Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Adobe vulnerability

Published: 2006-11-29
Last Updated: 2006-11-29 18:34:37 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
Frank Klein has written to let us know that there are new vulnerabilities in Adobe Acrobat and Acrobat Reader that have the potential for code execution as a result of incorrect argument handling in the ActiveX control for IE. There is no patch currently available and Adobe is offering a mitigation of deleting the control. FrSIRT has provided a kill bit option that you can set that should disable the control.

The vulnerable versions are:
Adobe Standard, Reader & Professional 7.0.0 - 7.0.8

http://www.frsirt.com/english/advisories/2006/4751
http://www.adobe.com/support/security/advisories/apsa06-02.html
Keywords: Acrobat Adobe Reader
0 comment(s)

Week of Oracle bugs cancelled

Published: 2006-11-29
Last Updated: 2006-11-29 16:50:22 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
Argeniss has cancelled the week of Oracle bugs due to "many problems".
http://www.argeniss.com/woodb.html
We are left to our own imaginations to figure out what those might be.

Keywords: 0day Oracle
0 comment(s)

New Vulnerability Announcement and patches from Apple

Published: 2006-11-29
Last Updated: 2006-11-29 08:28:50 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)
Apple has just released a new security update with a large number of vulnerabilities fixed. Full details are available at:
http://docs.info.apple.com/article.html?artnum=304829
Here are the packages updated:
  • AirPort - CVE-ID: CVE-2006-5710 *
  • ATS - CVE-ID: CVE-2006-4396
  • ATS - CVE-ID: CVE-2006-4398
  • ATS - CVE-ID: CVE-2006-4400 *
  • CFNetwork - CVE-ID: CVE-2006-4401
  • ClamAV - CVE-ID: CVE-2006-4182 *
  • Finder - CVE-ID: CVE-2006-4402 *
  • ftpd - CVE-ID: CVE-2006-4403
  • gnuzip - CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338
  • Installer - CVE-ID: CVE-2006-4404
  • OpenSSL - CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343
  • perl - CVE-ID: CVE-2005-3962 *
  • PHP - CVE-ID: CVE-2006-1490, CVE-2006-1990 *
  • PHP - CVE-ID: CVE-2006-5465 *
  • PPP - CVE-ID: CVE-2006-4406 *
  • Samba - CVE-ID: CVE-2006-3403
  • Security Framework - CVE-ID: CVE-2006-4407
  • Security Framework - CVE-ID: CVE-2006-4408
  • Security Framework - CVE-ID: CVE-2006-4409
  • Security Framework - CVE-ID: CVE-2006-4410
  • VPN - CVE-ID: CVE-2006-4411
  • WebKit - CVE-ID: CVE-2006-4412 *
* Potential code execution as defined & stated by Apple
0 comment(s)
Diary Archives