| Feb 04, 2011 |
Adobe Prenotification Security Advisory for Adobe Reader and Acrobat Adobe had issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on February 8, 2011. An update for UNIX will be available the week of February 28, 2011. US-CERT encourages users and administrators to review the Adobe Advisory. US-CERT will provide additional information as it becomes available. |
| Feb 04, 2011 |
Majordomo Vulnerable to Directory Traversal US-CERT is aware of a vulnerability affecting Majordomo 2. Exploitation of this vulnerability may allow an attacker to obtain sensitive information that could be used to leverage additional attacks. Reports indicate that this vulnerability affects builds 20110121 and prior. US-CERT encourages users and administrators to upgrade to Majordomo 2 build 20110125 and later. Additional information regarding this vulnerability can be found in this Sitewatch Advisory. |
| Feb 03, 2011 |
Microsoft Releases Advance Notification for February Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain 12 bulletins. Three of these bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. The remaining bulletins will have a severity rating of important and will be for Microsoft Windows and Office. Release of these bulletins is scheduled for Tuesday, February 8, 2011. US-CERT will provide additional information as it becomes available. |
| Feb 03, 2011 |
Cisco Releases Security Advisory for Tandberg E, EX, and C Series Endpoints Cisco has released a security advisory to address a vulnerability in the Tandberg C Series Endpoints and E/EX Personal Video units running software versions prior to TC4.0.0. This vulnerability may allow an attacker to gain administrative access to the device. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110202-tandberg and apply any necessary updates or workarounds to help mitigate the risks. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#436854. |
| Feb 02, 2011 |
VideoLAN Releases Security Advisory for VLC Media Player VideoLAN has released a security advisory to address a vulnerability in VLC Media Player. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review VideoLAN security advisory VideoLAN-SA-1102 and apply any necessary updates or workarounds to help mitigate the risks. |
| Feb 02, 2011 |
Cisco Releases Security Advisory for Multiple Cisco WebEx Player Vulnerabilities Cisco has released a security advisory to address multiple vulnerabilities in WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110201-webex and apply any necessary updates to help mitigate the risks. |
| Jan 28, 2011 |
Opera 11.01 Released Opera Software has released version 11.01 of the Opera web browser for Windows, Mac, and Unix to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, or obtain sensitive information. US-CERT encourages users and administrators to review the changelog for version 11.01 of the Opera web browser and update to Opera 11.01 to mitigate the risks. |
| Jan 28, 2011 |
RealNetworks, Inc. Releases Update for RealPlayer RealNetworks, Inc. has released an update for Windows RealPlayer 14.0.1 and prior to address a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory and apply any necessary updates to help mitigate the risks. |
| Jan 28, 2011 |
Microsoft Releases Security Advisory 2501696 Microsoft has released Microsoft security advisory 2501696 indicating that it is investigating public reports of a vulnerability affecting Windows. This vulnerability is due to the way MHTML interprets MIME-formatted requests for content blocks within a document. Exploitation of this vulnerability may allow an attacker to obtain sensitive information. US-CERT encourages users and administrators to review Microsoft security advisory 2501696 and implement the suggested workarounds or utilize Microsoft Fix it 50602 to help mitigate the risks. Additional information regarding this vulnerability can be found on the Microsoft TechNet Security Research & Defense blog. |
| Jan 19, 2011 |
Oracle Releases Critical Patch Update for January 2011 Oracle has released its Critical Patch Update for January 2011 to address 82 vulnerabilities across multiple products. This update contains the following security fixes: 7 for Oracle Database Server 16 for Oracle Fusion Middleware 2 for Oracle Enterprise Manager Grid Control 16 for Oracle Applications 3 for Oracle Supply Chain Products Suite 11 for Oracle PeopleSoft and JDEdwards Suite 2 for Oracle Industry Applications 23 for Oracle Sun Products Suite 2 for Oracle Open Office Suite US-CERT encourages users and administrators to review the January 2011 Critical Patch Update and apply any necessary updates to help mitigate the risks. |