Category Archives: Emerging Threats

Excel Exploit In The Wild

Posted on by
Reply

Microsoft reported today that a previously unknown vulnerability in Excel is being actively exploited. According to the release the issue affects older versions of Excel, including Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000, and Microsoft Excel 2004 for OS X. The exploit requires the victim to open a malicious Excel file in order for the exploit to execute.

There is currently no fix for this issue, other than being very careful about which Excel files are opened. Microsoft said that they are working on a fix that may come out before the next patch cycle.

Microsoft’s advisory is at: http://www.microsoft.com/technet/security/advisory/947563.mspx

QuickTime 7.4 is available

Posted on by
Reply

The hits just keep coming! Apple has released another version of Quicktime this time around multiple vulnerabilities that may allow arbitrary code execution have been addressed. These include:

    An unspecified handling error in the processing of Sorenson 3 video files.

    An error in the processing of embedded Macintosh Resource records within QuickTime movies.

    Parsing errors of malformed Image Descriptor (IDSC) atoms.

    A boundary error in the processing of compressed PICT images.

We recommend that everyone upgrade to QuickTime 7.4
See Apple’s full advisory at:
http://docs.info.apple.com/article.html?artnum=307301

Oracle Critical Patches for January 2008

Posted on by
Reply

As apart of their ongoing security program, Oracle has released their latest round of critical patches. Most versions of Oracle from 9i through 12 are affected in some manner and the vulnerabilities are unspecified. For full details visit their original advisory at:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html

The Continuing Saga of Malware by Email

Posted on by
Reply

We’re seeing reports of a new round of storm virus emails. This time they’re using valentine’s day to lure users to a site to download and run the malware. Otherwise it is essentially the same attack as before. We advise that you ensure all your email and virus defenses are running with the latest updates and that your users are reminded to ignore emails from unknown entities. They should also never download attachments from emails or web sites that are not explicitly trusted. There are plenty of potentially intriguing subjects that could be used to dup unsuspecting users. Things like winning Super Bowl tickets, checking out the latest American Idol videos, or even the latest news on the presidential campaign.

Quicktime PoC

Posted on by
Reply

Apple released an update to Quicktime yesterday, and attackers wasted no time coming up with a new exploit for it. Already in the public is a proof of concept exploit for Quicktime 7.3.1.70. It seems that Apple still hasn’t fixed the root cause of the RTSP vulnerability.

In other news, a survey over the past year on Oracle admins found that only 1 in 3 Oracle database admins bother to patch their databases. 68% of the admins admitted to never applying any patches at all. If that is true, it’s rather frightening.

QuickTime 7.3.1 is available

Posted on by
Reply

Apple has released QuickTime 7.3.1 to address several vulnerabilities. These include the buffer overflow in RTSP, a heap buffer overflow found in QuickTime’s handling of QTL files and vulnerabilities which exist in QuickTime’s Flash media handler. Updates are available for: Mac OS X v10.3.9 or later, Windows Vista, and XP SP2. The relevant CVEs are CVE-2007-6166, CVE-2007-4706 and CVE-2007-4707 respectively.

Sun Java Identity Manager Vulnerabilities

Posted on by
Reply

Sun released two advisories today. The first details Coss-Site Scripting vulnerabilites in Sun Java System Identity Manager. They consist of input validation errors in the parameters “cntry” and “lang” of /idm/login.jsp, the “resultsForm” parameter of /idm/account/findForSelect.jsp and the “helpUrl” parameter of /idm/help/index.jsp. The original advisory can be found at:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1

The second involves

Quicktime PoC, IBM Lotus DoS

Posted on by
Reply

There’s a vulnerability in IBM Lotus Domino, which could result in a Denial of Service. There aren’t any details regarding the specifics of the vulnerability at this time. The vulnerability is reported in versions below 7.0.2 Fix Pack 3. Administrators should look in to updating to 7.0.2 Fix Pack 3. More information can be obtained from the original advisory http://www-1.ibm.com/support/docview.wss?uid=swg27011539
McAfee E-Business Server is also vulnerable to a local Denial of Service. An error in the handling of authentication packets can be exploited to DoS the service or potentially execute arbitrary code. Version 8.5.2 and earlier are vulnerable. Version 8.5.3 is available.
An exploit has been released for the Quicktime RTSP vulnerability previously discusses. There is currently no fix available at this time. Users should be aware and alert to what they are watching/listening to and from who.

Microsoft Patch Tuesday Information

Posted on by
Reply

MS08-001

Addresses vulnerabilities in the TCP/IP stack that could lead to the execution of arbitrary code or Denial of Service conditions. It is rated Critical. This bulletin replaces MS06-032. The Microsoft security bulletin can be found at:http://www.microsoft.com/technet/security/Bulletin/MS08-001.mspx

MS08-002

Addresses vulnerabilities in input validation errors in Local Security Authority Subsystem Service (LSASS) that could lead to execution of code or privilege escalation. The Microsoft security bulletin can be found at: http://www.microsoft.com/technet/security/Bulletin/MS08-002.mspx

Patches for VMWare ESX Server and VirtualCenter

Posted on by
Reply

VMWare has released new patches that address vulnerabilities in Tomcat and Java JRE that could lead to compromise of systems, Denial of Service or the ability to circumvent security restrictions. The updates are for VirtualCenter 2.0.2, ESX 3.0.1 and ESX Server 3.0.2.
The original VMWare announcement can be found at: http://lists.vmware.com/pipermail/security-announce/2008/000003.html