======================================================================== The Secunia Weekly Advisory Summary 2009-02-19 - 2009-02-26 This week: 55 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Adobe Reader/Acrobat 0-day Clarification By now, most people should hopefully be aware of the 0-day vulnerability currently being actively exploited in Adobe Reader/Acrobat. We initially heard rumours about this 0-day vulnerability on 16th February 2009 and began digging for something more concrete over the following days. Three days later, Adobe confirmed the existence of the 0-day vulnerability and Secunia issued an advisory. Later, a more in-depth analysis was provided to customers on our Secunia Binary Analysis Service. Disabling JavaScript does not prevent exploitation Over the last couple of days, we have seen many sources recommend users to disable support for JavaScript in Adobe Reader/Acrobat to prevent exploitation. While this does prevent many of the currently seen exploits from successfully executing arbitrary code (as they rely on JavaScript), it does not protect against the actual vulnerability. Read More: http://secunia.com/blog/44/ -- Secunia 2008 Report Secunia is pleased to announce the release of the annual Secunia report for 2008. We hope you will enjoy reading the report, and that it will enlighten you upon some of the immense work performed by Secunia on a daily basis, in order to bring you and our customers the best available Vulnerability Intelligence. Highlights from the 2008 report: * Vulnerability Research * Software Inspection Results * Secunia Research Highlights * Secunia Advisory Statistics Read More: http://secunia.com/blog/45/ ======================================================================== 2) This Week in Brief: A vulnerability has been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/33901/ -- A vulnerability has been reported in Microsoft Excel, which can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/33954/ -- Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious, local users to disclose sensitive information and potentially gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and compromise a user's system. For more information, refer to: http://secunia.com/advisories/34012/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA33847] BlackBerry Application Web Loader ActiveX Control Buffer Overflow 2. [SA33845] Microsoft Internet Explorer Two Code Execution Vulnerabilities 3. [SA33937] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities 4. [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities 5. [SA32270] Adobe Flash Player Multiple Security Issues and Vulnerabilities 6. [SA33934] IBM WebSphere Application Server "PerfServlet" Information Disclosure 7. [SA33923] Sun Java System Directory Server Directory Proxy Server Denial of Service 8. [SA33933] IBM HTTP Server "mod_proxy_ftp" Cross-Site Scripting Vulnerability 9. [SA33921] Sun Solaris / SEAM Kerberos PAM Module Privilege Escalation 10. [SA33930] PHP Krazy Image Host Script "id" SQL Injection Vulnerability ======================================================================== 4) This Week in Numbers During the past week 55 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 7 Secunia Advisories Unix/Linux : 23 Secunia Advisories Other : 0 Secunia Advisories Cross platform : 25 Secunia Advisories Criticality Ratings: Extremely Critical : 2 Secunia Advisories Highly Critical : 5 Secunia Advisories Moderately Critical : 27 Secunia Advisories Less Critical : 20 Secunia Advisories Not Critical : 3 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Fri Feb 27 2009 - 00:15:40 PST
This archive was generated by hypermail 2.2.0 : Fri Feb 27 2009 - 00:20:32 PST