Thursday, July 29, 2010

Vulnerabilities In Lotus Notes File Viewers

IBM has released an update for Lotus Notes email client. The update fixes vulnerabilities that are related to way how Notes handles file attachments. By exploiting these vulnerabilities it may be possible to execute arbitrary code in vulnerable system.

Affected versions are:
- Lotus Notes 8.5 series prior version 8.5.1 Fix Pack 4
- Lotus Notes 8.0 series prior version 8.0.2 Fix Pack 6
- Lotus Notes 7 series
- Lotus Notes 6.5 series
- Lotus Notes 5 series

Solution:
IBM recommends to install Lotus Notes 8.0.2 Fix Pack 6 or Lotus Notes 8.5.1 Fix Pack 4. If that's not possible then workarounds can be used. More about these and other details can be read from related support document.

Vulnerability Fix For Safari

Apple has released new versions of their Safari web browsers. The new versions contain fixes to 15 different vulnerabilities. Some of these may allow an attacker to execute arbitrary code in affected system.

Affected are Safari versions earlier than 5.0.1 or 4.1.1. Users of vulnerable Safari versions can get the latest version here.

More information of security content of 5.0.1 and 4.1.1 versions can be read here.

Wednesday, July 28, 2010

PHP Updates Available

PHP development team has released new versions for 5.3.x and 5.2.x series of PHP scripting language.

PHP 5.3.3 for 5.3.x series fixes in total over 100 bugs and vulnerabilities. Details of fixed issues are not published.

PHP 5.2.14 for 5.2.x series fixes in total over 60 bugs and vulnerabilities. Details of fixed issues are not published. 5.2.14 version was the last one for PHP 5.2.x series. Users of this series are recommended to update to PHP 5.3.3. Migration guide for 5.2.x series users can be found here.

More details about 5.3.3 release can be read here and 5.2.14 release here.

Tuesday, July 27, 2010

Patched Version of Chrome Available

Google has released a new version of their Chrome web browser. Version 5.0.375.125 contains fixes to seven vulnerabilities of which two are categorized as critical, three as high, one as medium and one as low.

More information in Google Chrome Releases blog.

Wednesday, July 21, 2010

New Updates For Mozilla Products

Mozilla has released security bulletins related to found issues in some of their products. Eight of the fixed vulnerabilities are categorized as critical, two as high and other four as moderate.

Critical:
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-36 Use-after-free error in NodeIterator
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

MFSA 2010-39 nsCSSValue::Array index integer overflow
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-41 Remote code execution using malformed PNG image
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

High:
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-43 Same-origin bypass using canvas context
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

Moderate:
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Thunderbird 3.1.x series prior 3.1.1

MFSA 2010-45 Multiple location bar spoofing vulnerabilities
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-46 Cross-domain data theft using CSS
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6

MFSA 2010-47 Cross-origin data leakage from script filename in error messages
*Affects:
- Firefox 3.6.x series prior 3.6.7
- Firefox 3.5.x series prior 3.5.11
- Thunderbird 3.1.x series prior 3.1.1
- Thunderbird 3.0.x series prior 3.0.6
- SeaMonkey 2.0.x series prior 2.0.6


Fresh versions can be obtained via inbuilt updater or by downloading from the product site:
Firefox
Thunderbird
SeaMonkey

Tuesday, July 20, 2010

ITunes 9.2.1 Released

Apple has released version 9.2.1 of their iTunes media player. New version fixes a security vulnerability that could allow an attacker to execute arbitrary code in target system.

More information about the security content of iTunes 9.2.1 can be read from related security advisory.

Old version users should update to the latest one available.

Sunday, July 18, 2010

Vulnerability in Windows Shell

Microsoft says that they're investigating reports of limited, targeted attacks exploiting a vulnerability in Windows Shell. "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives. For systems that have AutoPlay disabled, customers would need to manually browse to the root folder of the removable disk in order for the vulnerability to be exploited. For Windows 7 systems, AutoPlay functionality for removable disks is automatically disabled." By exploiting the vulnerability an attacker may be able to execute arbitrary code in affected system.

Affected operating systems are:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems


More information about the vulnerability and workarounds can be read from the correspondent security advisory.

Other references:
http://www.kb.cert.org/vuls/id/940193
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/

Wednesday, July 14, 2010

Security Updates For Oracle Products

Oracle has released updates for their products that fix 59 security issues in total. The updates are a part of Oracle's quarterly released critical patch update (CPU).

Detailed list of vulnerabilities with patching instructions can be read from Oracle CPU Advisory.

Next Oracle CPU is planned to be released in October 2010.

Tuesday, July 13, 2010

Microsoft Security Bulletin Summary for July 2010

Microsoft has released security updates for July 2010. This month update contains four updates of which three are categorized as critical and one as important.

Critical:
MS10-042: Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593)
MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276)
MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335)

Important:
MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212)

A new version of Windows Malicious Software Removal Tool (MSRT) was released too.

More information can be read from the bulletin summary.

For consumer the easist way to get the update is to use Microsoft Update service.

Monday, July 12, 2010

New Antimalware Engine For MSE Coming On 15 July 2010

"As part of regular update of our Antimalware technology to address the latest in the threat landscape, the Microsoft Antimalware Team is planning to release a new antimalware engine on 15 July 2010.
Affected products: Microsoft Security Essentials (MSE), Forefront Client Security (FCS)
Engine Version will be in the range of 1.1.600X.0"


Source

Wednesday, July 7, 2010

Fake IME Trojan

Websense reports in their blog about a trojan that uses the Windows input method editor (IME) to inject a system. An IME is an operating system component or program that allows users to enter characters and symbols not found on their input device.

After the trojan has installed itself as an IME it then kills any running antivirus processes and also deletes the installed antivirus executable files. Deeper description of trojan's doings can be read from the correspondent entry of Websense blog.

Sunday, July 4, 2010

Adobe PDF "Launch" Issue Not Fully Fixed

Adobe released update to fix bunch of security vulnerabilities in their PDF Reader and Acrobat software. Among fixed ones was "Launch" vulnerability. Senior security researcher Le Manh Tung points out in his blog that vulnerability can still be exploited when the command is included in quotes. The fake warning message is fixed though. In another blog entry Le Manh Tung gives his advice for fixing the issue.