DarkFiber Consulting – IT Managed Services

OpenOffice.org Releases Two Security Bulletins

October 29th, 2008 . by DarkFiber Consulting

OpenOffice.org has released bulletins to address two vulnerabilities. These bulletins address heap-based buffer overflow vulnerabilities in the processing of WMF and EMF files. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to review the following OpenOffice.org security bulletins and apply the resolutions provided by the vendor:

Trend Micro OfficeScan Critical Patch Release

October 22nd, 2008 . by DarkFiber Consulting

Trend Micro has released a Critical Patch to address a vulnerability in OfficeScan. This vulnerability is due to a stack-based buffer overflow condition. By sending a specially crafted HTTP request containing form data to the server CGI module, an attacker may be able to execute arbitrary code on the affected system.

DarkFiber Consulting encourages users and administrators to review Trend Micro Critical Patch Release overview for Build 1374 and Build 3110 and apply any necessary updates to help mitigate the risks.

Veritas NetBackup Server/Enterprise Server Vulnerabilities

September 25th, 2008 . by DarkFiber Consulting

Symantec has released a Security Advisory to address multiple vulnerabilities in the Veritas NetBackup Server/Enterprise Server. These vulnerabilities are due to stack-based buffer overflow conditions and unsafe method calls within an ActiveX control that is part of the scheduler component. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.

DarkFiber Consulting encourages users to review the Symantec Security Advisory and apply any necessary updates to help mitigate the risks.

RealPlayer Releases Update

July 28th, 2008 . by DarkFiber Consulting

RealNetworks has released an update to address multiple vulnerabilities in RealPlayer. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. RealNetworks identifies the vulnerabilities as the following:

  • RealPlayer ActiveX controls property heap memory corruption.
  • Local resource reference vulnerability in RealPlayer.
  • RealPlayer SWF file heap-based buffer overflow.
  • RealPlayer ActiveX import method buffer overflow.

DarkFiber Consulting encourages users to review the RealNetworks advisory and apply the appropriate updates to help mitigate the risk.