October 31st, 2008 . by DarkFiber Consulting
Adobe has released a Security Advisory to address vulnerabilities in PageMaker 7.0.1 and 7.0.2. These vulnerabilities may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review Adobe’s Security Advisory ASPA08-10 and apply any necessary updates to help mitigate the risks. Note that the Adobe Security Advisory indicates that an additional vulnerability remains unaddressed by the update.
Posted in Security Alerts | No Comments »
Tagged With: Address • Adobe Pagemaker • Arbitrary Code • Attacker • Necessary Updates • Pagemaker 7 • Security Advisory • Vulnerability
October 31st, 2008 . by DarkFiber Consulting
VMware has released a Security Advisory indicating it has updated the ESX packages to address vulnerabilities in libxml2, ucd-snmp, and libtiff. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, spoof authenticated SNMPv3 packets, or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review VMware Security Advisory VMSA-2008-0017 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code • Attacker • Denial Of Service • Necessary Updates • Security Advisory • Spoof • Ucd Snmp • Vmware
October 29th, 2008 . by DarkFiber Consulting
OpenOffice.org has released bulletins to address two vulnerabilities. These bulletins address heap-based buffer overflow vulnerabilities in the processing of WMF and EMF files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review the following OpenOffice.org security bulletins and apply the resolutions provided by the vendor:
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code Execution • Attacker • Based Buffer Overflow • Buffer Overflow Vulnerabilities • Emf Files • Heap • Openoffice Org • Overflows • Resolutions • Security Bulletins • Wmf
October 27th, 2008 . by DarkFiber Consulting
Microsoft has released Security Advisory 958963 to alert users that exploit code is publicly available for the Windows Server Service vulnerability addressed in Microsoft Security Bulletin MS08-067. The advisory states that this exploit code has demonstrated arbitrary code execution on Windows 2000, XP and Server 2003.
DarkFiber Consulting encourages users and administrators to review Microsoft Security Advisory 958963 and apply the update or workarounds listed in Microsoft Security Bulletin MS08-067 to help mitigate the risks.
Additional information regarding the Windows Server Service vulnerability is available in:
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code Execution • Current • Microsoft • Microsoft Releases Security Advisory • Microsoft Security Advisory • Microsoft Security Bulletin • Server Service • Service Vulnerability • Vulnerability Note • Windows 2000 • Windows 2000 Xp • Windows Server • Workarounds
October 23rd, 2008 . by DarkFiber Consulting
Cisco Security Advisory cisco-sa-20081022-asa was released to address multiple vulnerabilities in Cisco ASA and PIX. These vulnerabilities may allow an attacker to bypass authentication mechanisms or cause a denial-of-service condition.
DarkFiber Consulting encourages users and administrators to review Cisco Security Advisory cisco-sa-20081022-asa and apply any necessary updates or workarounds to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Asa • Attacker • Authentication Mechanisms • Cisco • Cisco Pix • Cisco Security Advisory • Denial Of Service • Necessary Updates • Vulnerabilities • Workarounds
October 23rd, 2008 . by DarkFiber Consulting
Microsoft has issued a Security Bulletin Advance Notification indicating the upcoming release of an out-of-band bulletin. The notification states that this is a Critical bulletin and is for Microsoft Windows. Release of this bulletin is scheduled for Thursday, October 23.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Advance Notification • Microsoft • Microsoft Windows • Security Bulletin
October 23rd, 2008 . by DarkFiber Consulting
Microsoft has released Security Bulletin MS08-067 to address a vulnerability in the Windows Server Service. This vulnerability is due to improper handling of specially crafted RPC requests. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to review Microsoft Security Bulletin MS08-067 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Microsoft • Microsoft Security Bulletin • Necessary Updates • Server Service • Vulnerability • Windows Server
October 22nd, 2008 . by DarkFiber Consulting
Trend Micro has released a Critical Patch to address a vulnerability in OfficeScan. This vulnerability is due to a stack-based buffer overflow condition. By sending a specially crafted HTTP request containing form data to the server CGI module, an attacker may be able to execute arbitrary code on the affected system.
DarkFiber Consulting encourages users and administrators to review Trend Micro Critical Patch Release overview for Build 1374 and Build 3110 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Based Buffer Overflow • Buffer Overflow Condition • Cgi Module • Critical Patch • Micro Trend • Necessary Updates • Stack • Trend Micro • Trend Officescan • Vulnerability
October 21st, 2008 . by DarkFiber Consulting
F-Secure has released a Security Bulletin to address a vulnerability that affects a number of their products. This vulnerability is due to improper RPM parsing. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users to review F-Secure Security Bulletin FSC-2008-3 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Fsc • Necessary Updates • Rpm • Security Bulletin • Vulnerability
October 17th, 2008 . by DarkFiber Consulting
Adobe has released a Security Bulletin to address multiple security issues in Flash Player. Some of these issues may allow an attacker to conduct clickjacking types of attacks that could enable the camera or microphone through Flash Player. Additional information about clickjacking attacks can be found in a recently posted Current Activity entry.
DarkFiber Consulting encourages users and administrators to review the Adobe Security Bulletin and upgrade to Flash Player version 10.0.12.36 to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Adobe • Attacker • Flash Player • Microphone • Player Version • Security Bulletin • Security Issues