Forbidden Web

Apr 22, 2008 ICQ Vulnerability
US-CERT is aware of public reports of a vulnerability in ICQ 6. This vulnerability is due to a heap buffer overflow condition in the "Personal Status Manager" feature that occurs when processing specially crafted status messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

 US-CERT encourages users to update to ICQ 6.0.0.6059 to help mitigate the risks.
Apr 18, 2008 Microsoft Releases Security Advisory (951306)
Microsoft has released a Security Advisory to address a vulnerability in Windows. This vulnerability may allow an authenticated attacker to execute code with LocalSystem privileges.

US-CERT encourages users to review Microsoft Security Advisory 951306 and apply the workarounds.
Apr 17, 2008 Mozilla Releases Firefox 2.0.0.14
Mozilla has released Firefox 2.0.0.14 to address a vulnerability in the JavaScript engine. This vulnerability is due to memory corruption errors during JavaScript garbage collection. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Products that use the Mozilla rendering engine, such as Thunderbird and SeaMonkey, may also be affected.

US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-20 and apply any necessary updates or workarounds.
Apr 17, 2008 Apple Releases Safari 3.1.1
Apple has released Safari 3.1.1 to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or spoof the contents of the browser address bar.

US-CERT encourages users to review Apple's About the security content of Safari 3.1.1 document and upgrade to Safari 3.1.1 to help mitigate the risks.
Apr 15, 2008 Oracle Releases Critical Patch Update for April 2008
Oracle has released their Critical Patch Update for April 2008 to address 41 vulnerabilities across several products. This update contains the following security fixes:
  • 17 updates for Oracle Database
  • 3 updates for Oracle Enterprise Manager
  • 11 updates for Oracle E-Business Suite
  • 1 update for the Oracle Enterprise Manager
  • 3 updates for Oracle PeopleSoft Enterprise products
  • 6 updates for Oracle Siebel SimBuilder products
US-CERT encourages users to review the April Critical Patch Update and apply any necessary updates.
Apr 15, 2008 Federal Subpoena Email Scam
US-CERT has seen public reports of a scam circulating via email messages that claim to be federal subpoenas. These messages request that the user follow a link to download additional information about the case. If a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:
Apr 14, 2008 Oracle Issues Pre-Release Announcement for April Critical Patch Update
Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products.

The announcement further states that
  • 17 security fixes are for Oracle Database
  • 3 for Oracle Enterprise Manager
  • 11 for Oracle E-Business Suite
  • 1 for the Oracle Enterprise Manager
  • 3 for Oracle PeopleSoft Enterprise products
  • 6 for Oracle Siebel SimBuilder products
The release is scheduled for Tuesday, April 15, 2008.

We will provide additional information as it becomes available.
Apr 14, 2008 EMC DiskXtender Vulnerabilities
US-CERT is aware of reports of vulnerabilities in EMC DiskXtender. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions on an affected system.

US-CERT encourages users to visit EMC's website for additional information regarding these vulnerabilities.
Apr 14, 2008 ClamAV PE Scanning Vulnerability
US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system.

US-CERT recommends that users do not scan PE files from untrusted sources.
Apr 11, 2008 Active Exploitation of GDI Vulnerabilities
US-CERT has seen public reports of an exploit targeting vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable.

Additional information about these vulnerabilities is available in the Vulnerability Notes Database.

US-CERT encourages users to review MS08-021 and apply the patch or workarounds to help mitigate the risks.