Advisories

Microsoft Security Advisory (943521)URL Handling Vulnerability in Windows XP and Windows Server 2003 with Windows Internet Explorer 7 Could Allow Remote Code ExecutionPublished: October 10, 2007 | Updated: October 25, 2007 Revisions: • October 10, 2007: Advisory published• October 25, 2007: Advisory updated to reflect increased threat level http://www.microsoft.com/technet/security/advisory/943521.mspx

MS06-067   – http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx  – Reason for Revision: Revised to include MS06-065 as a bulletin that is replaced by this bulletin.    – Originally posted: November 14, 2006  – Updated: October 24, 2007  – Bulletin Severity Rating: Critical  – Version: 1.1

Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat Release date: October 22, 2007Vulnerability identifier: APSB07-18CVE number: CVE-2007-5020 Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installedAffected Software Versions: Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlierAdobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier Summary Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers … Continue reading Adobe Security Bulletin APSB07-18

A vulnerability in the Kerio allows local attackers to cause the product to load an arbitrary DLL which in turn can be used to compromise the system. Vulnerable software: * Sunbelt Kerio Personal Firewall 4.3.268 * Sunbelt Kerio Personal Firewall 4.3.246 * probably all versions of Sunbelt Kerio Personal Firewall 4 * possibly older versions of Sunbelt Kerio Personal Firewall When Sunbelt Kerio Personal Firewall (SKPF) loads dependent modules, it relies on the operating system. System library iphlpapi.dll is located in the system directory but the main SKPF service, which requires and loads this DLL, is located in the installation directory of SKPF. This … Continue reading Kerio Fake ‘iphlpapi’ DLL injection Vulnerability

Vulnerable:Xpdf Xpdf 3.0.1 (Patch 2)Apple Mac OS X Preview.app 3.0.8 Adobe Acrobat Reader v8 and earlier versions Multiple PDF readers are prone to multiple remote buffer-overflow vulnerabilities. These issues occur because the applications fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the affected application, denying service to legitimate users. http://www.securityfocus.com/bid/21910

Affected Software: Kaspersky Anti-Virus 4.xKaspersky Anti-Virus 5.xKaspersky Anti-Virus 6.xKaspersky Internet Security 6.xKaspersky SMTP Gateway 5.x Description:A vulnerability has been reported in Kaspersky Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the scan engine when processing PE files. This can be exploited to cause an endless loop via a specially crafted PE file containing an invalid value in the “NumberOfRvaAndSizes” field within the Optional Windows Header section. Successful exploitation prevents further scanning of files. The vulnerability is reported in version 6.0 for Windows and 5.5-10 … Continue reading Kaspersky Antivirus PE File Handling Denial of Service

Microsoft earlier plan to release eight (8) updates on 9 January 2007 but there is a change today on the said plan: Security Updates One Microsoft Security Bulletin affecting Microsoft Windows. The highest Maximum Severity rating for this is Critical. This update will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. This update will require a restart. Three Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart. The rest is the same – … Continue reading Microsoft Security Bulletins Advanced Notification (UPDATED)

Apple iLife iPhoto Photocast XML “title” Format String Vulnerability – a vulnerability in iLIfe iPhoto, which potentially can be exploited by malicious people to compromise a user’s system has been discovered by Kevin Finisterre.  Possible solution is do not follow or subscribe to untrusted links to Photocast feeds. Affected software is Apple iLife iPhoto 6.x.  View the advisory here. Opera Browser Two Vulnerabilities – Two vulnerabilities have been reported in Opera, which can be exploited by malicious people to compromise a user’s system.  iDefense Labs discovered the vulnerabilities.  Solution is upgrade to latest version.  Advisory is here (Secunia) and Opera – … Continue reading Apple iLife, Opera Browser, OpenOffice, StarOffice & WordPress Vulnerabilities

Microsoft Security Bulletin Advance Notificationhttp://www.microsoft.com/technet/security/bulletin/advance.mspx On 9 January 2007 Microsoft is planning to release: Security UpdatesThree Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart. One Microsoft Security Bulletins affecting Microsoft Windows and Microsoft Visual Studio. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. These updates will require a restart. One Microsoft Security Bulletins affecting … Continue reading Microsoft Security Bulletins – Advanced Notifications