[ISN] Secunia Weekly Summary - Issue: 2009-36

From: InfoSec News <alerts_at_private>
Date: Fri, 4 Sep 2009 04:03:59 -0500 (CDT)
========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2009-08-27 - 2009-09-03                        

                       This week: 80 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4..................................................This Week in Numbers

========================================================================
1) Word From Secunia:

Microsoft IIS FTP Server NLST Buffer Overflow Clarifications 

Working exploit code was recently published for a stack-based buffer
overflow vulnerability in the FTP server component of Microsoft IIS
when handling "NLST" commands. The reason for me writing this blog is
to discuss a workaround that many sources, including Microsoft, suggest
to prevent exploitation: To remove write permissions for anonymous and
untrusted users. I'd like to clarify why this mitigates code execution
to a large extent (but not completely) and also why this does not
prevent the vulnerability from being exploited to cause a DoS (Denial
of Service).

Read More:
http://secunia.com/blog/62/

========================================================================
2) This Week in Brief:

Some vulnerabilities and security issues have been reported in Opera,
which can be exploited by malicious people to conduct spoofing attacks.

For more information, refer to:
http://secunia.com/advisories/36414/

 --

Kingcope has discovered a vulnerability in Microsoft Internet
Information Services (IIS), which can be exploited by malicious users
to cause a DoS (Denial of Service) or compromise a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/36443/

 --

Secunia Research has discovered two vulnerabilities in OpenOffice,
which can be exploited by malicious people to potentially compromise a
user's system.

For more information, refer to:
http://secunia.com/advisories/35036/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA35948] Adobe Flash Player Multiple Vulnerabilities
2.  [SA35853] Sun Java JDK / JRE Multiple Vulnerabilities
3.  [SA24314] Internet Explorer Charset Inheritance Cross-Site
              Scripting Vulnerability
4.  [SA35949] Adobe Reader/Acrobat SWF Content Arbitrary Code Execution
5.  [SA36159] Sun Java JDK / JRE Multiple Vulnerabilities
6.  [SA36001] Mozilla Firefox Multiple Vulnerabilities
7.  [SA28713] Facebook Photo Uploader ActiveX Control Property Handling
              Buffer Overflow
8.  [SA36229] Microsoft Remote Desktop Connection Two Vulnerabilities
9.  [SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
              Vulnerabilities
10. [SA36187] Microsoft Windows Various Components ATL Vulnerabilities

========================================================================
4) This Week in Numbers

During the past week 80 Secunia Advisories have been released. All
Secunia customers have received immediate notification on the alerts
that affect their business.

This weeks Secunia Advisories had the following spread across platforms
and criticality ratings:

Platforms:
  Windows             :     17 Secunia Advisories
  Unix/Linux          :     30 Secunia Advisories
  Other               :      3 Secunia Advisories
  Cross platform      :     30 Secunia Advisories

Criticality Ratings:
  Extremely Critical  :      0 Secunia Advisories
  Highly Critical     :      9 Secunia Advisories
  Moderately Critical :     35 Secunia Advisories
  Less Critical       :     34 Secunia Advisories
  Not Critical        :      2 Secunia Advisories

========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/

Subscribe:
http://secunia.com/advisories/weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support_at_private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org
Received on Fri Sep 04 2009 - 02:03:59 PDT

This archive was generated by hypermail 2.2.0 : Fri Sep 04 2009 - 02:14:16 PDT