Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
August 2009
 Right Arrow
Su M Tu W Th F Sa
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    August 26, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    August 26Autonomy KeyView SDK Vulnerability
    August 21Libpurple Contains Remote Code Execution Vulnerability
    August 21Adobe Releases Security Bulletin for Flex SDK
    August 19Cisco Releases Security Advisory for Firewall Services Module Vulnerability
    August 18Adobe Releases Hotfixes for ColdFusion and JRun Vulnerabilities
    August 12Apple Releases Safari 4.0.3
    August 12Microsoft Releases August Security Bulletin
    August 6Apple Releases Mac OS X v10.5.8 and Security Update 2009-003
    August 6Microsoft Releases Advance Notification for August Security Bulletin
    August 5Sun Releases Update 15 for Java SE 6


    Autonomy KeyView SDK Vulnerability

    added August 26, 2009 at 09:47 am

    US-CERT is aware of reports of a vulnerability in the way the Autonomy KeyView SDK parses Excel files. The Autonomy KeyView SDK is used by certain products, including Lotus Notes and Symantec Mail Security, to support the handling of a number of different file formats. By supplying a specially crafted Excel spreadsheet to an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code in the context of that application.

    US-CERT encourages users and administrators to do the following to help mitigate the risks:

    • IBM Lotus Notes users should review the IBM Flash Alert and implement the listed fixes or workarounds.
    • Symantec users should review Symantec Security Advisory SYM09-010 and implement the listed fixes or workarounds.
    • The original reporters of the vulnerability state that users of other applications that use an affected version of the Autonomy KeyView SDK may wish to remove the xlssr.dll filter module or comment out the reference to xlssr.dll in the KeyView.ini file distributed with the affected application.


    Libpurple Contains Remote Code Execution Vulnerability

    added August 21, 2009 at 12:58 pm

    Pidgin has released a security advisory to address a vulnerability affecting libpurple. This vulnerability is a buffer overflow that may allow an attacker to execute arbitrary code. Libpurple is used by multiple instant messenger (IM) programs including Adium and Pidgin.

    IM applications that use libpurple may distribute it as a part of their security updates. Users are encouraged to update affected IM software as soon as possible. A partial listing of IM programs that implement libpurple can be found in the "What is libpurple?" webpage on the Pidgin website. Additional information may be found in the US-CERT Vulnerability Notes Database.


    Adobe Releases Security Bulletin for Flex SDK

    added August 21, 2009 at 09:02 am

    Adobe has released security bulletin APSB09-13 to address a vulnerability in Flex 3.3 SDK and earlier versions. This vulnerability may allow an attacker to conduct a cross-site scripting attack.

    US-CERT encourages users and administrators to review Adobe security bulletin APSB09-13 and update to Flex 3.4 SDK to help mitigate the risks. Additionally, the bulletin indicates that this update includes the latest version of Adobe Flash Player.


    Cisco Releases Security Advisory for Firewall Services Module Vulnerability

    added August 19, 2009 at 03:46 pm

    Cisco has released a security advisory to address a vulnerability in the Firewall Services Module (FWSM) for the Catalyst 6500 series switches and the 7600 series routers. By sending specially crafted ICMP messages to the Firewall Services Module, an attacker can cause a denial-of-service condition.

    US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20090819-fwsm and apply any necessary updates or workarounds to help mitigate the risks.


    Adobe Releases Hotfixes for ColdFusion and JRun Vulnerabilities

    added August 18, 2009 at 10:24 am

    Adobe has released hotfixes to address multiple vulnerabilities in JRun 4.0 and ColdFusion 8.0.1 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or operate with escalated privileges.

    US-CERT encourages users and administrators to review Adobe security bulletin APSB09-12 and apply any necessary hotfixes to help mitigate the risks.


    Apple Releases Safari 4.0.3

    added August 12, 2009 at 09:25 am

    Apple has released Safari 4.0.3 for Windows and Mac OS X to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or spoof a website.

    US-CERT encourages users and administrators to review Apple article HT3733 and upgrade to Safari 4.0.3 to help mitigate the risks.


    Microsoft Releases August Security Bulletin

    added August 11, 2009 at 01:03 pm | updated August 12, 2009 at 07:21 am

    Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, Visual Studio, ISA Server, BizTalk Server, Remote Desktop Connection Client for Mac, and .NET Framework as part of the Microsoft Security Bulletin Summary for August 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or cause a denial-of-service condition.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. Additional information regarding these vulnerabilities can be found in US-CERT Technical Cyber Security Alert TA09-223A.


    Apple Releases Mac OS X v10.5.8 and Security Update 2009-003

    added August 6, 2009 at 07:42 am | updated August 6, 2009 at 02:32 pm

    Apple has released Mac OS X v10.5.8 and Security Update 2009-003 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security mechanisms, operate with escalated privileges, or obtain sensitive information.

    US-CERT encourages users and administrators to review Apple article HT3757 and apply any necessary updates to help mitigate the risks. Additional information can be found in US-CERT Technical Cyber Security Alert TA09-218A.


    Microsoft Releases Advance Notification for August Security Bulletin

    added August 6, 2009 at 02:22 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that the August release cycle will contain nine bulletins, five of which will have a severity rating of critical. The notification states that these critical bulletins are for Microsoft Office, Visual Studio, ISA Server, BizTalk Server, Windows, and Client for Mac. There will also be four important bulletins for Microsoft Windows and .NET Framework. Release of these bulletins is scheduled for Tuesday, August 11.

    US-CERT will provide additional information as it becomes available.


    Sun Releases Update 15 for Java SE 6

    added August 5, 2009 at 11:19 am

    Sun has released update 15 for the Java SE JDK 6 and the Java SE JRE 6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or bypass authentication methods.

    US-CERT encourages users and administrators to review the Java SE 6 Update 15 release notes and apply any necessary updates to help mitigate the risks.