Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
July 2007
 Right Arrow
Su M Tu W Th F Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    July 16, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    July 16Internet Explorer Code Execution Vulnerability
    July 16McAfee Products Contain Multiple Vulnerabilities
    July 12Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime
    July 12Adobe Flash Player Multiple Vulnerabilities
    July 11Cisco Releases Security Advisories for Multiple Vulnerabilities in Unified Communications Manager
    July 10Microsoft Releases July Security Bulletins
    July 10SAP Products Contain Vulnerabilities


    Internet Explorer Code Execution Vulnerability

    added July 16, 2007 at 02:42 pm

    US-CERT is aware of publicly available exploit code for a vulnerability that uses Microsoft Internet Explorer to send malicious input to the Trillian instant messenger client. The public exploit code demonstrates the vulnerability using the AIM URI handler. To trigger this vulnerability, an attacker must persuade a user who has an Instant Messaging client installed to access a specially crafted web page with Internet Explorer.  This exploit is similar to the "Web Browser Code Execution Vulnerability" reported by US-CERT on July 10, 2007.

    This vulnerability may not be isolated to this specific application.   Any malicious input that Internet Explorer handles may be passed to other applications and executed. 

    US-CERT will provide additional information as it becomes available.


    McAfee Products Contain Multiple Vulnerabilities

    added July 16, 2007 at 01:42 pm

    McAfee ePolicy Orchestrator, ProtectionPilot, and Common Management Agent products contain several vulnerabilities.  These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition on an affected system. 

    More information regarding these vulnerabilities can be found in the following McAfee Security Bulletins:
    Stack corruption of Common Management Agent
    Stack based buffer overflow of Common Management Agent
    Heap based buffer overflow of Common Management Agent
    Crash of Framework service of McAfee Common Management Agent

    US-CERT recommends that administrators of this product apply the updates described in the McAfee Security Bulletin listed above, and will continue to investigate and provide additional information as it becomes available.


    Apple Releases Security Update to Address Multiple Vulnerabilities in QuickTime

    added July 12, 2007 at 11:18 am | updated July 12, 2007 at 05:06 pm

    Apple has released an update to address multiple vulnerabilities in QuickTime. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, execute arbitrary commands, or cause a denial-of-service condition on an affected system.

    More information regarding these vulnerabilities can be found in the following:

    To mitigate the security risks, US-CERT recommends users upgrade to QuickTime 7.2 as soon as possible.


    Adobe Flash Player Multiple Vulnerabilities

    added July 11, 2007 at 12:19 pm | updated July 12, 2007 at 10:41 am

    Adobe Systems has released a Security bulletin to address multiple vulnerabilities in their Flash Player, some of which may allow an unauthenticated attacker to execute arbitrary code on an affected system.  The Adobe Security bulletin further states that all operating systems with a vulnerable version of Flash Player are affected.


    More information regarding these vulnerabilities can be found in the following:

    US-CERT encourages users to apply the updates as described in the Adobe Security bulletin.


    Cisco Releases Security Advisories for Multiple Vulnerabilities in Unified Communications Manager

    added July 11, 2007 at 04:51 pm

    Cisco has published two separate advisories, cisco-sa-20070711-cucm and cisco-sa-20070711-voip, describing several vulnerabilities affecting Cisco Unified Communications Manager. The impacts of these vulnerabilities vary, the most severe of which may allow a remote attacker to execute arbitrary code on an affected system.

    US-CERT recommends that administrators of this product apply the updates described in the Cisco Security Advisories listed above, and will continue to investigate and provide additional information as it becomes available.


    Microsoft Releases July Security Bulletins

    added July 10, 2007 at 03:33 pm

    Microsoft has released updates to address vulnerabilities in Windows, Excel, Office Publisher, and .NET Framework as part of the Microsoft Security Bulletin Summary for July 2007.

    US-CERT will provide additional information as it becomes available.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.


    SAP Products Contain Vulnerabilities

    added July 10, 2007 at 03:31 pm

    US-CERT is aware of vulnerabilities that exist in the SAP Message and DB Web Servers. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

    More information regarding this vulnerability can be found in Vulnerability Note VU#305657  and VU#679041.

    To help mitigate the security risk, US-CERT recommends users upgrade their SAP server to the latest version as soon as possible.