December 11th, 2008 . by DarkFiber Consulting
CA has released a Security Notice and software patches to address a vulnerability in ACRserve Backup. This vulnerability is due to insufficient verification of client data. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or crash the LDBserver service.
DarkFiber Consulting encourages users to review the CA Security Notice and apply the appropriate patch to help mitigate the risks.
July 31st, 2008 . by DarkFiber Consulting
AVG has released version 8.0.156 to address multiple issues. Some of these issues could allow an attacker to cause a crash, resulting in a denial-of-service condition. This version also reduces the amount of incidental traffic generated by the program when searching on particular websites.
DarkFiber Consulting encourages users to review the AVG Program update and apply any necessary updates to help mitigate the risks.
July 18th, 2008 . by DarkFiber Consulting
Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. Two of these vulnerabilities were previously fixed in Firefox 188.8.131.52 as well; please see the DarkFiber Consulting Current Activity entry Mozilla Releases Firefox 184.108.40.206 for additional information.
DarkFiber Consulting encourages users to review the following Mozilla Foundation Security Advisories and upgrade to Firefox 3.0.1 or implement the workarounds provided in the documents to help mitigate the risks:
- MFSA 2008-34 : Remote code execution by overflowing CSS reference counter
- MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running
- MFSA 2008-36 : Crash with malformed GIF file on Mac OS X