Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-12-19 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS07-069 - Post install issue

Published: 2007-12-19
Last Updated: 2007-12-21 05:09:23 UTC
by Stephen Hall (Version: 2)
0 comment(s)

We have been working with Microsoft and a couple of our readers on an issue they have been having with MS07-069 and IE crashing after the roll up patch for IE has been installed.

Well the Microsoft MSRC have updated their blog and there is a KB article which provides a workaround.

So if you have a customised installation and have been having IE issues since MS07-069, this could be your solution.

UPDATE

Microsoft has released an update to fix this problem.  You can find it here. (thanks Susan).

 

 

Keywords:
0 comment(s)

Perhaps there's something wrong with me...

Published: 2007-12-19
Last Updated: 2007-12-19 18:42:13 UTC
by Tom Liston (Version: 1)
2 comment(s)

Ok... so UNDOUBTEDLY there is something wrong with me, but I found this to be particularly funny:

CyberLover.ru, a site out of Russia, is selling a "hot, sexy" chatbot that they claim can trick unsuspecting men into divulging personal information, using any of 10 different personalities.  They claim that their bot is so realistic that it can get victims to hand over phone numbers, addresses, photos, and more.

For years now, I've suspected that several of the ISC Handlers, who I know only via our Sooper Sekret Online Chat Room, are actually cunningly crafted perl scripts-- now I have some circumstantial evidence supporting that theory. 

So.... the next time the Handler's chat starts getting all "frisky," I'm keeping my credit card numbers to myself...

Keywords:
2 comment(s)

Orkut XSS Worm

Published: 2007-12-19
Last Updated: 2007-12-19 17:57:39 UTC
by Tom Liston (Version: 1)
1 comment(s)

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."

Keywords:
1 comment(s)

Adobe Flash Player and GoLive security updates

Published: 2007-12-19
Last Updated: 2007-12-19 07:44:21 UTC
by Maarten Van Horenbeeck (Version: 1)
0 comment(s)

Adobe has released updates which fix several critical vulnerabilities in Flash Player and GoLive.

Flash Player 9.0.48.0, 8.0.35.0 and 7.0.70.0 and earlier are affected by CVE-2007-6242, CVE-2007- 4768, CVE-2007-5275, CVE-2007- 6243, CVE-2007- 6244, CVE-2007- 6245, CVE-2007-4324, CVE-2007- 6246 and CVE-2007-5476.

Several of the issues resolved are input validation errors, which could allow an attacker to execute arbitrary code through content delivered from a web location. This update resolves issues reported on various platforms (Mac OS, Linux, Windows). Adobe strongly recommends users of this version to upgrade to Flash Player 9.0.115.0 which can be downloaded from a link in their bulletin.

GoLive 9 and GoLive CS2 are affected by CVE-2007-2244 and CVE-2007-2365. These vulnerabilities are somewhat more difficult to exploit, but they can be exploited by convincing a user to include crafted BMP, DIB, RLE or PNG content into a GoLive document. Impact remains execution of arbitrary code, so we strongly recommend implementing the update.

Keywords:
0 comment(s)

Got a HP laptop and running windows? Time to patch!

Published: 2007-12-19
Last Updated: 2007-12-19 03:09:47 UTC
by Stephen Hall (Version: 1)
0 comment(s)

HP released a vulnerability notice to Bugtraq on the 15th December indicating that :

A potential security vulnerability has been identified with the HP Quick Launch Button (QLB) software running on Windows. The vulnerability could be exploited remotely to execute arbitrary code or to gain privileged access.

Well, we received an e-mail from our good friend Raul Siles which indicate that this is potential more serious than a 'potential vulnerability' as POC code exists which grants remote access.

Some related references:

http://www.anspi.pl/~porkythepig/hp-issue/kilokieubasy.txt

http://www.heise-security.co.uk/news/100459
http://www.heise-security.co.uk/news/100625

A workaround which disables HP Info Center is being hosted here:

ftp://ftp.hp.com/pub/softpaq/sp38001-38500/
ftp://ftp.hp.com/pub/softpaq/sp38001-38500/sp38166.html

 

 

Keywords:
0 comment(s)
Diary Archives