Donna's SecurityFlash

Apple iLife, Opera Browser, OpenOffice, StarOffice & WordPress Vulnerabilities

• Apple iLife iPhoto Photocast XML "title" Format String Vulnerability - a vulnerability in iLIfe iPhoto, which potentially can be exploited by malicious people to compromise a user's system has been discovered by Kevin Finisterre.  Possible solution is do not follow or subscribe to untrusted links to Photocast feeds. Affected software is Apple iLife iPhoto 6.x.  View the advisory here.
• Opera Browser Two Vulnerabilities - Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to compromise a user's system.  iDefense Labs discovered the vulnerabilities.  Solution is upgrade to latest version.  Advisory is here (Secunia) and Opera - here and then another here.
• OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities - John Heasman has reported some vulnerabilities in OpenOffice, which can be exploited by malicious people to compromise a user's system.  Solution is apply fixes or upgrade to v2.1.0.  Advisory here.
• StarOffice WMF/EMF Processing Buffer Overflow Vulnerabilities - John Heasman has reported some vulnerabilities in StarOffice, which can be exploited by malicious people to compromise a user's system.  This is solved if you apply the patches.  View the advisory.
• WordPress User Account Enumeration Weakness - Kad has discovered a weakness in WordPress, which can be exploited by malicious people to identify valid user accounts.  Possible work-around is edit the source code to ensure that a single general error message is returned on a failed login or restrict access to the "wp-login.php" script (e.g. with ".htaccess").  Advisory here.
• A vulnerability has been reported in WordPress, which has unknown impacts but solved by upgrading to lastest version.  View the advisory here.