July 26, 2007 - Current Activity

Multiple Web Browsers URI Sanitization Vulnerabilities

US-CERT is aware of several vulnerabilities caused by multiple web browsers failing to sanitize URIs prior to passing them to registered protocol handlers in Windows.

More information regarding these vulnerabilities can be found in Vulnerability Note VU#783400.

Panda Antivirus Buffer Overflow Vulnerability

US-CERT is aware of a buffer overflow vulnerability in Panda Antivirus. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system by passing a crafted ".EXE" file to the Panda Antivirus file parsing engine.

It has been reported that an update has been issued through the built in update mechanism to mitigate this vulnerability. US-CERT strongly recommends users verify that their systems are updated.

CA Releases Updates to Address Vulnerabilities in Several Products

Computer Associates has released updates to address vulnerabilities in CA Message Queuing, eTrust Intrusion Detection, and several products that implement the "Arclib" library. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition on a vulnerable system.

More information regarding these vulnerabilities and which applications are affected can be found in the following Computer Associates Security Notices:

• Security Notice for CA products containing Arclib
• Security Notice for CA Message Queuing (CAM / CAFT) vulnerability
• Security Notice for eTrust Intrusion Detection caller.dll vulnerability

Publicly Available Exploit for LinkedIn Internet Explorer Toolbar Code Execution Vulnerability

US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the LinkedIn Internet Explorer toolbar. If a user has the LinkedIn toolbar installed and is persuaded to visit a malicious web page, an attacker may be able to execute arbitrary code on a vulnerable system.

Until an update, patch, or more information becomes available, US-CERT strongly recommends that users disable ActiveX as specified in the Securing Your Web Browser document and refrain from following unsolicited links.

US-CERT will continue to investigate and provide additional information as it becomes available.

Multiple Vulnerabilities in ISC BIND 9

US-CERT is aware of two vulnerabilities in ISC BIND that may allow an arbitrary, remote user to make recursive queries or perform DNS cache poisoning attacks. More information regarding these vulnerabilities, workarounds, and fixes can be found on the ISC BIND Vulnerabilities page.

US-CERT recommends that administrators of this product apply the workarounds and fixes described on the ISC BIND Vulnerabilities page, and will continue to investigate and provide additional information as it becomes available.

Cisco Releases Security Advisory for Multiple Vulnerabilities in Wireless LAN Controllers

Cisco has released Security Advisory cisco-sa-20070724-arp to address several vulnerabilities in Cisco Wireless LAN Controllers that may allow an attacker to cause a denial-of-service condition on a network that utilizes affected equipment.

US-CERT recommends that administrators of these products apply the updates described in Cisco Security Advisory cisco-sa-20070724-arp, and will continue to investigate and provide additional information as it becomes available.

Oracle Releases July Critical Patch Update

Oracle has released their July Critical Patch Update (CPU) to address vulnerabilities across all products, some of which have a maximum severity rating of High. This CPU contains eighteen security fixes for Oracle Database; one for Oracle Application Express; four for Oracle Application Server; five for Oracle Collaboration Suite; fourteen for Oracle E-Business Suite; and seven for Oracle PeopleSoft Enterprise.

More information about this vulnerability is located in the Technical Cyber Security Alert TA07-200A.

US-CERT strongly encourages users to review the July CPU and follow best-practice security policies to determine which updates to apply.