More Vulnerabilities Found; More Platforms Affected

Severity: High

26 October, 2007

Update:

On Monday 22 October, we published an alert about a serious vulnerability that affects RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. RealNetworks released a patch to fix that problem. However, it appears that update marked just the beginning of RealNetwork security holes.

Late yesterday, RealNetwork released the second batch of security updates this week, this time fixing six serious vulnerabilities in their media player product line. Here’s what you need to know about the new flaws.

The new flaws affect many more products than the earlier flaw did, including products that run in OS X and Linux. The affected products now include:

• RealPlayer 8, 10, 10.5, 11 for Windows, Mac, and Linux
• RealOne Player v1 and

Severity: Medium

22 October, 2007

Summary:

Yesterday, Adobe released an update to fix critical security vulnerabilities that affect Adobe Reader 8.1 and Adobe Acrobat 8.1 (and all earlier versions) running on Windows XP. By enticing one of your users into opening a specially crafted PDF file, an attacker can exploit the worst of these flaws to gain control of that user’s system. If you use Adobe Reader or Acrobat in your network, you should download, test, and deploy version 8.1.1 as soon as possible.

Exposure:

In a security bulletin released yesterday, Adobe warned of several critical vulnerabilities in Reader 8.1 and Acrobat 8.1 (and all earlier versions) for Windows XP. While their advisory regularly mentions multiple vulnerabilities, they specifically refer to only one issue, which they describe in little detail. Adobe only says that if an attacker can convince a Windows XP user who also has Internet Explorer (IE) 7 into opening a specially crafted PDF file, the attacker can exploit this unspecified flaw to gain control of that user’s computer. Since you can embed PDF files

Severity: High

22 October, 2007

Summary:

Late Friday, RealNetworks released a patch for a critical vulnerability affecting RealPlayer 10.5 and RealPlayer 11 beta running on Windows. By enticing one of your users to a malicious Web site, an attacker can exploit this vulnerability to execute code on your user’s computer, with your user’s privileges. In the worst case scenario, the attacker could gain total control of the victim’s PC. If you allow the use of RealPlayer in your network, have your users upgrade immediately.

Exposure:

RealPlayer and RealOne Player are widely-used software for Internet media delivery. RealOne Player plays virtually every major Internet media format, including Windows Media, Quicktime, MPEG-4, and even DVDs. If you’ve watched streaming videos on the Internet, or listened to music samples while buying CDs online, you’ve probably encountered RealPlayer.

WatchGuard does not recommend using RealPlayer or RealOne Player, partly because both contain automatic communication features which, by default, let RealNetworks and RealNetwork’s “partners” (such as NASCAR and CNN) install software on your client computers. But in reality, many of your users have probably installed one of these products, with or without your

Severity: Medium

19 October, 2007

Summary:

Late yesterday, the Mozilla Foundation released an update to fix ten security vulnerabilities in Firefox 2.0.0.7, for Windows, Linux, and Macintosh. If one of your Firefox users visits a malicious web page, an attacker could exploit the worst of these vulnerabilities to execute code on your user’s computer, with your user’s privileges, possibly gaining complete control of the computer. If you run Firefox on any platform, you should download and deploy version 2.0.0.8 at your earliest convenience.

Exposure:

Yesterday, the Mozilla Foundation released Firefox 2.0.0.8, fixing ten security vulnerabilities in the popular web browser. We summarize the three most critical vulnerabilities below:

• Two memory corruption vulnerabilities. Firefox suffers from two unspecified crash bugs, which corrupt memory. Mozilla presumes that with enough effort some of these memory corruption flaws could be exploited to run arbitrary code. To exploit these flaws, an attacker would first have to trick one of your users into visiting a specially crafted web page. If your user took the bait, the attacker could execute code on that user’s machine, with that user’s privileges. If your

by Corey Nachreiner, CISSP, Network Security Analyst, WatchGuard Technologies

[Editor’s Note: This article supplements the list of attacks shown in Part 2 of the video series, Malware Analysis: Botnets. “Malware Analysis: Botnets, Part 2″ shows a small subset of botnet attacks in action. This article fills out that subset with more attacks commonly found in a bot herder’s arsenal. LiveSecurity subscribers can find the videos, free of charge, on our Video Tutorials page. –Scott]

You’ll often hear botnets described as a “hacker’s Swiss army knife.” Just as a Swiss army knife can come with a crazy variety of blades, scissors, and screwdrivers, bots come with numerous exploits and commands that allow bot herders to launch many different types of attacks.

Since coding up a bot client takes time and skill, most attackers buy bot code in the online underground. Popular malicious bots include Phatbot, Agobot, and the one shown in our video, Rxbot. These bot clients use modular code, so if a bot herder doesn’t love the array of commands his bot offers, he simply adds new ones. For

Severity: High

9 October , 2007

Summary:

Today, Microsoft released a security bulletin describing three vulnerabilities in Internet Explorer. By tricking one of your users into visiting a maliciously crafted web page or into opening a maliciously crafted HTML email, an attacker could exploit five of these new vulnerabilities to execute code on your user’s computer, with your user’s privileges. In the worst case, the attacker could gain complete control of the victim computer. If you use Internet Explorer in your network, you should download, test, and deploy the appropriate Internet Explorer patches immediately. The patches fix the newly announced vulnerabilities, in addition to all previous ones.

Exposure:

In a security bulletin released today as part of their monthly patch update, Microsoft describes three vulnerabilities in Internet Explorer (IE) versions 5.01, 6.0, and 7.0.

The worst of these three vulnerabilities has to do with a flaw in the way IE handles a certain error involving file downloads. Triggering this error in a particular way causes memory corruption. By luring one of your users into visiting a malicious web page