| Apr 22, 2008 |
ICQ Vulnerability US-CERT is aware of public reports of a vulnerability in ICQ 6. This vulnerability is due to a heap buffer overflow condition in the "Personal Status Manager" feature that occurs when processing specially crafted status messages. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users to update to ICQ 6.0.0.6059 to help mitigate the risks. |
| Apr 18, 2008 |
Microsoft Releases Security Advisory (951306) Microsoft has released a Security Advisory to address a vulnerability in Windows. This vulnerability may allow an authenticated attacker to execute code with LocalSystem privileges. US-CERT encourages users to review Microsoft Security Advisory 951306 and apply the workarounds. |
| Apr 17, 2008 |
Mozilla Releases Firefox 2.0.0.14 Mozilla has released Firefox 2.0.0.14 to address a vulnerability in the JavaScript engine. This vulnerability is due to memory corruption errors during JavaScript garbage collection. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Products that use the Mozilla rendering engine, such as Thunderbird and SeaMonkey, may also be affected. US-CERT encourages users to review Mozilla Foundation Security Advisory 2008-20 and apply any necessary updates or workarounds. |
| Apr 17, 2008 |
Apple Releases Safari 3.1.1 Apple has released Safari 3.1.1 to address multiple vulnerabilities in Safari and WebKit. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or spoof the contents of the browser address bar. US-CERT encourages users to review Apple's About the security content of Safari 3.1.1 document and upgrade to Safari 3.1.1 to help mitigate the risks. |
| Apr 15, 2008 |
Oracle Releases Critical Patch Update for April 2008 Oracle has released their Critical Patch Update for April 2008 to address 41 vulnerabilities across several products. This update contains the following security fixes:
|
| Apr 15, 2008 |
Federal Subpoena Email Scam US-CERT has seen public reports of a scam circulating via email messages that claim to be federal subpoenas. These messages request that the user follow a link to download additional information about the case. If a user clicks on this link, malicious code may be installed on the system. US-CERT encourages users to do the following to help mitigate the risk:
|
| Apr 14, 2008 |
Oracle Issues Pre-Release Announcement for April Critical Patch Update Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products. The announcement further states that
We will provide additional information as it becomes available. |
| Apr 14, 2008 |
EMC DiskXtender Vulnerabilities US-CERT is aware of reports of vulnerabilities in EMC DiskXtender. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions on an affected system. US-CERT encourages users to visit EMC's website for additional information regarding these vulnerabilities. |
| Apr 14, 2008 |
ClamAV PE Scanning Vulnerability US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system. US-CERT recommends that users do not scan PE files from untrusted sources. |
| Apr 11, 2008 |
Active Exploitation of GDI Vulnerabilities US-CERT has seen public reports of an exploit targeting vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable. Additional information about these vulnerabilities is available in the Vulnerability Notes Database. US-CERT encourages users to review MS08-021 and apply the patch or workarounds to help mitigate the risks. |