Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
September 2007
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    September 24, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    September 24CA ARCserve Backup for Laptops and Desktops contains multiple vulnerabilities
    September 24Google Search Appliance Vulnerability
    September 21Reports of Multiple Product PDF Rendering Vulnerability
    September 20New VMware Product Versions Addresses Several Vulnerabilities
    September 20Microsoft Windows MFC Libraries Buffer Overflow Vulnerability
    September 19Mozilla Releases Security Advisory to Mitigate QuickTime Code Execution Vulnerability
    September 14Public Exploit Code Targeting Firefox and QuickTime


    CA ARCserve Backup for Laptops and Desktops contains multiple vulnerabilities

    added September 24, 2007 at 03:02 pm

    US-CERT is aware of several vulnerabilities that affect the CA ARCserve Backup for Laptops and Desktops product. These vulnerabilities may allow an attacker to execute arbitrary code, bypass authentication, or cause a denial-of-service condition.

    More information regarding these vulnerabilities and which applications are affected can be found in the CA Security Advisor "CA ARCserve Backup for Laptops and Desktops Multiple Server Vulnerabilities" document.

    US-CERT recommends that users upgrade to the latest versions to help mitigate the security risks.



    Google Search Appliance Vulnerability

    added September 24, 2007 at 12:28 pm

    US-CERT is aware of a publicly reported cross-site scripting (XSS) vulnerability in Google's search appliance. Cross-site scripting vulnerabilities may allow a remote, unauthenticated attacker to inject malicious script into a web page.

    US-CERT encourages users to follow best-practice security policies as described in the Securing Your Web Browser document.

    US-CERT will provide additional information as it becomes available.


    Reports of Multiple Product PDF Rendering Vulnerability

    added September 21, 2007 at 03:24 pm

    US-CERT is aware of public reports of a vulnerability that may affect Adobe Acrobat, Adobe Acrobat Reader, and Foxit Reader. Few details are currently available, but it is claimed that an attacker may be able to execute arbitrary code or commands on an affected system by enticing a user to open a specially crafted PDF document.

    Until a security fix becomes available, US-CERT recommends users take the following actions that may help mitigate the security risk:

    • Do not open unsolicited or untrusted PDF files.
    • Disable the displaying of PDF documents in the web browser as described in the "Solution" section of Vulnerability Note VU#815960.
    • Utilize available PDF rendering services as policies permit.
    US-CERT will continue to investigate this issue and provide more information as it becomes available.


    New VMware Product Versions Addresses Several Vulnerabilities

    added September 19, 2007 at 01:24 pm | updated September 20, 2007 at 01:26 pm

    VMware has released updates for several products in part to address several vulnerabilities. These vulnerabilities may allow an attacker to overwrite arbitrary files, gain elevated privileges, cause a denial-of-service condition, or execute arbitrary code on an affected system. Affected products include VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player.

    More information regarding these vulnerabilities can be found in VMware Security Advisory VMSA-2007-0006.

    US-CERT recommends that users upgrade to the latest versions to help mitigate the security risks.


    Microsoft Windows MFC Libraries Buffer Overflow Vulnerability

    added September 18, 2007 at 02:08 pm | updated September 20, 2007 at 09:09 am

    US-CERT is aware of a vulnerability in the Microsoft Windows MFC42 and MFC71 libraries. Specifically, the vulnerability exists due to the "FindFile" function failing to properly validate the length of user supplied input. By passing an overly long argument to the "FindFile" function, an attacker may be able to cause a buffer overflow and execute arbitrary code on an affected system. Any application that utilizes these libraries and allows users to manipulate the arguments being passed to the API may be affected.

    More information regarding this vulnerability can be found in Vulnerability Note VU#611008.


    Mozilla Releases Security Advisory to Mitigate QuickTime Code Execution Vulnerability

    added September 19, 2007 at 09:41 am

    Mozilla has released security advisory MFSA 2007-28 to address a weakness that may allow an attacker to execute arbitrary commands on an affected system. This update may prevent exploitation of a vulnerability in Apple QuickTime by removing Firefox's ability to run arbitrary scripts, which are provided by command line arguments. More information regarding this vulnerability can be found in Vulnerability Note VU#751808.

    To help mitigate this security risk, US-CERT recommends that users apply the updates and workarounds described in Vulnerability Note VU#751808 and Mozilla security advisory MFSA 2007-28.


    Public Exploit Code Targeting Firefox and QuickTime

    added September 12, 2007 at 04:26 pm | updated September 14, 2007 at 09:02 am

    US-CERT is aware of working publicly available exploit code that targets users with Firefox and QuickTime installed. This exploit allows a remote, unauthenticated attacker to execute arbitrary commands on an affected system.  

    More information regarding this vulnerability can be found in Vulnerability Note VU#751808.

    Until updates are available, US-CERT encourages administrators and users to view only trusted QuickTime movies.