Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
November 2006
 Right Arrow
Su M Tu W Th F Sa
   
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19
 20 21 22 23 24 25
26 27 28 29 30
    
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    November 13, 2006 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    November 12Exploit Released for Broadcom Wireless Device Driver
    November 9Microsoft Releases Advance Notification for November Security Bulletin
    November 8 Mozilla Releases Security Advisories to Address Multiple Vulnerabilities
    November 5 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
    November 3 Exploit Code Posted for Unpatched Vulnerability in Apple AirPort Driver
    November 1Exploit Code Posted for Vulnerability in Microsoft's Visual Studio
    October 31 Multiple Vulnerabilities in Microsoft Internet Explorer 7
    October 27 Proof-of-Concept Code for DoS Vulnerability in Microsoft Internet Explorer
    October 26 Multiple Vulnerabilities in AOL Nullsoft Winamp Ultravox
    October 25 Identity Theft Continues to Rise, Financial Accounts Targeted
    October 18 Oracle Critical Update for October 2006
    October 18 Proof-of-Concept Code for Vulnerability in NVIDIA Graphics Driver
    October 13 Proof-of-Concept Code for Unpatched Vulnerability in Microsoft PowerPoint


    Exploit Released for Broadcom Wireless Device Driver

    added November 12, 2006

    US-CERT is aware of an exploit released for a vulnerability in the Broadcom BCMWL5.SYS wireless driver used in a various laptops including Dell, eMachines, Gateway, and HP. The flaw is due to a stack-based buffer overflow in the wireless device driver that could be exploited by an attacker to take complete control of a vulnerable system. The overflow is caused by improper handling of 802.11 probe responses containing an overly long SSID (service set identifier) field.

    US-CERT will continue to investigate and provide additional information as it becomes available.


    Microsoft Releases Advance Notification for November Security Bulletin

    added November 9, 2006

    Microsoft has issued a Security Bulletin Advance Notification indicating that their November release cycle will contain six bulletins, some of which have a maximum severity rating of Critical. The notification further states that five of the bulletins are for Windows, and one is for their XML Core Services. The release is scheduled for Tuesday, November 14th.

    US-CERT will provide additional information as it becomes available.


    Mozilla Releases Security Advisories to Address Multiple Vulnerabilities

    added November 8, 2006

    The Mozilla Foundation has released three security advisories to address multiple vulnerabilities in Firefox, Thunderbird, and SeaMonkey. The vulnerabilities include flaws in the way JavaScript and RSA signatures are handled. If successfully exploited, these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, forge an RSA signature, or cause a denial of service.

    Notes:

    • JavaScript must be enabled for a remote attacker to execute arbitrary code.
    • Forging an RSA signature may allow an attacker to craft a valid certificate and impersonate a trusted website or email system that uses certificates for authentication.

    More information about these vulnerabilities can be found in the following:

    US-CERT strongly encourages users to take the following actions to help mitigate the security risks:


    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution

    added November 5, 2006

    US-CERT is investigating reports of a vulnerability found in the XMLHTTP 4.0 ActiveX Control, which is a part of the Microsoft XML Core Services 4.0 on Windows. Microsoft and ISS are reporting limited attacks attempting to use this vulnerability. By persuading a user with Internet Explorer to view a specially crafted HTML document (malicious website), a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with the privileges of the user.

    Note: Microsoft states that users running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#585137 - Microsoft XML Core Services XMLHTTP ActiveX control vulnerability
    • Microsoft Security Advisory 927892

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:

    • Disable the XMLHTTP 4.0 object in Internet Explorer as specified in Microsoft Support Document 240797.
    • Disable ActiveX as specified in the Securing Your Web Browser document.
    • Do not follow unsolicited links.
    • Review the steps described in Microsoft's document to improve the safety of your browser.

    Exploit Code Posted for Unpatched Vulnerability in Apple AirPort Driver

    added November 3, 2006

    US-CERT is aware of public exploit code for an unpatched vulnerability in Apple AirPort Wireless Drivers. There is a flaw in the way certain AirPort drivers process 802.11 wireless Ethernet frames. If successfully exploited, this vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition on an affected system.

    Note: Apple has stated that only AirPort drivers provided with Orinoco-based AirPort cards (1999-2003) are vulnerable.

    Until an official update, patch, or more information becomes available, we recommend the following action to help mitigate the security risks:

    • Disable the wireless adapter when not in use as specified on the AirPort Help webpage.

    Exploit Code Posted for Vulnerability in Microsoft's Visual Studio

    added November 1, 2006

    US-CERT is aware of publicly available exploit code for a new vulnerability in the Windows Management Instrumentation (WMI) Object Broker ActiveX control. This control is packaged with Microsoft Visual Studio 2005 and can be loaded by a malicious website using Internet Explorer. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message) with Internet Explorer, a remote attacker may be able to execute arbitrary code on a vulnerable system.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#854856 - WMI Object Broker ActiveX Control bypasses ActiveX security model
    • Microsoft Security Advisory 927709

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:


    Multiple Vulnerabilities in Microsoft Internet Explorer 7

    added October 31, 2006

    We are aware of multiple vulnerabilities in Microsoft Internet Explorer 7. The first is a spoofing vulnerability where a remote attacker can use a specially crafted Uniform Resource Identifier (URI) to spoof the address bar in a pop-up window. The user is led to believe that the content of the pop-up window is coming from the trusted website, and therefore could potentially provide sensitive information to a malicious website or an untrusted source. More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#347188 - Microsoft Internet Explorer 7 may allow address bar spoofing

    The second vulnerability is a flaw in the way the "mhtml:" URL redirections are handled. If successfully exploited, a remote attacker could bypass security restrictions and gain access to sensitive information served from another domain in the context of a malicious web page. Exploit code that takes advantage of this vulnerability is public.

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:


    Proof-of-Concept Code for DoS Vulnerability in Microsoft Internet Explorer

    added October 27, 2006

    We are aware of proof-of-concept code for a denial-of-service vulnerability in Microsoft Internet Explorer. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), Internet Explorer may crash when processing a specific method in the 'ADODB.Connection' ActiveX Object. It is not clear at this point whether an attacker may be able to execute arbitrary code with this vulnerability.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note VU#589272 - ADODB.Connection ActiveX control unspecified vulnerability

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:


    Multiple Vulnerabilities in AOL Nullsoft Winamp Ultravox

    added October 26, 2006

    We are aware of two heap buffer overflow vulnerabilities in AOL's Nullsoft Winamp Ultravox. The first overflow is a flaw in the handling of the 'ultravox-max-msg' header of the Ultravox protocol. The Ultravox protocol supports the delivery and publishing of streaming media such as music files. The second overflow is a flaw in the parsing of Lyrics3 tags. Lyrics3 is a system for embedding the lyrics inside an MP3 song file.

    By persuading a user to access a specially crafted playlist file or connect to a malicious server with Winamp, a remote, unauthenticated attacker may be able to execute arbitrary code with privileges of the user.

    We recommend that users upgrade to Winamp 3.51 to help mitigate the security risks. We will continue to update current activity as more information becomes available.


    Identity Theft Continues to Rise, Financial Accounts Targeted

    added October 25, 2006

    We continue to see a rise in online identity theft cases, leading to the compromise of financial account information. In addition to banking accounts, we are observing increased activity targeting brokerage accounts. We remind users to remain cautious when receiving unsolicited email in order to avoid phishing and keylogger type attacks. We also emphasize the importance of preventative computer security measures to help avoid phishing and other types of attacks.

    Individuals can help protect themselves by following these safeguards:

    • Do not follow unsolicited web links received in email messages.
    • Contact your financial institution immediately if you believe your account or financial information has been compromised.
    • Verify the legitimacy of the email by contacting the company directly through a trusted contact number.
    • Visit the Anti-Phishing Working Group for more information on known phishing attacks.

    For additional information regarding phishing, we recommend reading the following documents:

    1. Avoiding Social Engineering and Phishing Attacks
    2. Recognizing and Avoiding Spyware
    3. Coordinating Virus and Spyware Defense

    Oracle Critical Update for October 2006

    added October 17, 2006 | updated October 18, 2006

    Oracle has released Oracle Critical Patch Update (CPU) for October 2006. This update addresses numerous vulnerabilities in different Oracle products and components. The impacts of these vulnerabilities vary depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, disclosure of sensitive information, and denial of service.

    More information about these vulnerabilities can be found in the Technical Cyber Security Alert TA06-291A.

    We strongly encourage Oracle administrators to review, test, and install the patches within the Critical Patch Update for October 2006.


    Proof-of-Concept Code for Vulnerability in NVIDIA Graphics Driver

    added October 18, 2006

    We are aware of proof-of-concept exploit code for a buffer overflow vulnerability in the NVIDIA Binary Graphics Driver for UNIX systems. If a remote attacker sends a specially crafted sequence of glyphs to a vulnerable system, that attacker may be able to execute arbitrary code with potentially root level privileges or cause a denial-of-service condition.

    More information about this vulnerability can be found in the following:

    • Vulnerability Note: VU#147252 - NVIDIA Display Driver for Unix systems vulnerable to buffer overflow

    Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:

    • Disable the NVIDIA-supplied driver and use the default "nv" driver.
    • Upgrade to the latest beta version of the driver.

    Proof-of-Concept Code for Unpatched Vulnerability in Microsoft PowerPoint

    added October 13, 2006

    We are aware of publicly available proof-of-concept code for an unpatched vulnerability in Microsoft PowerPoint. The complete impact of this vulnerability is not yet known.

    More information is available at the Microsoft Security Response Center Blog!

    Until an update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:

    • Do not open attachments from unsolicited email messages.
    • Install anti-virus software, and keep its virus signature files up-to-date.
    • Save and scan any attachments before opening them.

    We strongly encourage users not to open unfamiliar or unexpected email attachments, even if sent by a known and trusted source. Users may wish to read Cyber Security Tip ST04-010 for more information on working with email attachments.

    We will continue to monitor this issue and provide additional information as it becomes available.