Donna's SecurityFlash : Advisories

Microsoft Security Advisory 943521 (Updated)

donna — Fri, 26 Oct 2007 06:21:14 GMT

Microsoft Security Advisory (943521) URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution Published: October 10, 2007 | Updated: October 25, 2007 Revisions: • October 10, 2007...(read more)

Microsoft Security Bulletin MS06-067 revised

donna — Wed, 24 Oct 2007 23:51:22 GMT

MS06-067 - http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx - Reason for Revision: Revised to include MS06-065 as a bulletin that is replaced by this bulletin. - Originally posted: November 14, 2006 - Updated: October 24, 2007 - Bulletin...(read more)

Adobe Security Bulletin APSB07-18

donna — Mon, 22 Oct 2007 17:51:13 GMT

Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat Release date: October 22, 2007 Vulnerability identifier: APSB07-18 CVE number: CVE-2007-5020 Platform: Windows XP (Vista users are not affected) with Internet Explorer...(read more)

Opera JPEG Processing Heap Corruption Vulnerabilities

donna — Tue, 09 Jan 2007 08:44:00 GMT

Opera is vulnerable in parsing the JPEG file format. Discovered were four vulnerabilities, each in different segments of the file format. posidron will describe in this advisory the two important ones. 1 - ntdll.RtlAllocateHeap() DHT vulnerability 2 ...(read more)

Kerio Fake 'iphlpapi' DLL injection Vulnerability

donna — Mon, 08 Jan 2007 12:20:00 GMT

A vulnerability in the Kerio allows local attackers to cause the product to load an arbitrary DLL which in turn can be used to compromise the system. Vulnerable software: * Sunbelt Kerio Personal Firewall 4.3.268 * Sunbelt Kerio Personal Firewall 4.3...(read more)

Multiple PDF Readers Multiple Remote Buffer Overflow Vulnerability

donna — Sun, 07 Jan 2007 23:20:00 GMT

Vulnerable: Xpdf Xpdf 3.0.1 (Patch 2) Apple Mac OS X Preview.app 3.0.8 Adobe Acrobat Reader v8 and earlier versions Multiple PDF readers are prone to multiple remote buffer-overflow vulnerabilities. These issues occur because the applications fail to...(read more)

Kaspersky Antivirus PE File Handling Denial of Service

donna — Sat, 06 Jan 2007 11:10:00 GMT

Affected Software: Kaspersky Anti-Virus 4.x Kaspersky Anti-Virus 5.x Kaspersky Anti-Virus 6.x Kaspersky Internet Security 6.x Kaspersky SMTP Gateway 5.x Description: A vulnerability has been reported in Kaspersky Antivirus, which can be exploited by malicious...(read more)

Microsoft Security Bulletins Advanced Notification (UPDATED)

donna — Sat, 06 Jan 2007 00:39:00 GMT

Microsoft earlier plan to release eight (8) updates on 9 January 2007 but there is a change today on the said plan: Security Updates One Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for this is Critical...(read more)

Apple iLife, Opera Browser, OpenOffice, StarOffice & WordPress Vulnerabilities

donna — Sat, 06 Jan 2007 00:23:00 GMT

Apple iLife iPhoto Photocast XML "title" Format String Vulnerability - a vulnerability in iLIfe iPhoto, which potentially can be exploited by malicious people to compromise a user's system has been discovered by Kevin Finisterre. Possible solution is...(read more)

Microsoft Security Bulletins - Advanced Notifications

donna — Fri, 05 Jan 2007 00:42:00 GMT

Microsoft Security Bulletin Advance Notification http://www.microsoft.com/technet/security/bulletin/advance.mspx On 9 January 2007 Microsoft is planning to release: Security Updates Three Microsoft Security Bulletins affecting Microsoft Windows. The highest...(read more)

Windows Workstation Service NetrWkstaUserEnum Denial of Service

donna — Tue, 26 Dec 2006 19:03:00 GMT

Affected OS: Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows XP Home Edition Microsoft Windows XP Professional h07 has discovered a weakness...(read more)

Microsoft Windows MessageBoxA Denial of Service Vulnerability

donna — Thu, 21 Dec 2006 01:49:00 GMT

Microsoft Windows is prone to a local denial-of-service vulnerability because the operating system fails to handle certain API calls with unexpected parameters. A local unprivileged attacker may exploit this issue by executing a malicious application...(read more)

NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory

donna — Wed, 20 Dec 2006 18:47:00 GMT

Affected Products: ESET NOD32 Antivirus Vulnerability: Arbitrary Code Execution (remote) Risk: HIGH Vendor communication: 2006/08/24 initial notification of ESET 2006/08/28 ESET Response 2006/08/29 PGP keys exchange 2006/08/29 PoC files sent to ESET 2006...(read more)

CA Portal Technology Session Handling Vulnerability;CA Anti-Virus vetfddnt.sys and vetmonnt.sys Local DoS Vulnerabilities

donna — Wed, 20 Dec 2006 18:40:00 GMT

Affected Software: CA BrightStor Portal 11.x CA CleverPath Aion 10.x CA CleverPath Portal 4.x CA eTrust Security Command Center 1.x CA eTrust Security Command Center 8.x CA Unicenter Asset Portfolio Management 11.x CA Unicenter Database Command Center...(read more)

Apple Mac OS X Quicktime For Java Information Disclosure Vulnerability;Apple released security fixes

donna — Wed, 20 Dec 2006 04:19:00 GMT

Apple Mac OS X is prone to an information-disclosure vulnerability. Attackers may exploit this issue by convincing victims into visiting a malicious website. Exploiting this issue may allow remote attackers to capture images rendered locally on screen...(read more)

Microsoft Security Bulletin Revised: MS06-078

donna — Wed, 20 Dec 2006 03:54:00 GMT

MS06-078 - Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689) http://www.microsoft.com/technet/security/bulletin/MS06-078.mspx?pubDate=2006-12-19 Revisions: V2.0 (December 19, 2006): Bulletin updated has been revised and...(read more)

Mozilla Foundation Security Advisories (Dec. 19, 2006)

donna — Wed, 20 Dec 2006 03:40:00 GMT

MFSA 2006-76 XSS using outer window's Function object MFSA 2006-75 RSS Feed-preview referrer leak MFSA 2006-74 Mail header processing heap overflows MFSA 2006-73 Mozilla SVG Processing Remote Code Execution MFSA 2006-72 XSS by setting img.src to BLOCKED...(read more)

Winamp Web Interface Multiple Vulnerabilities

donna — Tue, 19 Dec 2006 14:33:00 GMT

Winamp Web Interface (Wawi) is "a nice open source plugin for Winamp which allows the remote administration of the media player through any web browser". The Winamp Web Interface, WAWI for short, has been found to contain multiple vulnerabilities that...(read more)

Intel 2200BG W29N51.SYS Driver Beacon Frame Race Condition

donna — Tue, 19 Dec 2006 14:24:00 GMT

Breno Silva Pinto has reported a vulnerability in Intel 2200BG drivers, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a race condition when W29N51.SYS handles multiple beacon...(read more)

Microsoft Outlook Recipient ActiveX Control Lets Remote Users Deny Service

donna — Tue, 19 Dec 2006 14:21:00 GMT

http://www.securitytracker.com/alerts/2006/Dec/1017397.html A vulnerability was reported in Microsoft Outlook. A remote user can cause denial of service conditions. A remote user can create specially crafted HTML that, when loaded by the target user,...(read more)