The United States Computer Emergency Readiness Team (US-CERT) is
warning Microsoft users to beware of a security
flaw in which Windows Explorer fails to properly handle
malformed Office documents. Attackers may be able to exploit
the flaw to execute malicious code or crash Windows Explorer,
the organisation said.
"A memory corruption vulnerability exists in a library Microsoft
Windows Explorer uses to parse document summary information,"
US-CERT said. "This vulnerability can be triggered by accessing a
specially crafted document, or by accessing the folder containing
the document. Exploit code is available for this
vulnerability."
The complete impact of this security vulnerability is not known,
US-CERT said. Memory corruption does occur, but it is not clear if
this can be leveraged to execute arbitrary code. "At a minimum,
this vulnerability will cause Microsoft Windows Explorer to crash,"
the organization said.
US-CERT recommended users avoid opening unfamiliar or unexpected
Office documents and refrain from file name extension
filtering.
Microsoft said it is investigating the issue, but it isn't clear
when the problem will be fixed.
Microsoft announced Thursday it will not be
releasing a security update this month.
GnuPG flaw could compromise signed messages
Researchers at Core Security Inc. have identified
a flaw in the GNU Privacy Guard cryptographic
system that allows an attacker to insert his own text into a
GnuPG-signed message, or even completely replace the
original text of the signed message.
The security vulnerability is not in the encryption algorithm
itself, but rather in the way that GnuPG interacts with the
third-party applications that use it. The list of affected mail
packages is extensive, and includes GNUMail, KMail, Enigmail and
Mutt, among many others. The Free Software Foundation, which
maintains GnuPG,
has released a new version of the program and
has posted an advisory about the problem on its site. The
FSF decided to release its own fix rather than have each of the
third-party developers patch their applications because of the
large number of applications the vulnerability affects.
GnuPG is widely used by open-source email applications and other
programs that require encryption, and not just in the Windows
world. For example, there is a plug-in called GPGMail that can be
used to send and receive encrypted messages via the mail client in
Apple Computer's Mac OS X operating system.
Mozilla warns of a new Firefox glitch
Mozilla has acknowledged a new flaw in Firefox
and SeaMonkey attackers could exploit to bypass security
restrictions and hijack targeted machines. The latest versions
of those programs correct the problem.
A regression error occurs when the programs process certain IMG
tags. Attackers who successfully lure users to a malicious Web page
could then exploit the flaw to bypass restrictions and run
arbitrary code.
The flaw specifically affects Firefox version 1.5.0.9 and
2.0.0.1; and SeaMonkey 1.0.7.
Users will be protected from the securityflaw by upgrading to
Firefox 2.0.0.2 or 1.5.0.10; or SeaMonkey 1.1.1 or 1.0.8.
Mozilla released those versions last week to fix more than 10
other Firefox flaws digital miscreants could exploit to circumvent
security restrictions, conduct cross-site scripting attacks and
access sensitive information.
Apple fixes multiple QuickTime flaws
Apple has urged users of its QuickTime media
player to upgrade to the latest version to correct multiple
security flaws attackers could exploit to run insidious code on
targeted machines by luring the user to a malicious Web
site.
The French Security Incident Response Team (FrSIRT) rated the
flaws critical in an
advisory. It described the flaws as:
- An integer overflow error that surfaces when the media player
handles malformed 3GP video files.
- A heap overflow error that surfaces when the media player
handles a specially crafted MIDI file.
- A buffer overflow error that occurs when the media player
processes malformed QuickTime movies.
- An ineteger overflow error that occurs when the media player
handled malformed UDTA atoms in movie files.
- A heap overflow error that occurs when the media player
processes malformed PICT files.
- Stack, integer and heap overflow errors that occur when the
media player handles a malformed or specially crafted QTIF
file.
The flaws affect Apple QuickTime 7.1.4 and prior. The solution
is to upgrade to QuickTime 7.1.5.
WordPress upgrade fixes 'dangerous' flaw
Developers of the open source blogging platform
WordPress say users should upgrade to version 2.1.2 immediately
to address a "dangerous" security hole an attacker recently
managed to exploit.
"If you downloaded WordPress 2.1.1 within the past three to four
days, your files may include a security exploit that was added by a
cracker, and you should upgrade all of your files to 2.1.2
immediately," the developers said in a warning on its WordPress Web
site.
The development team said it received a message about unusual
and highly exploitable code in WordPress, and an investigation
confirmed that an attacker had modified version 2.1.1 from its
original code.
"It was determined that a cracker had gained user-level access
to one of the servers that powers wordpress.org, and had used that
access to modify the download file," the advisory said. "We have
locked down that server for further forensics, but at this time it
appears that the 2.1.1 download was the only thing touched by the
attack. They modified two files in WP to include code that would
allow for remote PHP execution."
Although not all downloads of 2.1.1 were affected, the
developers said they are declaring the entire version dangerous and
have released version 2.1.2, which includes minor updates and
entirely verified files. The team is also instituting new
preventative measures, "not the least of which is minutely external
verification of the download package so we'll know immediately if
something goes wrong for any reason," the advisory said. The team
has also reset passwords for a number of users with SVN and other
access.
The advisory urged users to help find and replace vulnerable
versions of the program:
"If your blog is running 2.1.1, please upgrade immediately and
do a full overwrite of your old files [and] check out your friends'
blogs and if any of them are running 2.1.1 drop them a note and, if
you can, pitch in and help them with the upgrade," the advisory
said.