======================================================================== The Secunia Weekly Advisory Summary 2009-07-16 - 2009-07-23 This week: 72 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: New Blog: Adobe Insecure / Unpatched Version From Official Site There has recently existed some confusion amongst the users of the Secunia PSI as they puzzled as to why the latest downloaded Adobe Reader version from Adobe.com is reported as insecure by Secunia PSI. We have looked into this and are happy to learn that the Secunia PSI is correct, but surprised to discover that Adobe ships insecure software to their users! Read More: http://secunia.com/blog/58/ ======================================================================== 2) This Week in Brief: A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in authplay.dll when processing SWF content and can be exploited to execute arbitrary code. This is related to: SA35948 NOTE: The vulnerability is currently being actively exploited. For more information, refer to: http://secunia.com/advisories/35949/ http://secunia.com/advisories/35948/ -- Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system. For more information, refer to: http://secunia.com/advisories/35914/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA35798] Mozilla Firefox Two Vulnerabilities 2. [SA35853] Sun Java JDK / JRE XML Signature HMAC Truncation Spoofing 3. [SA34012] Adobe Flash Player Multiple Vulnerabilities 4. [SA24314] Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability 5. [SA35773] Windows Embedded OpenType Font Engine Two Vulnerabilities 6. [SA34451] Sun Java JDK / JRE Multiple Vulnerabilities 7. [SA35914] Mozilla Firefox Multiple Vulnerabilities 8. [SA34580] Adobe Reader/Acrobat Multiple Vulnerabilities 9. [SA35844] Google Chrome JavaScript Regular Expressions Memory Corruption 10. [SA35800] Microsoft Office Web Components Code Execution Vulnerability ======================================================================== 4) This Week in Numbers During the past week 72 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 7 Secunia Advisories Unix/Linux : 25 Secunia Advisories Other : 0 Secunia Advisories Cross platform : 40 Secunia Advisories Criticality Ratings: Extremely Critical : 1 Secunia Advisory Highly Critical : 14 Secunia Advisories Moderately Critical : 32 Secunia Advisories Less Critical : 22 Secunia Advisories Not Critical : 3 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 24 2009 - 00:18:54 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 24 2009 - 00:26:47 PDT