Unpatched vulnerability in older PowerPoint versions

Microsoft released recently a security advisory about remote code execution vulnerability in older Microsoft Office PowerPoint programs.

Vulnerability is in these versions of Powerpoint:

Microsoft Office PowerPoint 2000 Service Pack 3
Microsoft Office PowerPoint 2002 Service Pack 3
Microsoft Office PowerPoint 2003 Service Pack 3
Microsoft Office 2004 for Mac

Attack is able to perform using bad PowerPoint file but needs action from users side. One example where to get it could be email attachment.

If PowerPoint version is 2003, Microsoft recommends to use Microsoft Office Isolated Conversion Environment (MOICE) for opening PowerPoint documents as stated in earlier advisory

Microsoft is not sure if fix would be in April updates.

Serious vulnerabilities in Vista

IBM Information Security Systems member Mark Dowdin and VMware team member Alexander Sotirov found a way to attack against Vista. This is not based on any vulnerability but to the way memory protection works.

Attack can be performed using eg. Java in browsers.Electronista was the first to report this.

SearchSecurity has interviewed security researcher Dino Dai Zovi about this issue. He says that it's completely reusable and this which is more scary:

"They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over."

Dai Zovi also said that Vista protection techiniques ASLR and DEP won't help and it allows that any vulnerability in browser can be exploited. As this is not based on any specific vulnerability, he presume that there will be more similar things in the future.

Microsoft knows about issue but hasn't commented anything yet.

Unpatched vulnerability in Firefox 3

This was originally published by TippingPoint. Chances are that this
vulnerability can be used by attacker in a way that he can execute own commands in that system. But risk is not that great as user needs to visit first hostile web site.

Mozilla has confirmed vulnerability but thinks that risk is quite minimal. Same vulnerability is also in version 2 of Firefox.

June Microsoft Updates to be released tomorrow

June Microsoft Updates will be released tomorrow. There will be 5 fixes in total, 3 of them are classified as critical, one as important and one as moderate.

There are fixes for eg. Bluetooth, Internet Explorer and DirectX.

Concerned operating systems are Windows XP, Windows Vista, Windows 2000 and Windows Server 2003 and 2008.

Read more here

SP3 has vulnerable Flash

Computerworld reports that Microsoft Windows XP Service Pack 3 includes vulnerable Flash, version 9.0.115.0.

Version 9.0.124.0 was released before SP3 but for some reason Microsoft didn't include it to SP3.

Read more about Flash vulnerability here
and update Flash here

Unpatched vulnerability in Windows

There has been found locally abusable vulnerability from Windows for which there is currently no fix. Microsoft is working on it but haven't found yet any attack related to that vulnerability.

This vulnerability gives users with NetworkService or LocalService accounts a possibility to raise their user rights to LocalSystem level. Microsoft Internet Information Services (IIS) and Microsoft SQL Server services might use those accounts. If attacker is able to execute malicious program code in eg, those services, there are chances to abuse that vulnerability. Microsoft may release a fix outside monthly updates or included to some of those.

Vulnerability is in XP/Server 2003/Server 2008/Vista. Here is a solution before update.

Vulnerabilities in archive formats

University of Oulu in Finland has researched vulnerabilities in certain archive formats.

These formats are ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO.

Vulnerabilities can cause buffer overflow or even Denial-of-Service (DoS) against some server.

This problem is quite wide-ranged as archives are used eg. in backups, office programs and in different operating systems. List of vulnerable programs can be found
from link below.

Read more here

Crackers attack Facebook and MySpace

Fortify Software security company says that social web sites like MySpace and Facebook are at the moment best targets for crackers. Main reason is that sites are also for less advanced users who can easily click a bad link.

- Buffer overrun in Aurigma ActiveX picture upload software gives attacker a chance to get to uploaders computers, says Rob Rachwald from Fortify.

This software is used in both Facebook and MySpace.

Buffer overrun exploiting tool is easily available in web and can be used without a great technical knowledge.

That's why Rachwald states that MySpace and Facebook should have made Aurigma to check program code before they started to use it.

Source: vnunet

0-day vulnerability in Firefox

Larry Dignan wrote in his blog about Firefox vulnerability that allows to collect session information, including session cookies and session history. Firefox is not vulnerable by default but via addons.

This means that Firefox can leak information which allows attacker to load any javascript file on a machine.

List of add-ons
is quite long so most of Firefox users might have one or more of those.

Mozilla security chief Window Snyder said that this will be corrected in 2.0.0.12
version which should be released soon.

Other links related to issue:

Link 1
Link 2

Vulnerability found in UPnP devices

Universal Plug and Play protocol devices have found to have a serious exploit method.

When user launchs a hostile Shockwave Flash file, Flash can be used to control UPnP compatible devices in same network.

One possible exploit is changing DHCP server name server settings to those attacker wants them to be.

That's why one should take UPnP off from workstations and other devices in network if no UPnP is used.

Some links can be found from below:
http://www.gnucitizen.org/blog/hacking-the-interwebs
http://www.us-cert.gov/current/index.html#upnp_router_exploit
https://www.kb.cert.org/vuls/id/347812

Copy protection makes Windows vulnerable

Earlier on October was found a vulnerability in Macrovision Safedisc copy protection (affects XP and Server 2003 operating systems).

Driver suffers from corruption error which means that attacker can get access to core and take over computer completely.

Using that vulnerability probably needs that victim opens bad file attachment via instant messenger or email.

Microsoft has released security advisory regarding that issue though problem is related to 3rd party software.

Macromedia has released patch for that and Microsoft will release own fix among November security bulletin.

QuickTime 7.3 released

New QuickTime 7.3
is now available for both Mac and Windows.

There have been fixed 7 vulnerabilities, six of them are related to user lured to open dangerous picture or video file.

Last vulnerability is related to QuickTime for Java.

Gozi trojan comes with pdf file

Dangerous Gozi trojan is back and now it is bundled with pdf file.

It activates when user opens infected pdf file and after that it tries to steal information typed in ssl-protected sites (like online bank data).

Gozi comes from Russian Business Network servers like earlier and uses a week ago fixed vulnerability in Adobe Acrobat products.

Most common pdf file names have been BILL.pdf and INVOICE.pdf, sender name Gilbert and header "STATEMET indigene" but they can vary.

Source: eWeek

Vulnerability in RealPlayer fixed

Symantec
reported earlier this week an unknown vulnerability in RealPlayer.

That aims to cause buffer overflow that could make possible for an attacker to run malicious code on a user’s PC.

It's highly recommendable for RealOne Player, RealOne Player v2 and RealPlayer 10 users to upgrade to RealPlayer 10.5 or RealPlayer 11 beta and install available patch, same for RealPlayer 10.5 or RealPlayer 11 beta users.

Source

Opera fixed 3 vulnerabilities

Opera fixed in latest version (9.24) three vulnerabilities, two of them being critical.

First of them is about that external news readers and e-mail clients can be used to execute arbitrary code.

Second one is related to how Opera handles forms. If a web site is formulated in certain way it can execute html- and javascript code in another website's context.

Third is for Apple Mac OS X only. It applies if there is Opera installed with Adobe Flash Player 9.0.47.0 and earlier. No details were published.

More info about vulnerabilities:

Link 1
Link 2
Link 3