US-CERT warns of Windows-Office security flaw

Security news round up including GnuPG flaw could compromise signed messages; Mozilla warns of a new Firefox glitch; Apple fixes multiple QuickTime flaws; and WordPress upgrade fixes 'dangerous' flaw.

The United States Computer Emergency Readiness Team (US-CERT) is warning Microsoft users to beware of a security flaw in which Windows Explorer fails to properly handle malformed Office documents. Attackers may be able to exploit the flaw to execute malicious code or crash Windows Explorer, the organisation said.

"A memory corruption vulnerability exists in a library Microsoft Windows Explorer uses to parse document summary information," US-CERT said. "This vulnerability can be triggered by accessing a specially crafted document, or by accessing the folder containing the document. Exploit code is available for this vulnerability."

The complete impact of this security vulnerability is not known, US-CERT said. Memory corruption does occur, but it is not clear if this can be leveraged to execute arbitrary code. "At a minimum, this vulnerability will cause Microsoft Windows Explorer to crash," the organization said.

US-CERT recommended users avoid opening unfamiliar or unexpected Office documents and refrain from file name extension filtering.

Microsoft said it is investigating the issue, but it isn't clear when the problem will be fixed. Microsoft announced Thursday it will not be releasing a security update this month.

GnuPG flaw could compromise signed messages
Researchers at Core Security Inc. have identified a flaw in the GNU Privacy Guard cryptographic system that allows an attacker to insert his own text into a GnuPG-signed message, or even completely replace the original text of the signed message.

The security vulnerability is not in the encryption algorithm itself, but rather in the way that GnuPG interacts with the third-party applications that use it. The list of affected mail packages is extensive, and includes GNUMail, KMail, Enigmail and Mutt, among many others. The Free Software Foundation, which maintains GnuPG, has released a new version of the program and has posted an advisory about the problem on its site. The FSF decided to release its own fix rather than have each of the third-party developers patch their applications because of the large number of applications the vulnerability affects.

GnuPG is widely used by open-source email applications and other programs that require encryption, and not just in the Windows world. For example, there is a plug-in called GPGMail that can be used to send and receive encrypted messages via the mail client in Apple Computer's Mac OS X operating system.

Mozilla warns of a new Firefox glitch
Mozilla has acknowledged a new flaw in Firefox and SeaMonkey attackers could exploit to bypass security restrictions and hijack targeted machines. The latest versions of those programs correct the problem.

A regression error occurs when the programs process certain IMG tags. Attackers who successfully lure users to a malicious Web page could then exploit the flaw to bypass restrictions and run arbitrary code.

The flaw specifically affects Firefox version and; and SeaMonkey 1.0.7.

Users will be protected from the securityflaw by upgrading to Firefox or; or SeaMonkey 1.1.1 or 1.0.8.

Mozilla released those versions last week to fix more than 10 other Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.

Apple fixes multiple QuickTime flaws
Apple has urged users of its QuickTime media player to upgrade to the latest version to correct multiple security flaws attackers could exploit to run insidious code on targeted machines by luring the user to a malicious Web site.

The French Security Incident Response Team (FrSIRT) rated the flaws critical in an advisory. It described the flaws as:

  • An integer overflow error that surfaces when the media player handles malformed 3GP video files.

  • A heap overflow error that surfaces when the media player handles a specially crafted MIDI file.

  • A buffer overflow error that occurs when the media player processes malformed QuickTime movies.

  • An ineteger overflow error that occurs when the media player handled malformed UDTA atoms in movie files.

  • A heap overflow error that occurs when the media player processes malformed PICT files.

  • Stack, integer and heap overflow errors that occur when the media player handles a malformed or specially crafted QTIF file.

    The flaws affect Apple QuickTime 7.1.4 and prior. The solution is to upgrade to QuickTime 7.1.5.

    WordPress upgrade fixes 'dangerous' flaw
    Developers of the open source blogging platform WordPress say users should upgrade to version 2.1.2 immediately to address a "dangerous" security hole an attacker recently managed to exploit.

    "If you downloaded WordPress 2.1.1 within the past three to four days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately," the developers said in a warning on its WordPress Web site.

    The development team said it received a message about unusual and highly exploitable code in WordPress, and an investigation confirmed that an attacker had modified version 2.1.1 from its original code.

    "It was determined that a cracker had gained user-level access to one of the servers that powers, and had used that access to modify the download file," the advisory said. "We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution."

    Although not all downloads of 2.1.1 were affected, the developers said they are declaring the entire version dangerous and have released version 2.1.2, which includes minor updates and entirely verified files. The team is also instituting new preventative measures, "not the least of which is minutely external verification of the download package so we'll know immediately if something goes wrong for any reason," the advisory said. The team has also reset passwords for a number of users with SVN and other access.

    The advisory urged users to help find and replace vulnerable versions of the program:

    "If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files [and] check out your friends' blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade," the advisory said.

  • Read more on Operating systems software