Month: December 2006

Apple Mac OS X is prone to an information-disclosure vulnerability. Attackers may exploit this issue by convincing victims into visiting a malicious website. Exploiting this issue may allow remote attackers to capture images rendered locally on screen that may contain sensitive information. Vulnerable:  Apple Mac OS X Server 10.4.8 Apple Mac OS X 10.4.8 http://www.securityfocus.com/bid/21672/info Solution: Install Security Update 2006-008 update, see http://docs.info.apple.com/article.html?artnum=61798  

MS06-078 – Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)http://www.microsoft.com/technet/security/bulletin/MS06-078.mspx?pubDate=2006-12-19 Revisions: V2.0 (December 19, 2006): Bulletin updated has been revised and re-released for the Korean only package on Microsoft Windows Media Runtime Format 7.1 and 9.0 Series Runtime on Windows 2000 Service Pack 4 to address the issues identified in Microsoft Knowledge Base Article 923689. Additional clarity around file versions in the “I’ve installed the Windows Media Format Runtime security update. What version of Windows Media Format Runtime should I have installed?” in the “Frequently Asked Questions (FAQ) Related to this Security Update” section.

Winamp Web Interface (Wawi) is “a nice open source plugin for Winamp which allows the remote administration of the media player through any web browser”. The Winamp Web Interface, WAWI for short, has been found to contain multiple vulnerabilities that would allow a remote attacker to overflow the internal buffers used by the product and cause it to read arbitrary file and display them. Vulnerable Systems: * Winamp Web Interface version 7.5.13 and prior http://www.securiteam.com/windowsntfocus/6Z00A2KHQG.html

Breno Silva Pinto has reported a vulnerability in Intel 2200BG drivers, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a race condition when W29N51.SYS handles multiple beacon frames. This can be exploited to overwrite certain kernel memory structures via sending multiple specially crafted beacon frames to the wireless card. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 9.0.3.9. Other versions may also be affected. Solution: Turn off the wireless card when not in use.http://secunia.com/advisories/23338/

http://www.securitytracker.com/alerts/2006/Dec/1017397.html A vulnerability was reported in Microsoft Outlook. A remote user can cause denial of service conditions. A remote user can create specially crafted HTML that, when loaded by the target user, will invoke a Microsoft Outlook ActiveX component (Outlook Recipient Control) and cause Internet Explorer to hang. shinnai reported this vulnerability. The original advisory and a demonstration exploit is available at: http://shinnai.altervista.org/viewtopic.php?id=41&t_id=8 Impact:  A remote user can create HTML that, when loaded by the target user, will cause Internet Explorer to hang.Solution:  No solution was available at the time of this entry.