Meer Gevonden Kwetsbaarheid; Meer Beïnvloede Platforms

Strengheid: Hoog

26 Oktober, 2007

Update:

Op Maandag 22 Oktober, publiceerden wij alarm een ongeveer ernstige kwetsbaarheid die RealPlayer 10.5 en RealPlayer 11 het bèta lopen op Vensters beïnvloedt. Door één van uw gebruikers aan een kwaadwillige Website te verleiden, kan een aanvaller deze kwetsbaarheid exploiteren om code inzake de computer van uw gebruiker, met de voorrechten van uw gebruiker uit te voeren. In het slechtste geval kon het scenario, de aanvaller totale controle van PC van het slachtoffer bereiken. RealNetworks gaf een flard vrij om dat probleem te bevestigen. Nochtans, blijkt het dat de update enkel het begin van RealNetwork veiligheidsgaten merkte.

Laat gisteren, gaf RealNetwork de tweede partij van vrij veiligheids updates deze week, dit keer dat zes ernstige kwetsbaarheid in hun media lijn van het spelerproduct bevestigt. Hier is wat u over de nieuwe gebreken moet weten.

De nieuwe gebreken beïnvloeden veel meer producten dan het vroegere gebrek, met inbegrip van producten die in OS X en Linux lopen. De beïnvloede producten omvatten nu:

• RealPlayer 8, 10, 10.5, 11 voor Vensters, MAC, en Linux
• De Speler van RealOne v1 en

Strengheid: Middel

22 Oktober, 2007

Samenvatting:

Gisteren, gaf de Adobe een update vrij om kritieke veiligheidskwetsbaarheid te bevestigen die Lezer 8.1 van de Adobe en Acrobat 8.1 van de Adobe (en alle vroegere versies die) op Vensters XP lopen beïnvloedt. Door één van uw gebruikers in het openen van een speciaal bewerkt Pdf- dossier te verleiden, kan een aanvaller slechtst van deze gebreken exploiteren om controle van het systeem van die gebruiker te bereiken. If you use Adobe Reader or Acrobat in your network, you should download, test, and deploy version 8.1.1 as soon as possible.

Exposure:

In a security bulletin released yesterday, Adobe warned of several critical vulnerabilities in Reader 8.1 and Acrobat 8.1 (and all earlier versions) for Windows XP. While their advisory regularly mentions multiple vulnerabilities, they specifically refer to only one issue, which they describe in little detail. Adobe only says that if an attacker can convince a Windows XP user who also has Internet Explorer (IE) 7 into opening a specially crafted PDF file, the attacker can exploit this unspecified flaw to gain control of that user’s computer. Since you can embed PDF files

Severity: High

22 October, 2007

Summary:

Late Friday, RealNetworks released a patch for a critical vulnerability affecting RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. If you allow the use of RealPlayer in your network, have your users upgrade immediately.

Exposure:

RealPlayer and RealOne Player are widely-used software for Internet media delivery. RealOne Player plays virtually every major Internet media format, including Windows Media, Quicktime, MPEG-4, and even DVDs. If you’ve watched streaming videos on the Internet, or listened to music samples while buying CDs online, you’ve probably encountered RealPlayer.

WatchGuard does not recommend using RealPlayer or RealOne Player, partly because both contain automatic communication features which, by default, let RealNetworks and RealNetwork’s “partners” (such as NASCAR and CNN) install software on your client computers. But in reality, many of your users have probably installed one of these products, with or without your

Severity: Medium

19 October, 2007

Summary:

Late yesterday, the Mozilla Foundation released an update to fix ten security vulnerabilities in Firefox 2.0.0.7, for Windows, Linux, and Macintosh. If one of your Firefox users visits a malicious web page, an attacker could exploit the worst of these vulnerabilities to execute code on your user’s computer, with your user’s privileges, possibly gaining complete control of the computer. If you run Firefox on any platform, you should download and deploy version 2.0.0.8 at your earliest convenience.

Exposure:

Yesterday, the Mozilla Foundation released Firefox 2.0.0.8, fixing ten security vulnerabilities in the popular web browser. We summarize the three most critical vulnerabilities below:

• Two memory corruption vulnerabilities. Firefox suffers from two unspecified crash bugs, which corrupt memory. Mozilla presumes that with enough effort some of these memory corruption flaws could be exploited to run arbitrary code. To exploit these flaws, an attacker would first have to trick one of your users into visiting a specially crafted web page. If your user took the bait, the attacker could execute code on that user’s machine, with that user’s privileges. If your

by Corey Nachreiner, CISSP, Network Security Analyst, WatchGuard Technologies

[Editor’s Note: This article supplements the list of attacks shown in Part 2 of the video series, Malware Analysis: Botnets. “Malware Analysis: Botnets, Part 2″ shows a small subset of botnet attacks in action. This article fills out that subset with more attacks commonly found in a bot herder’s arsenal. LiveSecurity subscribers can find the videos, free of charge, on our Video Tutorials page. –Scott]

You’ll often hear botnets described as a “hacker’s Swiss army knife.” Just as a Swiss army knife can come with a crazy variety of blades, scissors, and screwdrivers, bots come with numerous exploits and commands that allow bot herders to launch many different types of attacks.

Since coding up a bot client takes time and skill, most attackers buy bot code in the online underground. Popular malicious bots include Phatbot, Agobot, and the one shown in our video, Rxbot. These bot clients use modular code, so if a bot herder doesn’t love the array of commands his bot offers, he simply adds new ones. For

Severity: High

9 October, 2007

Summary:

Today, Microsoft released three security bulletins describing vulnerabilities that affect Windows and components shipping with it. A remote attacker could exploit the worst of these flaws to execute code on your Windows PC, potentially gaining complete control of it. For a table briefly summarizing which vulnerabilities affect which versions of Windows, see Microsoft’s Security Bulletin Summary for October and expand the section, “Affected Software and Download Location.” If you manage a Windows network, you should download, test, and deploy the appropriate Windows patches throughout your network as soon as possible.

Exposure:

Microsoft’s three security bulletins detail vulnerabilities found in, or affecting, components of Windows. Each vulnerability affects different versions of Windows to a different extent. The summary below lists the vulnerabilities from highest to lowest severity.

MS07-055 : Kodak Image Viewer Remote Code Execution Vulnerability

The Kodak Image Viewer ships with Windows and allows you to view digital images. Unfortunately, the Kodak Image Viewer suffers from an unspecified “code execution vulnerability” involving the way it parses specially