February 28, 2008 - Current Activity

Opera Releases Update

Opera has released version 9.26 for Windows. This version addresses multiple vulnerabilities in the Opera web browser. These vulnerabilities may allow an attacker to trick users into uploading arbitrary files or execute arbitrary scripts in the wrong security context.

US-CERT encourages users to review the Opera 9.26 for Windows changelog and upgrade to Opera 9.26.

US-CERT will provide more information as it becomes available.

Final Netscape Navigator Release

Netscape has released Netscape Navigator 9.0.0.6. This release addresses multiple vulnerabilities. This is the last release for Netscape Navigator. Support will be discontinued on March 1, 2008.

US-CERT encourages users to review the release notes and upgrade to Netscape Navigator 9.0.0.6.

Symantec Releases Security Advisory

Symantec has released a security advisory addressing multiple vulnerabilities in various Symantec AntiVirus products.  These vulnerabilities are due to errors in the way that Symantec Decomposer handles .RAR files.  These vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Symantec Security Advisory SYM08-006, apply the update, and follow the best security practices provided in the advisory.

US-CERT will provide more information as it becomes available.

Mozilla Releases Security Advisory

Mozilla has released a security advisory to address a vulnerability in Thunderbird and SeaMonkey.  This vulnerability is due to an error in the way that external-body MIME types are handled.  By convincing a user to view a specially crafted email message, an unauthenticated, remote attacker may be able to execute arbitrary code.

US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-12 and upgrade to Thunderbird 2.0.0.12 or SeaMonkey 1.1.8.

US-CERT will provide more information as it becomes available.

Microsoft Windows CE Trojan

US-CERT is aware of reports of a trojan that affects Microsoft Windows CE. This trojan disables Windows Mobile application installation security.

The trojan may take any or all of the following actions on the mobile device:

• spreads via seemingly legitimate application installation files
  
• installs as an autorun program on the memory card
• installs itself to the device when an infected memory card is inserted
• protects itself from deletion by copying itself back to disk
• replaces the browser's homepage
• allows unsigned applications to install without warning

• Install anti-virus software on the mobile device, and keep its virus signature files up-to-date.
• Use caution when downloading and installing applications.

VMware Releases Security Alert

VMware has released a security alert in response to a vulnerability in Windows-hosted VMware Workstation, VMware Player, and VMware ACE. This vulnerability exists in the host-to-guest shared folders feature and allows applications running in the guest operating system to access the host operating system's file system. Exploitation of this vulnerability may allow an attacker to circumvent the controls on the guest system and gain read and write access to the host file system.

US-CERT encourages users to review VMware knowledge base article 1004034 and apply the workarounds.

US-CERT will provide additional information as it becomes available.

Novell iPrint Client Vulnerability

Novell has released an update to address a vulnerability in iPrint Client for Windows.  This vulnerability is due to a buffer overflow in the"ExecuteRequest()" method of the "ienipp.ocx" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.

US-CERT encourages users to review Novell document 5008420 and apply the appropriate update for their system.

US-CERT will provide more information as it becomes available.

BEA Releases Security Advisories for Vulnerabilities

BEA has released multiple security advisories to address vulnerabilities in WebLogic, AquaLogic and Plumtree.  These vulnerabilities may allow an attacker to execute arbitrary code, bypass security restrictions, elevate privileges, and obtain sensitive information.

US-CERT encourages users to review the BEA security advisories and apply any necessary updates.

US-CERT will provide more information as it becomes available.

EMC RepliStor Vulnerabilities

US-CERT is aware of reports of multiple vulnerabilities affecting EMC RepliStor. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

US-CERT encourages users to review the EMC knowledge base article emc179808 (login required) and apply any necessary updates.

US-CERT will provide more information as it becomes available.

Lunar Eclipse Email Attack

US-CERT is aware of an email attack circulating that is related to the recent lunar eclipse.  The email contains a message indicating that there is a video of  the lunar eclipse available and instructs users to follow a link to download the video.  If a user clicks on this link, an executable file will be downloaded that contains a Trojan program. This Trojan program may allow an attacker to take control of an affected system.

US-CERT encourages users to take the following preventative measures to mitigate the security risks:

• Install anti-virus software and keep virus signatures up-to-date.
• Do not follow unsolicited links.
• Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.