June 21, 2007 - Current Activity

Cerulean Studios Trillian Instant Messenger Vulnerability

US-CERT is aware of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger. The vulnerability may be exploited by viewing a malicious message containing a specially crafted UTF-8 string. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code with the credentials of the currently logged on user.

More information about this vulnerability can be found in Vulnerability Note VU#187033.

US-CERT encourages users to upgrade to Trillian 3.1.6.0 which has been released to address this vulnerability.

FBI Charges "Bot-Herders"

The FBI's "Operation Bot Roast" has identified over 1 million computers across the country that have been compromised by botnets. For more information on how to identify, report, and prevent attacks, see US-CERT's Cyber Security Tip "Understanding Hidden Threats: Rootkits and Botnets".

Microsoft Releases June Security Bulletins

Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Visio, and the Windows Schannel Security Package as part of the Microsoft Security Bulletin Summary for June 2007.

More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-163A.

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

Publicly Available Exploit for Yahoo! Messenger IM Client ActiveX Control Vulnerabilities

US-CERT is aware of publicly available exploit code for vulnerabilities in the Yahoo! Messenger Webcam Upload (ywcupl.dll) and Webcam Viewer (ywcvwr.dll) ActiveX controls that may allow an attacker to execute arbitrary code on a user's machine.

More information about the vulnerabilities can be found in the following:

• Vulnerability Note VU#932217
• Vulnerability Note VU#949817
• Yahoo! Webcam ActiveX Controls Security Update.

• Apply the update as described in the Yahoo! Webcam ActiveX Controls Security Update.
• Disable the ActiveX controls listed in the Yahoo! Webcam ActiveX Controls Security Update.
• Disable ActiveX as described in the Securing Your Web Browser document.
  

Microsoft Releases Advance Notification for June Security Bulletins

Microsoft has issued a Security Bulletin Advance Notification indicating that their June release cycle will contain six bulletins, four of which have a maximum severity rating of Critical. The notification further states that the four Critical bulletins are for Windows, Internet Explorer, and Outlook Express.  There will also be two non-critical bulletins for Visio and Windows as well as an updated version of the Microsoft Windows Malicious Software Removal Tool.  The release is scheduled for Tuesday, June 12, 2007.

US-CERT will provide additional information as it becomes available.

Computer Associates Release Security Notice for Anti-Virus Engine

The Computer Associates Anti-Virus engine fails to properly process CAB archives.  These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

More information can be found in the following:

• Vulnerability Note VU#105105
• Vulnerability Note VU#739409
• Computer Associates Security Notice

Microsoft Windows GDI+ ICO Vulnerability

Microsoft Windows Graphics Device Interface is vulnerable to an integer division-by-zero error.  This vulnerability may lead to a denial-of-service condition due to the introduction of a specially crafted icon file.

It may be possible for a malformed icon file to be embedded in an executable or other file.

More information can be found in the following:

• Vulnerability Note VU#290961
• Cyber Security Tip ST04-010