, which can be exploited by a malicious, untrusted applet to
elevate it's privileges.
The following releases are affected:
* JDK and JRE 5.0 Update 7 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior (not affected by vulnerability #2)
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to fixed versions:
JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 8 or later.
http://java.sun.com/javase/downloads/index_jdk5.jsp
SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_13 or later.
http://java.sun.com/j2se/1.4.2/download.html
SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_19 or later.
http://java.sun.com/j2se/1.3/download.html
http://secunia.com/advisories/23398/
Description:
Two vulnerabilities have been reported in Sun
Java JRE (Java Runtime Environment), which can be exploited by
malicious people to bypass certain security restrictions.
The vulnerabilities are caused due to unspecified errors in the Java
Runtime Environment and may allow a malicious, untrusted applet to
access data in other applets.
The vulnerabilities are reported in the following versions:
* JDK and JRE 5.0 Update 6 and prior
* SDK and JRE 1.4.2_12 and prior
* SDK and JRE 1.3.1_18 and prior
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Update to fixed versions.
http://secunia.com/advisories/23459/
Description:
Sergio Alvarez has reported some vulnerabilities
in the NOD32 Antivirus engine, which can be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
1) An integer-overflow error within the parsing of DOC files can be
exploited to cause a heap-based buffer overflow via a specially crafted
DOC file.
Successful exploitation allows execution of arbitrary code.
2) An integer-overflow error within the parsing of CAB archives can be
exploited to cause a heap-based buffer overflow via a specially crafted
CAB archive.
Successful exploitation allows execution of arbitrary code.
3) A division-by-zero error within the parsing of CHM files can be exploited to cause a DoS via a specially crafted CHM file.
The vulnerabilities are reported in versions prior to 1.1743.
Solution:
Update to the latest version.
If users in your environment have the ability to install software on their machines, you'll probably find many instances of this installed on your network(s). Adobe Download Manager is the default method used to retrieve the Adobe Reader application from the Internet for installation.
http://secunia.com/advisories/23233/
Description:
A vulnerability has been reported in Adobe
Download Manager, which can be exploited by malicious people to
compromise a user's system.
The vulnerability is caused due to a boundary error when handling
section names in the "dm.ini" file as created by Adobe Download Manager
when processing AOM files. This can be exploited to cause a stack-based
buffer overflow via a specially crafted AOM or "dm.ini" file.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.
The vulnerability is reported in version 2.1 and earlier.
And yet another one that seems to appear repeatedly on client laptops: AOL. As stated in previous posts, be warned.
http://secunia.com/advisories/23043/
Description:
Secunia Research has discovered a vulnerability
in AOL, which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a boundary error within the
"CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when
processing the first argument passed to the "SetClientInfo()" method.
This can be exploited to cause a stack-based buffer overflow by passing
an overly long string (more than 256 bytes).
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website with Internet Explorer.
The vulnerability is related to:
SA20861
The vulnerability is confirmed in America Online 7.0 revision 4114.563,
AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision
4156.910. Other versions may also be affected.
Solution:
Updates are automatically available for AOL 9.x users when logging into the AOL service.
Users of AOL versions earlier than 9.0 are urged to upgrade to the latest version of the AOL software.
In my organization, end-users love to install Yahoo! Messenger. Be warned; there's a new exploit on the loose:
http://secunia.com/advisories/23401/
Description:
A vulnerability has been reported in Yahoo!
Messenger, which potentially can be exploited by malicious people to
compromise a user's system.
The vulnerability is caused due to an unspecified error in an ActiveX
control and can be exploited to cause a buffer overflow. No further
information is currently available.
The vulnerability is reported in versions obtained prior to Nov 2, 2006.
Solution:
Update to the latest version.
http://messenger.yahoo.com/
I know many people are using this application on USB drives as a portable app; now would be a good time to upgrade.
http://secunia.com/advisories/23367/
Description:
Expanders has discovered a vulnerability in
DeepBurner, which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a boundary error when parsing DBR
files with an overly long string (greater than 256 bytes) in the "path"
parameter of the "file" tag. This can be exploited to cause a
stack-based buffer overflow via a specially crafted DBR file.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in DeepBurner Pro version 1.8.0.225. Other versions may also be affected.
A summary of AV vulnerabilities disclosed by Secunia since December began:
McAfee VirusScan Command Line Scanner Insecure DT_RPATH
| Critical:
|
Moderately critical
|
|
Impact:
|
Privilege escalation
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched |
BitDefender AntiVirus Engine PE File Parsing Buffer Overflow
| Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch |
CA Anti-Virus Drivers Denial of Service Vulnerabilities
| Critical:
|
Not critical
|
|
Impact:
|
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch |
Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities
| Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch |
Clam AntiVirus Multipart Nestings Denial of Service
If you aren't keeping track of Skype in your environment, here's one more reason to do so, as reported by the ISC:
Skype worm
Published: 2006-12-18,
Last Updated: 2006-12-18
23:54:28 UTC by Toby Kohlenberg (Version: 2(click to
highlight changes))
We are hearing some details of a new worm spreading via
Skype IM, it appears to be using a custom (or at least unusual) packer and the
network traffic appears encrypted as well. Please send us any info you might
have on it.
Additional information available from F-Secure and Symantec at the links provided here.
Description:
Breno Silva Pinto has reported a vulnerability
in Intel 2200BG drivers, which potentially can be exploited by
malicious people to compromise a vulnerable system.
The vulnerability is caused due to a race condition when W29N51.SYS
handles multiple beacon frames. This can be exploited to overwrite
certain kernel memory structures via sending multiple specially crafted
beacon frames to the wireless card.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in version 9.0.3.9. Other versions may also be affected.
http://secunia.com/advisories/23338/