======================================================================== The Secunia Weekly Advisory Summary 2009-08-27 - 2009-09-03 This week: 80 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4..................................................This Week in Numbers ======================================================================== 1) Word From Secunia: Microsoft IIS FTP Server NLST Buffer Overflow Clarifications Working exploit code was recently published for a stack-based buffer overflow vulnerability in the FTP server component of Microsoft IIS when handling "NLST" commands. The reason for me writing this blog is to discuss a workaround that many sources, including Microsoft, suggest to prevent exploitation: To remove write permissions for anonymous and untrusted users. I'd like to clarify why this mitigates code execution to a large extent (but not completely) and also why this does not prevent the vulnerability from being exploited to cause a DoS (Denial of Service). Read More: http://secunia.com/blog/62/ ======================================================================== 2) This Week in Brief: Some vulnerabilities and security issues have been reported in Opera, which can be exploited by malicious people to conduct spoofing attacks. For more information, refer to: http://secunia.com/advisories/36414/ -- Kingcope has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious users to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information, refer to: http://secunia.com/advisories/36443/ -- Secunia Research has discovered two vulnerabilities in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system. For more information, refer to: http://secunia.com/advisories/35036/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA35948] Adobe Flash Player Multiple Vulnerabilities 2. [SA35853] Sun Java JDK / JRE Multiple Vulnerabilities 3. [SA24314] Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability 4. [SA35949] Adobe Reader/Acrobat SWF Content Arbitrary Code Execution 5. [SA36159] Sun Java JDK / JRE Multiple Vulnerabilities 6. [SA36001] Mozilla Firefox Multiple Vulnerabilities 7. [SA28713] Facebook Photo Uploader ActiveX Control Property Handling Buffer Overflow 8. [SA36229] Microsoft Remote Desktop Connection Two Vulnerabilities 9. [SA24900] Akamai Download Manager ActiveX Control Buffer Overflow Vulnerabilities 10. [SA36187] Microsoft Windows Various Components ATL Vulnerabilities ======================================================================== 4) This Week in Numbers During the past week 80 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business. This weeks Secunia Advisories had the following spread across platforms and criticality ratings: Platforms: Windows : 17 Secunia Advisories Unix/Linux : 30 Secunia Advisories Other : 3 Secunia Advisories Cross platform : 30 Secunia Advisories Criticality Ratings: Extremely Critical : 0 Secunia Advisories Highly Critical : 9 Secunia Advisories Moderately Critical : 35 Secunia Advisories Less Critical : 34 Secunia Advisories Not Critical : 2 Secunia Advisories ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ________________________________________ Subscribe to InfoSec News http://www.infosecnews.orgReceived on Fri Sep 04 2009 - 02:03:59 PDT
This archive was generated by hypermail 2.2.0 : Fri Sep 04 2009 - 02:14:16 PDT