If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
Another warning concerning Apple Quick Time. Note it says ALL versions are
effected AND provides registry hacks to potentially correct the issues. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-334A Apple QuickTime RTSP Buffer Overflow Original release date: November 30, 2007 Last revised: -- Source: US-CERT Systems Affected A buffer overflow in Apple QuickTime affects: * Apple QuickTime for Windows * Apple QuickTime for Apple Mac OS X Overview Apple QuickTime contains a buffer overflow vulnerability in the way QuickTime processes Real Time Streaming Protocol (RTSP) streams. Exploitation of this vulnerability could allow an attacker to execute arbitrary code. I. Description Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. Most versions of QuickTime prior to and including 7.3 running on all supported Apple Mac OS X and Microsoft Windows platforms are vulnerable. Since QuickTime is a component of Apple iTunes, iTunes installations are also affected by this vulnerability. An attacker could exploit this vulnerability by convincing a user to access a specially crafted HTML document such as a web page or email message. The HTML document could use a variety of techniques to cause QuickTime to load a specially crafted RTSP stream. Common web browsers, including Microsoft Internet Explorer, Mozilla Firefox, and Apple Safari can be used to pass RTSP streams to QuickTime, exploit the vulnerability, and execute arbitrary code. Exploit code for this vulnerability was first posted publicly on November 25, 2007. II. Impact This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code or commands and cause a denial-of-service condition. III. Solution As of November 30, 2007, a QuickTime update for this vulnerability is not available. To block attack vectors, consider the following workarounds. Block the rtsp:// protocol Using a proxy or firewall capable of recognizing and blocking RTSP traffic can mitigate this vulnerability. Known public exploit code for this vulnerability uses the default RTSP port 554/tcp, however RTSP can use a variety of ports. Disable file association for QuickTime files Disable the file association for QuickTime file types. This can be accomplished by deleting the following registry keys: HKEY_CLASSES_ROOT\QuickTime.* This will remove the association for approximately 32 file types that are configured to open with QuickTime Player. Disable the QuickTime ActiveX controls in Internet Explorer The QuickTime ActiveX controls can be disabled in Internet Explorer by setting the kill bit for the following CLSIDs: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} {4063BE15-3B08-470D-A0D5-B37161CFFD69} More information about how to set the kill bit is available in Microsoft Knolwedgebase Article 240797. Alternatively, the following text can be saved as a .REG file and imported to set the kill bit for these controls: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4063BE15-3B08-470D-A0D5-B37161CFFD69}] "Compatibility Flags"=dword:00000400 Disable the QuickTime plug-in for Mozilla-based browsers Users of Mozilla-based browsers, such as Firefox can disable the QuickTime plugin, as specified in the PluginDoc article Uninstalling Plugins. Disable JavaScript For instructions on how to disable JavaScript, please refer to the Securing Your Web Browser document. This can help prevent some attack techniques that use the QuickTime plug-in or ActiveX control. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. Do not access QuickTime files from untrusted sources Do not open QuickTime files from any untrusted sources, including unsolicited files or links received in email, instant messages, web forums, or internet relay chat (IRC) channels. References * US-CERT Vulnerability Note VU#659761 - http://www.kb.cert.org/vuls/id/659761 * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ * Mozilla Uninstalling Plugins - http://plugindoc.mozdev.org/faqs/uninstall.html * How to stop an ActiveX control from running in Internet Explorer - http://support.microsoft.com/kb/240797 * IETF RFC 2326 Real Time Streaming Protocol - http://tools.ietf.org/html/rfc2326 __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-334A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-334A Feedback VU#659761" in the subject. __________________________________________________ _______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ _______________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ _______________ Revision History November 30, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR1ArKvRFkHkM87XOAQJg7wf/X4wAipFWO2ZJ5MdPzTwzE+x1OUIJxenP cFuLApajAMZ33yAyTTjA0sYhKveYhxSwqQTetEPiAWp5r/KPkJL5ugkeSvtzbAgf U6rsCICcRpjPJ7IjqsW/u6Hk2PBVqWwgip+FhZG5J5mjRPUdRr3JbmKlsEm/XDxi +ENxwrAgcoQHkLn76xn/9+1vTbI3zxi0GoyAR+GIFzs+Fsn+LazMCCrDI4ltPMnS c+Qpa3/qkOC+svz63yyHBjhq6eT2HQBP/X/50syweUOf4SrpDOdexX+mRPr03i6+ 9byGzjid5sObMAbpH1AzCtiDB56ai3zf+G5qV0uK2ziXihvNEn 7JKA== =Jc+L -----END PGP SIGNATURE----- -- MEB http://peoplescounsel.orgfree.com ________ |
#12
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities -US-Cert-combined
MEB wrote:
Another warning concerning Apple Quick Time. Note it says ALL versions are effected AND provides registry hacks to potentially correct the issues. Apple QuickTime contains a stack buffer overflow vulnerability in the way QuickTime handles the RTSP Content-Type header. Most versions of QuickTime prior to and including 7.3 running on all supported Apple Mac OS X and Microsoft Windows platforms are vulnerable. I apparently have version 6.5 installed. An attacker could exploit this vulnerability by convincing a user to access a specially crafted HTML document such as a web page or email message. Ok. The HTML document could use a variety of techniques to cause QuickTime to load a specially crafted RTSP stream. Ok, but how can that happen according to this: "QuickTime does not appear to register itself as the handler for the RTSP protocol on Windows systems" Unless because of this: "Disable the file association for QuickTime file types to help prevent windows applications from using Apple QuickTime to open QuickTime files. This can be accomplished by deleting the following registry keys: HKEY_CLASSES_ROOT\QuickTime.* This will remove the association for approximately 32 file types that are configured to open with the QuickTime Player software. I suppose the easiest solution is to rename the file "qtplugin.ocx". Any idea if quicktime alternative is vulnerable? http://en.wikipedia.org/wiki/QuickTime_Alternative |
#13
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
"98 Guy" wrote in message ... | MEB wrote: | | Another warning concerning Apple Quick Time. Note it says ALL | versions are effected AND provides registry hacks to potentially | correct the issues. | | Apple QuickTime contains a stack buffer overflow vulnerability | in the way QuickTime handles the RTSP Content-Type header. | Most versions of QuickTime prior to and including 7.3 running | on all supported Apple Mac OS X and Microsoft Windows platforms | are vulnerable. | | I apparently have version 6.5 installed. | | An attacker could exploit this vulnerability by convincing a | user to access a specially crafted HTML document such as a web | page or email message. | | Ok. | | The HTML document could use a variety of techniques to cause | QuickTime to load a specially crafted RTSP stream. | | Ok, but how can that happen according to this: | | "QuickTime does not appear to register itself as the handler | for the RTSP protocol on Windows systems" Yeah, a somewhat misleading comment there... so its just MAC or ... But when taken with the Apple warning of a month or so ago, Windows seems to be one to be concerned about as well. | | Unless because of this: | | "Disable the file association for QuickTime file types to help | prevent windows applications from using Apple QuickTime to open | QuickTime files. This can be accomplished by deleting the | following registry keys: | | HKEY_CLASSES_ROOT\QuickTime.* | This will remove the association for approximately 32 file types | that are configured to open with the QuickTime Player software. | | I suppose the easiest solution is to rename the file "qtplugin.ocx". From what appears, that may be an additional fix. I really haven't used QuickTime for almost a couple years now, so I have no way to test or review what would or wouldn't work.. though without the OCX at least it wouldn't apparently load when called via a web page or other. | | Any idea if quicktime alternative is vulnerable? | | http://en.wikipedia.org/wiki/QuickTime_Alternative Oh wow, thanks for the link [will look sometime soon]. Perhaps that might be the next issue to test before I stop doing so [okay, so now the target end date is January maybe]... never even bothered to look for a replacement .... Have you tried it yet, e.g. anything to report? -- MEB http://peoplescounsel.orgfree.com ________ |
#14
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
This post combines two bulletins from CERT, note discussion: 98 Guy post on Thu, 13 Dec 2007 10:34:29 -0500 - * IE gets security makeover in Patch Tuesday batch* in this discussion group. Xref: TK2MSFTNGP01.phx.gbl microsoft.public.win98.gen_discussion:835296 Note other segments of that discussion generally... The second bulletin relates to general advise related to on-line shopping and other related use [banking, etc.]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-345A Microsoft Updates for Multiple Vulnerabilities Original release date: December 11, 2007 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer Overview Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for December 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary commands on a vulnerable system. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the December 2007 security bulletins. The security bulletins describe any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * US-CERT Vulnerability Notes for Microsoft December 2007 updates - http://www.kb.cert.org/vuls/byid?searchview&query=ms07-dec * Microsoft Security Bulletin Summary for December 2007 - http://www.microsoft.com/technet/security/bulletin/ms07-dec.mspx * Microsoft Update - https://www.update.microsoft.com/microsoftupdate/ * Windows Server Update Services - http://www.microsoft.com/windowsserversystem/updateservices/default.mspx * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-345A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-345A Feedback VU#437393" in the subject. __________________________________________________ _______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ _______________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ ____________ Revision History December 11, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR18Qd/RFkHkM87XOAQKmPggAizWEwWaIVeYlbdXw6zGMS/zhqNuynvo5 D5gHuhs0UL+V96A8Aa/2c5oLaLDnR6Udk3yC8dSN1tLhwavwlQfXW33kAWWHOHpA xLzI/szcP/XRS6UgQeWC1caH6SAjdT6wbTBLh4QSa6jODGPpHFyRLbQV2x23 XKC7 4ehLACrh+NRpGKSJRffZEkUHDSoFSmSpgQHpOIHHS+mHzJcqtA m8C/v7Y0i5qeRU uWSqUBLYIhpcOaYGOjbVBOyemRGAUzrNZYbfYhHyP7mF5rYu2j MDF7LwaTwvnKG8 3Ljv6ChkQ+7OzbyFDIDmX1B2ZC/gRUphdZrPkAGqPTChAAv/JbmxkQ== =lx4/ -----END PGP SIGNATURE----- ----------- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cyber Security Tip ST07-001 Shopping Safely Online Online shopping has become a popular way to purchase items without the hassles of traffic and crowds. However, the Internet has unique risks, so it is important to take steps to protect yourself when shopping online. Why do online shoppers have to take special precautions? The Internet offers a convenience that is not available from any other shopping outlet. From the comfort of your home, you can search for items from countless vendors, compare prices with a few simple mouse clicks, and make purchases without waiting in line. However, the Internet is also convenient for attackers, giving them multiple ways to access the personal and financial information of unsuspecting shoppers. Attackers who are able to obtain this information may use it for their own financial gain, either by making purchases themselves or by selling the information to someone else. How do attackers target online shoppers? There are three common ways that attackers can take advantage of online shoppers: * Targeting vulnerable computers - If you do not take steps to protect your computer from viruses or other malicious code, an attacker may be able to gain access to your computer and all of the information on it. It is also important for vendors to protect their computers to prevent attackers from accessing customer databases. * Creating fraudulent sites and email messages - Unlike traditional shopping, where you know that a store is actually the store it claims to be, attackers can create malicious web sites that mimic legitimate ones or create email messages that appear to have been sent from a legitimate source. Charities may also be misrepresented in this way, especially after natural disasters or during holiday seasons. Attackers create these malicious sites and email messages to try to convince you to supply personal and financial information. * Intercepting insecure transactions - If a vendor does not use encryption, an attacker may be able to intercept your information as it is being transmitted. How can you protect yourself? * Use and maintain anti-virus software, a firewall, and anti-spyware software - Protect yourself against viruses and Trojan horses that may steal or modify the data on your own computer and leave you vulnerable by using anti-virus software and a firewall (see Understanding Anti-Virus Software and Understanding Firewalls for more information). Make sure to keep your virus definitions up to date. Spyware or adware hidden in software programs may also give attackers access to your data, so use a legitimate anti-spyware program to scan your computer and remove any of these files (see Recognizing and Avoiding Spyware for more information). * Keep software, particularly your web browser, up to date - Install software patches so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it. * Evaluate your software's settings - The default settings of most software enable all available functionality. However, attackers may be able to take advantage of this functionality to access your computer (see Evaluating Your Web Browser's Security Settings for more information). It is especially important to check the settings for software that connects to the Internet (browsers, email clients, etc.). Apply the highest level of security available that still gives you the functionality you need. * Do business with reputable vendors - Before providing any personal or financial information, make sure that you are interacting with a reputable, established vendor. Some attackers may try to trick you by creating malicious web sites that appear to be legitimate, so you should verify the legitimacy before supplying any information (see Avoiding Social Engineering and Phishing Attacks and Understanding Web Site Certificates for more information). Locate and note phone numbers and physical addresses of vendors in case there is a problem with your transaction or your bill. * Take advantage of security features - Passwords and other security features add layers of protection if used appropriately (see Choosing and Protecting Passwords and Supplementing Passwords for more information). * Be wary of emails requesting information - Attackers may attempt to gather information by sending emails requesting that you confirm purchase or account information (see Avoiding Social Engineering and Phishing Attacks for more information). Legitimate businesses will not solicit this type of information through email. * Check privacy policies - Before providing personal or financial information, check the web site's privacy policy. Make sure you understand how your information will be stored and used (see Protecting Your Privacy for more information). * Make sure your information is being encrypted - Many sites use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a lock icon in the bottom right corner of the window. * Use a credit card - Unlike debit cards, credit cards may have a limit on the monetary amount you will be responsible for paying if your information is stolen and used by someone else. You can further minimize damage by using a single credit card with a low credit line for all of your online purchases. * Check your statements - Keep a record of your purchases and copies of confirmation pages, and compare them to your bank statements. If there is a discrepancy, report it immediately (see Preventing and Responding to Identity Theft for more information). __________________________________________________ _______________ Authors: Mindi McDowell, Monica Maher __________________________________________________ _______________ Produced 2007 by US-CERT, a government organization. Terms of use http://www.us-cert.gov/legal.html This document can also be found at http://www.us-cert.gov/cas/tips/ST07-001.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR2BW6fRFkHkM87XOAQJOhAf+MeyvEabVEoG9z7Dbn6 r+7VXlCUuP0lls w0pzyyBMyJfh/p4d56FIOa+U4AnksgE4DpkvM4/HMjNTg/JUYtXhPQm7u3uYcQKH 8C1ybNXHaph23hoYlrPrxaU0che7wPsWFoFm3PYI+cZ17Dxk8o Fvz9SehcY80xbX PqGf3bBXnFm0gTKHp8f54/N3ErJ3DrQEyxGI4NR1zXrSJ45tsf76cCMLSi/T0r8G YBEk186THHnRxhoDvTUrUPCMocTmIcMcOZc3XM+Gr5c85x4hBX YXF3UIlvl1cpMN RCDRGD/canpB/HbI+ZEgj16MPlgqskmlU8ILC41WSq40QwqePmRWdw== =X05Z -----END PGP SIGNATURE----- |
#15
|
|||
|
|||
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined
Watch out for this one, FLASH issues... -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA07-355A Adobe Updates for Multiple Vulnerabilities Original release date: December 21, 2007 Last revised: -- Source: US-CERT Systems Affected * Adobe Flash Player 9.0.48.0 and earlier * Adobe Flash Player 8.0.35.0 and earlier * Adobe Flash Player 7.0.70.0 and earlier Overview Adobe has released Security bulletin APSB07-20 to address multiple vulnerabilities affecting Adobe Flash Player. Attackers could exploit these vulnerabilities to execute arbitrary code, perform DNS rebinding and cross-site scripting attacks, conduct port scans, or cause a denial of service. I. Description Adobe Security Update APSB07-20 addresses a number of vulnerabilities affecting Adobe Flash 9.0.48.0 and earlier, 8.0.35.0 and earlier and 7.0.70 and earlier. Further details are available in the related vulnerability notes. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Flash file. Flash content is widely deployed on the internet. An attacker could distribute Flash files using web sites that allow user-supplied content, like popular social networking sites. II. Impact The impacts of these vulnerabilities vary. An attacker may be able to execute arbitrary code, perform DNS rebinding or cross-site scripting attacks, conduct port scans, or cause a denial of service. III. Solution Upgrade Flash Player Upgrade Flash Player according to the information in Adobe Security bulletin APSB97-20. For the port scanning issue (CVE-2007-4324), consider ActionScript network socket functionality per TechNote kb402956. Adobe provides a way to determine which version of Flash Player is installed and a way to configure notifications of updates. IV. References * Vulnerability notes for Adobe Security Update APSB07-20 - http://www.kb.cert.org/vuls/byid?searchview&query=APSB07-20 * Adobe Security Bulletin APSB07-20 - http://www.adobe.com/support/security/bulletins/apsb07-20.html * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ __________________________________________________ _______________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA07-355A.html __________________________________________________ _______________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA07-355A Feedback VU#758769" in the subject. __________________________________________________ _______________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ _______________ Produced 2007 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ _______________ Revision History December 21, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBR2vXdfRFkHkM87XOAQIkugf+OFoNkAsI7vI15fuTGW KzXTTRazJ/0XjP 8Ao9dQqNJwIBwiyLr/rpuFkV5KuJoU5wr7pj9nG74Nm6VNsTTov52kLa2z4Htx6d zbDfFADHNpGQvWcXeR+OUsE/yXgMGSfesgooSbLdn9iRLSBZSDDz4WaTdhK4JVkO snIveVADwWA2vVtGgwclPx0DhxAb57t2nBKQ+pNzsiIedTBiIN bWyOG/A8Sst/B9 WuN2GXA1ARmQSTSBy2nuYNeF2g9z3FVRzAcBoMJ0ss0K2RBrcs hJcgoZzIatCSlc z8eQMxldtCaFuyRJTQ2vdwviBWUUlveYANTJJ6sh/rF3/EuwOyS0pg== =gxJQ -----END PGP SIGNATURE----- -- MEB http://peoplescounsel.orgfree.com ________ |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
us.cert.gov bulletin - Vulnerability Summary for the Week of May 14, 2007 | MEB | General | 0 | May 22nd 07 01:32 AM |
How to get rid of Adobe Flash Player 9 security warnings? | mistral | General | 8 | September 12th 06 10:16 AM |
New IE vulnerabilities | Dan | General | 7 | May 3rd 06 06:17 PM |
unpatched Critical vulnerabilities in Win 98 98SE? | Dan | General | 0 | February 13th 05 04:02 PM |
cert. of authenticity for windows xp | sue | General | 1 | May 20th 04 09:11 PM |