OpenOffice vulnerable to attack
OpenOffice, an open source office suite widely used as an
alternative to Microsoft Office, is susceptible to a Windows
Metafile (WMF) code-execution flaw attackers could exploit to cause
a heap-based buffer overflow and launch malicious code.
According to an
advisory from OpenOffice, the first problem is
a truncation error within the handling of the META_ESCAPE record.
An attacker could exploit this to cause a heap-based buffer
overflow via a specially crafted WMF/EMF file. The second problem
is an integer overflow within the handling of EMR_POLYPOLYGON and
EMR_POLYPOLYGON16 records. Attackers could also exploit this to
cause a heap-based buffer overflow via a specially crafted WMF/EMF
file.
Attackers could then run malicious code on targeted machines.
OpenOffice versions prior to version 2.1.0 are affected. Users can
fix the problem by downloading patches or updating to version
2.1.0.
Kaspersky fixes DoS flaw
Kaspersky Lab has fixed a flaw attackers could have exploited in
its popular client and gateway virus scanner to cause a denial of
service (DoS). The flaw was discovered by Reston, Va.-based
iDefense Labs, a division of VeriSign Inc.
"Kaspersky is vulnerable to a DoS condition when processing a
specially crafted .pe (portable executable) file," iDefense said in
an
advisory. "One of the headers in a .pe file
is the Optional Windows Header section. This section of the .pe
header contains information needed by the Windows linker and
loader. An invalid value for the 'NumberOfRvaAndSizes' field
will cause Kaspersky to repeatedly seek and read from the same
section of the file in an endless loop."
iDefense said Kaspersky Lab fixed the flaw Jan. 2. "There is no
need to download any special patches," the Russian antivirus vendor
said in a message to iDefense. "All installed Kaspersky Lab
products are updated automatically through the regular
signature-update functionality. There is not need to contact
Kaspersky Lab to obtain this fix."
New flaw in Apple Mac OS X
Researchers LMH and Kevin Finisterre have reported a new security
flaw in Apple Computer Inc.'s Mac OS X operating system as part of
their
Month of Apple Bugs project.
The problem is an error in the DiskManagement framework that
surfaces when Mac OS X processes certain .bom files, the
researchers said. Attackers could exploit this to run malicious
commands with elevated privileges via the "diskutil" tool on
targeted machines.
Cisco fixes multiple Secure Access Control Server
flaws
Networking giant Cisco Systems has
fixed multiple Secure Access Control Server
(ACS) flaws attackers could exploit to cause a denial of service
or run malicious code on targeted machines.
One of the problems is a stack overflow error in the CSAdmin
service when processing malformed HTTP GET requests. Attackers
could exploit this to run malicious commands or cause the Web
administrative interface to crash, Cisco said. Another stack
overflow error in the CSRadius service occurs when specially
crafted RADIUS Accounting-Request packets are processed. Attackers
could exploit this to crash a vulnerable service or execute
arbitrary commands. In a third problem, there are errors in the
CSRadius service when handling specially crafted RADIUS
Access-Request packets. Attackers could exploit this to crash a
vulnerable service.
The flaws affect Cisco Secure Access Control Server for Windows
versions prior to 4.1 and Cisco Secure Access Control Server
Solution Engine versions prior to 4.1. Cisco recommends users apply
patches it has made available or upgrade to Cisco Secure ACS
version 3.3(3) Build 11 or 4.0(1) Build 27.
Apple QuickTime flaw could enable botnets
The vulnerability researcher known as LMH kicked off what he calls
a "Month of Apple Bugs" Monday by detailing a new flaw in Apple
Computer Inc.'s widely used QuickTime media player. Attackers could
exploit the issue to draft new machines into their botnets.
In a posting on his
Apple Fun blog, LMH described the flaw as a
stack overflow error that surfaces when the program handles a
malformed "rtsp" URL. To exploit this, attackers could set up a
malicious Web site and lure users there. Or, they could trick
users into opening a malicious .qtl file.
The flaw affects Apple QuickTime version 7.1.3 as well as
earlier versions. The French Security Incident Response Team
(FrSIRT), which deemed the issue critical, recommended in an
advisory that users disable Real Time Streaming Protocol support to
mitigate the threat. Calling the security hole highly critical,
Danish vulnerability clearinghouse Secunia recommended in its
advisory that users refrain from opening untrusted .qtl files.
Adobe Flash Player users urged to upgrade
Adobe confirmed reports of serious flaws in its popular .pdf viewer
Thursday and urged users to upgrade to version 8.0 without delay.
While the latest version fixes the flaws, Adobe said it would also
release patches next week for the older, vulnerable versions.
Security experts have expressed alarm over the flaws, discovered
by vulnerability researchers Stefano Di Paola and Giorgio Fedon.
They warned that attackers could easily exploit the vulnerabilities
to launch cross-site scripting attacks and do a variety of damage.
Experts are particularly concerned because Adobe Reader is used by
a huge segment of the computing population.
According to the researchers'
analysis, the trouble is in how Adobe tells the
browser to handle .pdf files. Firefox and Internet Explorer are
particularly vulnerable. The flaws affect Adobe Reader 6.0.1 for
Windows via Internet Explorer 6 and version 7.0.8 for Windows via
Firefox 2.0.0.1. Other versions may also be affected, warned Danish
vulnerability clearinghouse Secunia. Though Adobe has fixed the
security holes in version 8.0.0, experts worry that many users will
be slow to upgrade, leaving themselves open to an easy attack.
VideoLAN VLC vulnerable to attack
Attackers who successfully lure users to malicious Web pages or M3U
playlists could take control of their machines by exploiting
several flaws in the popular VideoLAN VLC media player freeware.
VideoLAN said in an advisory that there are format string errors in
the "cdio_log_handler()" and "vcd_log_handler()" functions that
call "msg_Dbg()", "msg_Warn()", and "msg_Err()" in an insecure
manner. Remote attackers could exploit this to execute arbitrary
commands on the victim's computer. But first, the user must be
lured to a specially crafted Web page or M3U playlist.
The flaws affect VideoLAN VLC versions 0.7.0 through 0.8.6.
Users can fix the issue by upgrading to VLC version 0.8.6a or by
applying the patch.
Two flaws fixed in Opera browser
Attackers could run malicious code on victims' machines by
exploiting two flaws in the Opera Web browser, Danish vulnerability
clearinghouse Secunia said in an
advisory.
The first problem is an unspecified error that surfaces when
certain .jpg files are processed. Attackers could exploit this to
cause a heap-based buffer overflow via a .jpg file with a specially
crafted DHT marker, Secunia said. The second problem is an error
within the "createSVGTransformFromMatrix()" function attackers
could exploit by passing an incorrect object to the said function.
Successful exploitation of the vulnerabilities allows execution of
arbitrary code, Secunia said.
Opera has released version 9.10 of the browser to fix the
problems.