Mailing Lists & Feeds
Current Activity Calendar
| December 05, 2006 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Adobe Reader and Acrobat ActiveX Vulnerabilitiesadded November 29, 2006 | updated November 30, 2006US-CERT is aware of a report of multiple vulnerabilities that affect the ActiveX control for Adobe Reader and Acrobat. More information about these vulnerabilities can be found in the following:
Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
Apple Releases Security Update for Multiple Vulnerabilitiesadded November 29, 2006Apple has released Security Update 2006-007 to correct multiple vulnerabilities in Mac OS X and related products. More information about the vulnerabilities can be found in these Vulnerability Notes and Technical Cyber Security Alert TA06-333A. US-CERT encourages users to apply the appropriate updates as soon as possible. US-CERT will continue to investigate these vulnerabilities and provide additional information as it becomes available. Google Search Appliance Vulnerable to Cross-site Scriptingadded November 29, 2006US-CERT is aware of a cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini devices. Specifically, the flaw exists in the way that Google Search Appliance and Google Mini devices handle UTF-7 (Unicode Transformation Format) encoded URIs (Uniform Resource Identifier). Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
New Spybot Worm Targets Old Symantec Vulnerabilityadded November 28, 2006 | updated November 29, 2006Symantec has confirmed reports of a new worm attempting to exploit previously patched flaws in Microsoft Windows and Symantec Client Security and Antivirus Corporate Edition. The worm, named W32.Spybot.ACYR, spreads through Internet Relay Chat (IRC) channels and to network shares with weak passwords. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary code with SYSTEM privileges. According to Symantec in its Security Response Weblog, the impact of the attack is minimal thus far. Symantec further states that customers who have applied the patch are not susceptible to this new attack. More information about the vulnerabilities in the Symantec products can be found in the following:
US-CERT recommends that users to take the following actions to mitigate the security risks:
US-CERT will continue to investigate and provide additional information as it becomes available. Vulnerability in Computer Associates BrightStor ARCServe Backup Tape Engineadded November 21, 2006 | updated November 22, 2006US-CERT is aware of a new vulnerability in Computer Associates BrightStor ARCserve Backup Tape Engine. There is a flaw in the way RPC requests are handled by the Tape Engine. By sending a malformed RPC request to port 6502/tcp on a vulnerable system, a remote, unauthenticated attacker could execute arbitrary code with SYSTEM privileges. More information about this vulnerability can be found in the following:
Initial reports indicate that BrightStor ARCserve Backup version 11.5 is affected by the flaw; however other versions may be affected as well. Computer Associates has reported that they are aware of this issue and are currently working on a solution. Until an official update, patch, or more information becomes available, US-CERT recommends the following action to help mitigate the security risks:
US-CERT will continue to investigate and provide additional information as it becomes available. Proof-of-Concept Exploit for Unpatched Vulnerability in Mac OS Xadded November 21, 2006 | updated November 22, 2006US-CERT is aware of a publicly available proof-of-concept exploit for an unpatched vulnerability in Mac OS X. The exploit targets a flaw in the way that Mac OS X handles disk image structures (DMG files) resulting in memory corruption, causing a denial of service or possibly arbitrary code execution. More information about this vulnerability can be found in the following:
Mac users can protect themselves by turning off the default setting that allows "safe" files to automatically open after downloading. We strongly encourage users not to open files from untrusted sources. Exploit Code Posted for Vulnerability in Microsoft Workstation Serviceadded November 21, 2006US-CERT is aware of public exploit code for a buffer overflow vulnerability in Microsoft Workstation Service. There is a flaw in the way Microsoft Workstation Service parses very long network messages. By sending specially crafted network messages to a vulnerable system, a remote, unauthenticated attacker could execute arbitrary code with administrator level privileges or cause a denial-of-service condition. More information about this vulnerability can be found in the following:
US-CERT strongly encourages users to take the following actions to mitigate the security risks:
Multiple ActiveX Vulnerabilities in Sky Software Component Used by WinZip 10added November 16, 2006US-CERT is aware of multiple vulnerabilities in the Sky Software FileView ActiveX control used by WinZip 10. The first vulnerability is that the FileView ActiveX control contains several unsafe methods, but is marked as safe for scripting. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote attacker may be able to execute arbitrary commands (e.g., copy, delete, execute, or any available command on the vulnerable system) with the privileges of the user. More information about this vulnerability can be found in the following:
The second vulnerability is a stack buffer overflow in the handling of the filepattern property. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), a remote attacker may be able to execute arbitrary code or crash Internet Explorer. There is public exploit code that takes advantage of this vulnerability. More information about this vulnerability can be found in the following:
US-CERT recommends the following actions to help mitigate the security risks:
Microsoft Releases November Security Bulletinadded November 14, 2006 | updated November 14, 2006Microsoft has released updates to address vulnerabilities in Microsoft Windows and XML Core Services as part of the Microsoft Security Bulletin Summary for November 2006. We strongly encourage users to review the bulletins and follow best-practice security policies to determine what updates should be applied. Additionally, more information about these vulnerabilities can be found in the Vulnerability Notes Database and Technical Cyber Security Alert TA06-318A. Exploit Released for Broadcom Wireless Device Driveradded November 12, 2006 | updated November 14, 2006US-CERT is aware of an exploit released for a vulnerability in the Broadcom BCMWL5.SYS wireless driver used in a various laptops including Dell, eMachines, Gateway, and HP. The flaw is due to a stack-based buffer overflow in the wireless device driver that could be exploited by an attacker to take complete control of a vulnerable system. The overflow is caused by improper handling of 802.11 probe responses containing an overly long SSID (service set identifier) field. More information about this vulnerability can be found in the following:
US-CERT recommends the following actions to help mitigate the security risks:
Update to Microsoft PowerPoint Vulnerability and Proof-of-Concept Codeadded October 13, 2006 | updated November 14, 2006Microsoft has posted follow-up information for the PowerPoint 2003 proof-of-concept code previously reported in October. The follow up, posted on the Microsoft Security Response Center Blog, states that the vulnerability in PowerPoint 2003 can not be used to execute remote code as earlier stated. It goes on to further state that the flaw could be used to crash PowerPoint, and this flaw will be corrected in the next release of the product. More information concerning this flaw is available at the Microsoft Security Response Center Blog. US-CERT recommends the following actions to help protect your system:
Microsoft Releases Advance Notification for November Security Bulletinadded November 9, 2006Microsoft has issued a Security Bulletin Advance Notification indicating that their November release cycle will contain six bulletins, some of which have a maximum severity rating of Critical. The notification further states that five of the bulletins are for Windows, and one is for their XML Core Services. The release is scheduled for Tuesday, November 14th. US-CERT will provide additional information as it becomes available. Mozilla Releases Security Advisories to Address Multiple Vulnerabilitiesadded November 8, 2006The Mozilla Foundation has released three security advisories to address multiple vulnerabilities in Firefox, Thunderbird, and SeaMonkey. The vulnerabilities include flaws in the way JavaScript and RSA signatures are handled. If successfully exploited, these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, forge an RSA signature, or cause a denial of service. Notes:
More information about these vulnerabilities can be found in the following:
US-CERT strongly encourages users to take the following actions to help mitigate the security risks:
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Executionadded November 5, 2006US-CERT is investigating reports of a vulnerability found in the XMLHTTP 4.0 ActiveX Control, which is a part of the Microsoft XML Core Services 4.0 on Windows. Microsoft and ISS are reporting limited attacks attempting to use this vulnerability. By persuading a user with Internet Explorer to view a specially crafted HTML document (malicious website), a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with the privileges of the user. Note: Microsoft states that users running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. More information about this vulnerability can be found in the following:
Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
Exploit Code Posted for Unpatched Vulnerability in Apple AirPort Driveradded November 3, 2006US-CERT is aware of public exploit code for an unpatched vulnerability in Apple AirPort Wireless Drivers. There is a flaw in the way certain AirPort drivers process 802.11 wireless Ethernet frames. If successfully exploited, this vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition on an affected system. Note: Apple has stated that only AirPort drivers provided with Orinoco-based AirPort cards (1999-2003) are vulnerable. Until an official update, patch, or more information becomes available, we recommend the following action to help mitigate the security risks:
Exploit Code Posted for Vulnerability in Microsoft's Visual Studioadded November 1, 2006US-CERT is aware of publicly available exploit code for a new vulnerability in the Windows Management Instrumentation (WMI) Object Broker ActiveX control. This control is packaged with Microsoft Visual Studio 2005 and can be loaded by a malicious website using Internet Explorer. By persuading a user to view a specially crafted HTML document (e.g., a web page or an HTML email message) with Internet Explorer, a remote attacker may be able to execute arbitrary code on a vulnerable system. More information about this vulnerability can be found in the following:
Until an official update, patch, or more information becomes available, we recommend the following actions to help mitigate the security risks:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more
Get Adobe Reader