Current Activity Calendar

	October 2007
Su	M	Tu	W	Th	F	Sa
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Please click on a date above to see current activity for that day.

October 23, 2007 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*October 23*	Active Exploitation of Vulnerabilities in Adobe Acrobat and Adobe Reader
*October 20*	RealNetworks Issues Security Update for RealPlayer Vulnerability
*October 19*	Mozilla Releases Security Advisories to Address Multiple Vulnerabilities
*October 19*	Active Exploitation of a Vulnerability in RealPlayer
*October 18*	Oracle Releases October Critical Patch Update
*October 17*	Cisco Releases Security Advisories to Address Several Vulnerabilities
*October 12*	OpenSSL Security Advisory

Active Exploitation of Vulnerabilities in Adobe Acrobat and Adobe Reader

added October 23, 2007 at 02:28 pm

US-CERT is aware of active exploitation of previously reported vulnerabilities in Adobe Acrobat and Adobe Reader. Adobe has released an update to address these vulnerabilities.

US-CERT encourages user to apply the update as soon as possible to mitigate these risks.

More information is available in the Adobe Security Advisory APSB07-18.

RealNetworks Issues Security Update for RealPlayer Vulnerability

added October 20, 2007 at 02:32 pm

RealNetworks has issued a Security Update to address the previously reported buffer overflow vulnerability in RealPlayer. This vulnerability could allow an attacker to execute arbitrary code on an affected system by enticing a user to view a specially crafted HTML document.

US-CERT recommends that users apply the update as described in the Security Update from RealNetworks.

More information regarding this vulnerability can be found in Vulnerability Note VU#871673.

Mozilla Releases Security Advisories to Address Multiple Vulnerabilities

added October 19, 2007 at 08:13 am | updated October 19, 2007 at 03:10 pm

Mozilla has released Security Advisories to address several vulnerabilities in Firefox, Thunderbird, and SeaMonkey. These vulnerabilities may allow an attacker to hide the window title bar, execute arbitrary code or commands, or access arbitrary information on an affected system.

More information regarding these vulnerabilities can be found in the Vulnerability Notes Database.

US-CERT encourages users to upgrade to the latest versions as described in the Security Advisories.

Active Exploitation of a Vulnerability in RealPlayer

added October 19, 2007 at 10:29 am

US-CERT is aware of active exploitation of a buffer overflow vulnerability in RealPlayer. This vulnerability affects RealPlayer version 9 and later, and may allow an attacker to execute arbitrary code on an affected system.

Until a fix becomes available, US-CERT recommends that users disable ActiveX as described in the Securing Your Web Browser document to help mitigate the security risk.

US-CERT will continue to investigate and provide additional information as it becomes available.

Oracle Releases October Critical Patch Update

added October 17, 2007 at 09:24 am | updated October 18, 2007 at 12:32 pm

Oracle has released their October Critical Patch Update (CPU) to address 51 vulnerabilities across several products. This CPU contains twenty-eight security fixes for Oracle Database; eleven for Oracle Application Server; seven for Oracle Collaboration Suite; eight for Oracle E-Business Suite; two for Oracle Enterprise Manager; two for Oracle PeopleSoft Enterprise PeopleTools; and one for PeopleSoft Enterprise Human Capital Management.

More information regarding these vulnerabilities can be found in Technical Cyber Security Alert TA07-290A.

US-CERT strongly encourages users to review the October CPU and follow best-practice security policies to determine which updates to apply.

Cisco Releases Security Advisories to Address Several Vulnerabilities

added October 17, 2007 at 02:36 pm

Cisco has released four Security Advisories to address several vulnerabilities in its Firewall Services Module, PIX, Adaptive Security Appliance, Unified Communications Manager, and Unified Communications Web-based Management products.

Cisco Security Advisory: Multiple Vulnerabilities in Firewall Services Module addresses three vulnerabilities that may allow an attacker to bypass network access control list entries or cause a denial-of-service condition.

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and ASA Appliances addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition.

Cisco Security Advisory: Cisco Unified Communications Manager Denial of Service Vulnerabilities addresses two vulnerabilities that may allow an attacker to cause a denial-of-service condition or execute arbitrary code.

Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability addresses a vulnerability that may allow any Microsoft Windows Active Directory domain defined user to obtain unauthorized privilege levels.

US-CERT strongly encourages administrators to review the above Cisco Security Advisories and follow best-practice security policies to determine what updates and workarounds should be applied.

OpenSSL Security Advisory

added October 12, 2007 at 02:16 pm

OpenSSL has released a security advisory to address two vulnerabilities in OpenSSL. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system, other impacts are unknown at this time.

More information regarding this vulnerability can be found in the OpenSSL security advisory.

US-CERT strongly encourages users to review the OpenSSL security advisory and follow best-practice security policies to determine what updates should be applied.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory