Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
March 2008
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    March 18, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    March 18Apple Security Updates
    March 18CA BrightStor ARCserve Backup Vulnerability
    March 18F-Secure Releases Security Bulletin
    March 17Microsoft Updates March Security Bulletin
    March 14Websites Compromised Through SQL Injection
    March 14Search Engine IFRAME Injection Attacks
    March 12Cisco Releases Security Advisory to Address Multiple Vulnerabilities
    March 12Adobe Releases Security Bulletins to Address Multiple Vulnerabilities
    March 11RealPlayer ActiveX Vulnerability
    March 11Microsoft Releases March Security Bulletin


    Apple Security Updates

    added March 18, 2008 at 05:08 pm

    Apple has released Safari 3.1 and Security Update 2008-002 to address multiple vulnerabilities.

    These vulnerabilities may allow an attacker to do the following:

    • Execute arbitrary code
    • Cause a denial-of-service condition
    • Bypass authentication
    • Elevate privileges
    • Obtain sensitive information
    • Cause untrusted certificates to appear trusted
    US-CERT encourages users to do the following to help mitigate the risk:
    • Review Apple Article 307563 and upgrade to Safari 3.1.
    • Review Apple Security Update 2008-002 and apply any necessary updates.
    US-CERT will provide more information as it becomes available.


    CA BrightStor ARCserve Backup Vulnerability

    added March 18, 2008 at 11:14 am

    US-CERT has seen reports of a vulnerability in CA BrightStor ARCserve Backup. This vulnerability is due to a boundary error within the "AddColumn()" method in the "ListCtrl" ActiveX control. Exploitation of this vulnerability may allow a remote attacker to cause a stack-based buffer overflow and execute arbitrary code.

    US-CERT encourages users to do the following to help mitigate the risk:

    • Set a kill bit for the CLSID {BF6EFFF3-4558-4C4C-ADAF-A87891C5F3A3}.
    • Disable ActiveX as described in the Securing Your Web Browser document.
    US-CERT will provide more information as it becomes available.


    F-Secure Releases Security Bulletin

    added March 18, 2008 at 11:12 am

    F-Secure has released Security Bulletin FSC-2008-2 to address vulnerabilities in multiple F-Secure products. These vulnerabilities are caused by improper handling of malformed archives. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

    US-CERT encourages users to review F-Secure Security Bulletin FSC-2008-2 and apply the updates.

    US-CERT will provide more information as it becomes available.


    Microsoft Updates March Security Bulletin

    added March 14, 2008 at 06:00 pm | updated March 17, 2008 at 04:05 pm

    Microsoft has made revisions to all of the March Security Bulletins. These revisions

    • Clarify why a non-vulnerable version of Office was offered during this update.
    • Correct the registry key for verifying the update for ISA Server.
    • Remove MS07-015 as a replaced bulletin for Microsoft Office XP Service Pack 3.
    • Update vulnerability FAQs
    • Update file information tables for Outlook 2000 and 2003.
    Microsoft has also re-released MS08-014 to include additional information about issues relating to users of Excel 2003 Service Pack 2 or Service Pack 3.

    US-CERT encourages users to review the updated March Security Bulletins and apply any necessary updates.


    Websites Compromised Through SQL Injection

    added March 13, 2008 at 12:04 pm | updated March 14, 2008 at 06:01 pm

    US-CERT has seen reports of an attack that has compromised a large number of legitimate websites. The reports indicate that attackers are modifying the sites and embedding a reference to JavaScript code. Users who visit one of these infected websites may unknowingly execute malicious code. This code attempts to exploit known vulnerabilities for which patches are available but may not have been applied to the victim's system.

    This issue is currently exploiting a variety of vulnerabilities:

    • Baofeng Storm ActiveX
    • Ourgame GLChat ActiveX
    • Microsoft Internet Explorer VML (VU#122084)
    • Qvod Player ActiveX
    • Microsoft RDS.Dataspace ActiveX (VU#234812)
    • RealPlayer playlist ActiveX (VU#871673)
    • Storm Player ActiveX
    • Microsoft Windows WebViewFolderIcon ActiveX (VU#753044)
    • Xunlei Thunder DapPlayer ActiveX
    US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:
    • Regularly apply software updates and patches provided by vendors.
    • Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.
    US-CERT will provide more information as it becomes available.


    Search Engine IFRAME Injection Attacks

    added March 14, 2008 at 05:45 pm | updated March 14, 2008 at 06:00 pm

    US-CERT has seen reports of attacks using specially crafted URLs that inject IFRAMEs as terms into search engines on legitimate websites.  The affected URLs include popular search terms, and may be returned as high ranking results in internet search engines. If the site hosting the search engine is vulnerable to cross-site scripting, users who follow the affected URLs may be unknowingly redirected to malicious websites. These sites may then attempt to exploit web browser vulnerabilities, entice users to download and install malicious code, or display unsolicited advertisements.

    US-CERT encourages users to do the following to help mitigate the risk of this and similar attacks:

    • Regularly apply software updates and patches provided by vendors.
    • Disable JavaScript and ActiveX as described in the Securing Your Web Browser document.


    Cisco Releases Security Advisory to Address Multiple Vulnerabilities

    added March 12, 2008 at 03:50 pm

    Cisco has released Security Advisory cisco-sa-20080312-ucp to address multiple vulnerabilities in the Cisco Secure Access Control Server for Windows User-Changeable Password (UCP) application. These vulnerabilities are due to buffer overflow conditions and improper sanitization of input passed to CSuserCGI.exe. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code.

    US-CERT encourages users to review Cisco Security Advisory cisco-sa-20080312-ucp and apply any necessary updates.

    US-CERT will provide more information as it becomes available.


    Adobe Releases Security Bulletins to Address Multiple Vulnerabilities

    added March 12, 2008 at 03:50 pm

    Adobe has issued six security bulletins to address multiple vulnerabilities in the following Adobe products:

    • Adobe Reader 8.1.2 for Unix
    • ColdFusion MX 7 and ColdFusion 8
    • Adobe Form Designer 5.0 and Adobe Form Client 5.0 Components
    • LiveCycle Workflow 6.2
    These vulnerabilities may allow an attacker to do the following:
    • Execute arbitrary code
    • Escalate privileges
    • Manipulate data
    • Bypass security settings
    • Conduct cross-site scripting attacks
    US-CERT encourages users to review the Adobe Security Bulletins and apply updates as necessary.

    US-CERT will provide more information as it becomes available.


    RealPlayer ActiveX Vulnerability

    added March 11, 2008 at 09:51 am | updated March 11, 2008 at 02:14 pm

    US-CERT is aware of reports of a vulnerability in RealPlayer. This vulnerability is due to improper handling of the "Console" property in the RealPlayer ActiveX control (rmoc3260.dll). Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

    US-CERT encourages users to do the following to help mitigate the risk:

    • Review US-CERT Vulnerability Note VU#831457.
    • Review Microsoft Support Document 240797 and set kill bits for the following CLSIDs:
            {0FDF6D6B-D672-463B-846E-C6FF49109662}
            {224E833B-2CC6-42D9-AE39-90B6A38A4FA2}
            {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}
            {3B46067C-FD87-49B6-8DDD-12F0D687035F}
            {3B5E0503-DE28-4BE8-919C-76E0E894A3C2}
            {44CCBCEB-BA7E-4C99-A078-9F683832D493}
            {A1A41E11-91DB-4461-95CD-0C02327FD934}
            {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}
    US-CERT will provide more information as it becomes available.


    Microsoft Releases March Security Bulletin

    added March 11, 2008 at 01:54 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Excel, Outlook, Office, and Office Web Components as part of the Microsoft Security Bulletin Summary for March 2008. All of these vulnerabilities could allow an attacker to execute arbitrary code.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.