Sophos virus news
Norman Current Virus Threads
Kaspersky virus news
Trendmicro
Panda Software
Symantec
Micrsoft TechNet Security Bulletin Feed
Micrsoft Security Advisories
Virus Alert information
US-CERT Technical Cyber Security Alerts
US-CERT Cyber Security Alerts
US-CERT Cyber Security Tips
SANS Internet Storm Center
Avira Security News
Avira Latest Threads
Security Focus
Sophos newsfeeds
| Norman: Overview of current virus threats |
| Virus warnings |
|---|
| XML Fake Antivirus Fake antivirus or more precise - fake antimalware, or rogue security programs - is a generic description for all types of malware that pretend to be protection software against virus, spyware, trojans and other types of malware. In reality however, fake antimalware is malicious software.Although this type of malicious software has been around a long time, its growth has been particularly huge recent years.The most used spreading mechanism is drive-by infections from visiting web sites. One popular technique is to manipulate search engines. Stuxnet.A W32/Stuxnet.A belongs to a worm family that spreads through removable drives. It does this malicious activity by taking advantage of the recently discovered vulnerability in Microsoft Windows Shell (Dropping shortcut files (.LNK) that automatically run when the removable drive is accessed). Microsoft has released a security update 2 August 2010 that fixes the vulnerability. Bredolab W32/Bredolab is a trojan downloader that connects to the server hard-coded in to the executable and downloads the malware in order to compromise the system security, depending on the instruction available in the server. TDSS TDSS is a trojan that has a rootkit component and a bot component. The rootkit is responsible for hiding the trojan's files on disk, and for providing hidden and encrypted storage for the bot component. The bot component connects to remote computers and makes the infected computer part of a botnet. It may download and install additional malware.TDSS requires special software for removal. Virut W32/Virut is a polymorphic virus that infects executables and screensaver files, and attempts to downloads additional malware. There are many variants.The Virut.CM variant also injects an iframe object into HTML based files, disables Windows file protection in order to infect essential protected Windows system files. A viral thread, running under winlogon.exe or services.exe, attempts to connect to an IRC backdoor through port 80 or 65520, in order to download additional malware components. Koobface W32/Koobface is a worm propagating through social networking sites such as Facebook. The worm spreads by sending messages with malicious links to contacts on various social networking sites. These links leads to websites that tries to trick the users into downloading the worm and other malicious software. Conficker W32/Conficker is a network-propagating worm family. There are several variants. This description mainly describes the B variant. Additional details of the C and D variants are appended.The worm's most interesting feature is that it spreads to other machines via a security vulnerability in the Windows Server Service. This vulnerability allows it to trigger a download of itself to the remote computer without the user's knowledge.When executed, the worm will copy itself as a randomly named DLL to the Windows System folder. It also copies itself to network shares and attempt to execute itself on the remote machines. Tibs This is a large malware family (10000+ discrete detections) with a variety of components and functionality. The first variants of this series were seen as early as 2005. These trojans are designed to download and install a number of other trojans. How they are installed on a machine varies - some can be installed via malicious web sites, while others can be sent via mail or be found on the peer2peer networks. In a handful of documented cases this trojan has also been associated with child pornography. Below is a list of different Tibs-related malware and its functionality. Downloaders These variants usually install themselves as %SYSTEM%\kernels64.exe on the local machine; but some variants use names like kernels8.exe or kernels88.exe. They create registry keys to run from startup and every time Explorer is started. In addition, the Task Manager is disabled. Registry changes: HKLM\Software\Microsoft\Windows\CurrentVersion\Run “System"=%SYSTEM%\kernels64.exe HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices “SystemTools"=%SYSTEM%\kernels64.exe HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"="Explorer.exe %SYSTEM%\kernels64.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"= 1 Payload: They download a set of malware components from a distribution site. These additional components are installed using random file names in the %SYSTEM% folder: %SITE%\proxy.exe : Downloader for more components %SITE%\search.exe : Downloader trojan %SITE%\tibs.exe : Downloader for a porn dialer %SITE%\tool.exe : Downloader for more components %SITE%\winlogon.exe : Installer for a rogue spyware application Some variants do not download directly, but instead access a PHP script which determines which file is to be downloaded. Usually information about the local machine processor and Windows version will be uploaded to the attacker at the same time. Email address harvesters: This type of component searches through local files and address books looking for email addresses and posts the findings to a malicious web site. These email addresses are certainly used for spam purposes. Mail proxies: By installing a mail proxy, the attacker can send mail through another person’s mailserver. This is very useful for a spammer. Machines infected with this type of trojan will have an open port 25 (SMTP). Peer-to-peer bot: Some variants are able to connect to other machines also infected and thus create networks of infected machines. A large amount of these files were spammed out on email shortly after the large storm that hit Europe in January 2007 and the malware was given the name Stormy by some. This is a remote-controllable trojan (bot). It carries with it a list of controlling IP addresses, which it can contact to fetch information about other infected machines, and also register itself as a new peer in the network. Many variants of this also install a rootkit to hide themselves. Once run, it drops a file with the name wincom32.sys in the %SYSTEM% folder. It then registers this as a service. The trojan may also create a file called wincom32.ini, as well as download and install more malware. Registry changes: HKLM\System\CurrentControlSet\Services\wincom "ImagePath"="C:\WINDOWS\SYSTEM32\wincom32.sys" "DisplayName"="wincom32" The trojan communicates with peers on ports 4000, 7871 and 11271. Email worm installation: Tibs-related malware may also be downloaded and installed by the Luder email worm/virus combo. Luder drops many copies of itself in various locations, and then adds a small codepiece to innocent applications in such a way that when such infected files are run, the main virus is executed as well. NOTE: The variables %SITE% and %SYSTEM% refers to specific web sites used, and the Windows System folder, respectively. Mytob The Mytob family is a big family of worms that can spread via email and via security vulnerabilities in the operating system. This is a general description of the family. Mytob is loosely based on two other worm series: The Mydoom email worms and the SDBot/Spybot network worms. The SDBot series of worms is very common, but does not have email spreading. In addition, SDBots are rather plugin-based and easy to adjust to new technologies, so that they finally got equipped with email-spreading came as no surprise. They appear to at least initially be spammed out from the author(s). New variants have occurred at a high frequency, with a regularity which looks almost scheduled. MyDoom.AQ Another worm in the MyDoom series; file size usually 25771 bytes. This appears to be more or less a repackaging of an earlier variant, although small differences exist. MyDoom.L W32/MyDoom.L@mm is a mass mailing worm compressed using UPX. Filesizes may vary as the worm appends random data to itself, but samples seem to be at least 28kbytes. Netsky.P This is an email and network worm. File size is 29568 bytes, but size may vary when the worm comes in a zip file. MyDoom.AH W32/MyDoom.AH is a mass-mailing peer-to-peer worm, compressed using UPX to a file size of 31,744 bytes. SDBot SDBots are worms that propagate via network shares. They also contain backdoor functionality, which connects to an IRC channel and waits for commands. Because of the similarities between many of the SDBot variants this is a generic desciption. |
| |||
| Panda Software | ||
|---|---|---|
 |
| Microsoft Security Bulletins |
| Last updated: Tue, 10 Aug 2010 18:17:22 GMT |
| Copyright: Copyright Microsoft Corporation 2005 |
| Microsoft Security Bulletins |
|---|
| XML MS10-060 - Critical: Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft .NET Framework and Microsoft Silverlight. The vulnerabilities could allow remote code execution on a client system if a user views a specially crafted Web page using a Web browser that can run XAML Browser Applications (XBAPs) or Silverlight applications, or if an attacker succeeds in convincing a user to run a specially crafted Microsoft .NET application. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The vulnerabilities could also allow remote code execution on a server system running IIS, if that server allows processing ASP.NET pages and an attacker succeeds in uploading a specially crafted ASP.NET page to that server and executing the page, as could be the case in a Web hosting scenario. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-059 - Important: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) Bulletin Severity Rating:Important - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Tracing Feature for Services. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-058 - Important: Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) Bulletin Severity Rating:Important - This security update resolves two privately reported vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow elevation of privilege due to an error in the processing of a specific input buffer. An attacker who is able to log on to the target system could exploit this vulnerability and run arbitrary code with system-level privileges. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-057 - Important: Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-056 - Critical: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities in Microsoft Office. The most severe vulnerabilities could allow remote code execution if a user opens or previews a specially crafted RTF e-mail message. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-055 - Critical: Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Cinepak Codec. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-054 - Critical: Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) Bulletin Severity Rating:Critical - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system. Firewall best practices and standard default firewall configurations can help protect networks from attacks originating outside the enterprise perimeter that would attempt to exploit these vulnerabilities. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-053 - Critical: Cumulative Security Update for Internet Explorer (2183461) Bulletin Severity Rating:Critical - This security update resolves six privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-052 - Critical: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft MPEG Layer-3 audio codecs. The vulnerability could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-051 - Critical: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403) Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. An attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-050 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Windows Movie Maker. The vulnerability could allow remote code execution if an attacker sent a specially crafted Movie Maker project file and convinced the user to open the specially crafted file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-049 - Critical: Vulnerabilities in SChannel could allow Remote Code Execution (980436) Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-048 - Important: Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329) Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and four privately reported vulnerabilities in the Windows kernel-mode drivers. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-047 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) Bulletin Severity Rating:Important - This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow elevation of privilege if an attacker logged on locally and ran a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit these vulnerabilities. The vulnerabilities could not be exploited remotely or by anonymous users. Published:Tue, 10 Aug 2010 08:00:00 GMT MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Mon, 02 Aug 2010 08:00:00 GMT MS10-045 - Important: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution (978212) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability. The vulnerability could allow remote code execution if a user opened an attachment in a specially crafted e-mail message using an affected version of Microsoft Office Outlook. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 13 Jul 2010 08:00:00 GMT MS10-044 - Critical: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution (982335) Bulletin Severity Rating:Critical - This security update resolves two privately reported vulnerabilities in Microsoft Office Access ActiveX Controls. The vulnerabilities could allow remote code execution if a user opened a specially crafted Office file or viewed a Web page that instantiated Access ActiveX controls. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 13 Jul 2010 08:00:00 GMT MS10-043 - Critical: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution (2032276) Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in the Canonical Display Driver (cdd.dll). Although it is possible that the vulnerability could allow code execution, successful code execution is unlikely due to memory randomization. In most scenarios, it is much more likely that an attacker who successfully exploited this vulnerability could cause the affected system to stop responding and automatically restart. Published:Tue, 13 Jul 2010 08:00:00 GMT MS10-042 - Critical: Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593) Bulletin Severity Rating:Critical - This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message. Published:Tue, 13 Jul 2010 08:00:00 GMT MS10-041 - Important: Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343) Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability. Published:Tue, 08 Jun 2010 08:00:00 GMT MS10-040 - Important: Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Internet Information Services (IIS). The vulnerability could allow remote code execution if a user received a specially crafted HTTP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Published:Tue, 08 Jun 2010 08:00:00 GMT MS10-039 - Important: Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2028554) Bulletin Severity Rating:Important - This security update resolves one publicly disclosed and two privately reported vulnerabilities in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link. Published:Tue, 08 Jun 2010 08:00:00 GMT MS10-038 - Important: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) Bulletin Severity Rating:Important - This security update resolves fourteen privately reported vulnerabilities in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Published:Tue, 08 Jun 2010 08:00:00 GMT MS10-037 - Important: Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege (980218) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in the Windows OpenType Compact Font Format (CFF) driver. The vulnerability could allow elevation of privilege if a user views content rendered in a specially crafted CFF font. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Published:Tue, 08 Jun 2010 08:00:00 GMT MS10-036 - Important: Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in COM validation in Microsoft Office. The vulnerability could allow remote code execution if a user opens a specially crafted Excel, Word, Visio, Publisher, or PowerPoint file with an affected version of Microsoft Office. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful a user must open an attachment that is sent in an e-mail message. Published:Tue, 08 Jun 2010 08:00:00 GMT |
 |
| Last updated: Tue, 31 Aug 2010 21:34:33 GMT |
| Copyright: © 2005 Microsoft Corporation. All rights reserved. |
| Latest Security Advisories |
|---|
| XML Microsoft Security Advisory (2269637): Insecure Library Loading Could Allow Remote Code Execution - 8/31/2010 Revision Note: V1.1 (August 31, 2010) Added a link to Microsoft Knowledge Base Article 2264107 to provide an automated Microsoft Fix it solution for the workaround, Disable loading of libraries from WebDAV and remote network shares. Advisory Summary:Microsoft is aware that research has been published detailing a remote attack vector for a class of vulnerabilities that affects how applications load external libraries. Published:Tue, 31 Aug 2010 07:00:00 GMT Microsoft Security Advisory (977377): Vulnerability in TLS/SSL Could Allow Spoofing - 8/10/2010 Revision Note: V2.0 (August 10, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-049 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-049. The vulnerability addressed is the TLS/SSL Renegotiation Vulnerability - CVE-2009-3555. For additional information on this advisory, see Microsoft Knowledge Base Article 977377. Published:Tue, 10 Aug 2010 07:00:00 GMT Microsoft Security Advisory (2264072): Elevation of Privilege Using Windows Service Isolation Bypass - 8/10/2010 Revision Note: V1.0 (August 10, 2010): Advisory published. Advisory Summary:Microsoft is aware of the potential for attacks that leverage the Windows Service Isolation feature to gain elevation of privilege. This advisory discusses potential attack scenarios and provides suggested actions that can help to protect against this issue. This advisory also offers a non-security update for one of the potential attack scenarios through Windows Telephony Application Programming Interfaces (TAPI). Published:Tue, 10 Aug 2010 07:00:00 GMT Microsoft Security Advisory (2286198): Vulnerability in Windows Shell Could Allow Remote Code Execution - 8/2/2010 Revision Note: V2.0 (August 2, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. Published:Mon, 02 Aug 2010 07:00:00 GMT Microsoft Security Advisory (2219475): Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution - 7/13/2010 Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-042 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-042. The vulnerability addressed is the Help Center URL Validation Vulnerability - CVE-2010-1885. Published:Tue, 13 Jul 2010 07:00:00 GMT Microsoft Security Advisory (2028859): Vulnerability in Canonical Display Driver Could Allow Remote Code Execution - 7/13/2010 Revision Note: V2.0 (July 13, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-043 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-043. The vulnerability addressed is the Canonical Display Driver Integer Overflow Vulnerability - CVE-2009-3678. Published:Tue, 13 Jul 2010 07:00:00 GMT Microsoft Security Advisory (980088): Vulnerability in Internet Explorer Could Allow Information Disclosure - 6/9/2010 Revision Note: V1.2 (June 9, 2010): Added information about MS10-035 and clarified a FAQ entry about the caching vector. Advisory Summary:Microsoft is investigating new public reports of a vulnerability in Internet Explorer. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Published:Wed, 09 Jun 2010 07:00:00 GMT Microsoft Security Advisory (983438): Vulnerability in Microsoft SharePoint Could Allow Elevation of Privilege - 6/8/2010 Revision Note: V2.0 (June 8, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-039 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-039. The vulnerability addressed is the Help.aspx XSS Vulnerability - CVE-2010-0817. Published:Tue, 08 Jun 2010 07:00:00 GMT Microsoft Security Advisory (973811): Extended Protection for Authentication - 6/8/2010 Revision Note: V1.5 (June 8, 2010): Updated the FAQ with information about six non-security updates enabling .NET Framework to opt in to Extended Protection for Authentication. Advisory Summary:Microsoft is announcing the availability of a new feature, Extended Protection for Authentication, on the Windows platform. This feature enhances the protection and handling of credentials when authenticating network connections using Integrated Windows Authentication (IWA). Published:Tue, 08 Jun 2010 07:00:00 GMT Microsoft Security Advisory (981169): Vulnerability in VBScript Could Allow Remote Code Execution - 4/13/2010 Revision Note: V2.0 (April 13, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-022 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-022. The vulnerability addressed is the VBScript Help Keypress Vulnerability - CVE-2010-0483. Published:Tue, 13 Apr 2010 07:00:00 GMT Microsoft Security Advisory (977544): Vulnerability in SMB Could Allow Denial of Service - 4/13/2010 Revision Note: V2.0 (April 13, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-020 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-020. The vulnerability addressed is the SMB Client Incomplete Response Vulnerability - CVE-2009-3676. Published:Tue, 13 Apr 2010 07:00:00 GMT Microsoft Security Advisory (981374): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 3/30/2010 Revision Note: V2.0 (March 30, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-018 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-018. The vulnerability addressed is the Uninitialized Memory Corruption Vulnerability - CVE-2010-0806. Published:Tue, 30 Mar 2010 07:00:00 GMT Microsoft Security Advisory (979682): Vulnerability in Windows Kernel Could Allow Elevation of Privilege - 2/9/2010 Revision Note: V2.0 (February 9, 2010): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-015 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-015. The vulnerability addressed is the Windows Kernel Exception Handler Vulnerability - CVE-2010-0232. Published:Tue, 09 Feb 2010 08:00:00 GMT Microsoft Security Advisory (979352): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 1/21/2010 Revision Note: V2.0 (January 21, 2010): Advisory updated to reflect publication of security bulletin Advisory Summary:Microsoft has completed the investigation the public reports of this vulnerability. We have issued MS10-002 to address this issue. For more information about this issue, including download links for an available security update, please review MS10-002. The vulnerability addressed is the HTML Object Memory Corruption Vulnerability - CVE-2010-0249. Published:Thu, 21 Jan 2010 08:00:00 GMT Microsoft Security Advisory (979267): Vulnerabilities in Adobe Flash Player 6 Provided in Windows XP Could Allow Remote Code Execution - 1/12/2010 Revision Note: V1.0 (January 12, 2010): Advisory published. Advisory Summary:Security Advisory Published:Tue, 12 Jan 2010 08:00:00 GMT Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution - 12/8/2009 Revision Note: V2.0 (December 8, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bulletin MS09-072 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-072. The vulnerability addressed is the HTML Object Memory Corruption Vulnerability - CVE-2009-3672. Published:Tue, 08 Dec 2009 08:00:00 GMT Microsoft Security Advisory (974926): Credential Relaying Attacks on Integrated Windows Authentication - 12/8/2009 Revision Note: V1.0 (December 8, 2009): Advisory published. Advisory Summary:This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Microsoft has made available for customers to help protect against these attacks. Published:Tue, 08 Dec 2009 08:00:00 GMT Microsoft Security Advisory (954157): Security Enhancements for the Indeo Codec - 12/8/2009 Revision Note: V1.0 (December 8, 2009): Advisory published. Advisory Summary:Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. Published:Tue, 08 Dec 2009 08:00:00 GMT Microsoft Security Advisory (975497): Vulnerabilities in SMB Could Allow Remote Code Execution - 10/13/2009 Revision Note: V2.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Security Advisory Published:Tue, 13 Oct 2009 07:00:00 GMT Microsoft Security Advisory (975191): Vulnerabilities in the FTP Service in Internet Information Services - 10/13/2009 Revision Note: V3.0 (October 13, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this issue. We have released MS09-053 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-053. The vulnerabilities addressed are the IIS FTP Service DoS Vulnerability (CVE-2009-2521) and the IIS FTP Service RCE and DoS Vulnerability (CVE-2009-3023). Published:Tue, 13 Oct 2009 07:00:00 GMT Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution - 10/13/2009 Revision Note: V4.0 (October 13, 2009): Advisory revised to add an entry in the Updates related to ATL section to communicate the release of Microsoft Security Bulletin MS09-060, "Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution." Advisory Summary:Security Advisory Published:Tue, 13 Oct 2009 07:00:00 GMT Microsoft Security Advisory (967940): Update for Windows Autorun - 8/25/2009 Revision Note: V1.1 (August 25, 2009): Summary revised to notify users of an update to Autorun that restricts AutoPlay functionality to CD-ROM and DVD-ROM media, available for Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 from Microsoft Knowledge Base Article 971029. Advisory Summary:Microsoft is announcing the availability of an update that corrects a functionality feature that can help customers in keeping their systems protected. The update corrects an issue that prevents the NoDriveTypeAutoRun registry key from functioning as expected. Published:Tue, 25 Aug 2009 07:00:00 GMT Microsoft Security Advisory (973472): Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution - 8/11/2009 Revision Note: V2.0 (August 11, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation of a privately reported vulnerability in Microsoft Office Web Components. We have issued MS09-043 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-043. The vulnerability addressed is the Office Web Components HTML Script Vulnerability - CVE-2009-1136. Published:Tue, 11 Aug 2009 07:00:00 GMT Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution - 7/14/2009 Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-032 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-032. The vulnerability addressed is the Microsoft Video ActiveX Control Vulnerability - CVE-2008-0015. Published:Tue, 14 Jul 2009 07:00:00 GMT Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution - 7/14/2009 Revision Note: V2.0 (July 14, 2009): Advisory updated to reflect publication of security bulletin. Advisory Summary:Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-028 to address this issue. For more information about this issue, including download links for an available security update, please review MS09-028. The vulnerability addressed is the DirectX NULL Byte Overwrite Vulnerability - CVE-2009-1537. Published:Tue, 14 Jul 2009 07:00:00 GMT |
 |
| VirusAlert, de Nederlandstalige bron voor informatie over computervirussen. De ideale aanvulling op antivirussoftware. Dagelijks informatie over computervirussen en hoax-berichten. In het geval van een high-risk virus ontvangt u informatie via de gratis nieuwsbrief. Hieronder informatie over de laatste 10 virussen. |
| VirusAlert |
|---|
| XML Trojan.Bamital W32.Difupat W32.Custam backdoor.Arugizer W32.Scrshotvid Infostealer.Saluni trojan.Wuwo W32.Zimuse W32.Spyrat W32.Buzus Trojan.Ramvicrype |
| US-CERT Technical Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits. |
| US-CERT Technical Cyber Security Alerts |
|---|
| XML TA10-238A: Microsoft Windows Insecurely Loads Dynamic Libraries TA10-231A: Adobe Reader and Acrobat Vulnerabilities TA10-223A: Adobe Flash and AIR Vulnerabilities TA10-222A: Microsoft Updates for Multiple Vulnerabilities TA10-194B: Oracle Updates for Multiple Vulnerabilities TA10-194A: Microsoft Updates for Multiple Vulnerabilities TA10-162A: Adobe Flash and AIR Vulnerabilities TA10-159B: Microsoft Updates for Multiple Vulnerabilities TA10-159A: Adobe Flash, Reader, and Acrobat Vulnerability TA10-131A: Microsoft Updates for Multiple Vulnerabilities |
| US-CERT Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits. Cyber Security Alerts are released in conjunction with Technical Cyber Security Alerts when there is an issue that affects the general public. Cyber Security Alerts outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack. |
| US-CERT Cyber Security Alerts |
|---|
| XML SA10-231A: Adobe Reader and Acrobat Vulnerabilities SA10-224A: Apple Updates iOS for Multiple Vulnerabilities SA10-223A: Adobe Flash and AIR Vulnerabilities SA10-222A: Microsoft Updates for Multiple Vulnerabilities SA10-194A: Microsoft Updates for Multiple Vulnerabilities SA10-162A: Adobe Flash and AIR Vulnerabilities SA10-159B: Microsoft Updates for Multiple Vulnerabilities SA10-159A: Adobe Flash, Reader, and Acrobat Vulnerability SA10-131A: Microsoft Updates for Multiple Vulnerabilities SA10-103C: Adobe Reader and Acrobat Vulnerabilities |
| US-CERT Cyber Security Tips describe and offer advice about common security issues for non-technical computer users. Tips are restricted to a single topic, although complex issues may span multiple tips. Each tip builds upon the knowledge, both terminology and content, of those published prior to it. |
| US-CERT Cyber Security Tips |
|---|
| XML ST05-014: Real-World Warnings Keep You Safe Online ST05-013: Guidelines for Publishing Information Online ST05-012: Supplementing Passwords ST05-011: Effectively Erasing Files ST05-010: Understanding Web Site Certificates ST05-008: How Anonymous Are You? ST05-007: Risks of File-Sharing Technology ST05-005: Reviewing End-User License Agreements ST05-004: Avoiding Copyright Infringement ST04-023: Understanding Your Computer: Email Clients |
| SANS Internet Storm Center, InfoCON: green |
|---|
| XML Microsoft EMETv2 released, (Thu, Sep 2nd) Today, Microsoft released a new version of their Enhanced Mitigation Experience Toolkit. A rather unwieldy name, but quite interesting technology - with EMET, legacy applications on OS versions as far back as WindowsXP can now also be protected with Data Execution Prevention (DEP), Exception Handler Overwrite Protection (SEHOP) and more, and the application doesn't even have to be DEP-aware. If you have vulnerable legacy apps on Windows that you need to keep alive for a little while longer, I suggest to take a look at EMETv2. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. SDF, please!, (Thu, Sep 2nd) We're under a targeted malware attack!, a friend of mine yelled into the phone. We are getting lots of oddly named PDFs, attached to personalized emails, sent only to certain employees in our firm!. From some past experience with chewing through our nasty malware repository here at SANS ISC, I had learned a thing or two about malicious PDFs, so I agreed to take a look. One hour later, it was clear that the PDFs in this case were free of any exploit, completely harmless, and contained only the average I AM A COUSIN OF THE LATE ZESKEKE NGAGWENE type of Nigerian 419 (advance-fee) fraud spam. But the whole episode gave me pause. It really looks like the past two years of never ending new waves of PDF exploits have degraded PDF in the mind of every security analyst to a level somewhere at par with ANI and SCR files: No matter what it claims to be, it ain't nothing good. I very much agree with Stephen Northcutt's comment in SANS Newsbites two months ago. He asked: Is there an alternative to a .pdf? It was supposed to be a printable image of what you saw on the screen. At least that was the idea 15 years ago. It should not need launch functions to do that. Do you remember five or six years ago, you weren't supposed to send an excel spreadsheet or a word document because they might contain malware, you were supposed to send a .pdf. Guess that has changed! Time for SDF - the Safe Document Format. You know, one that just supports pixels in various shades of gray, and does not need to include the ability to play a movie in 3D accompanied by surround sound. Just a nice plain document that can be opened, read and printed, without any of the nagging feeling of dread that nowadays accompanies clicking on a PDF. Anyone? (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. Month of Undisclosed 0-day Bugs, (Wed, Sep 1st) As a heads up, the Exploit Database (exploit-db.com) is publish a month of undisclosed 0day bugs from Abyssec Research. Today there are two bugs published one for cPanel (though it seems more of a bug of fantastico) and one on Adobe Reader and Flash. Expect that the good ones will be weaponized quickly as the disclosures are quite technically detailed and don't take too much thought to put into place. You may wish to keep up with what they publish as awareness for your own networks. -- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. Microsoft issues updates to sysinternals ProcDump and Process Monitor: http://blogs.technet.com/b/sysinternals/archive/2010/08/30/updates-procdump-process-monitor-and-a-new-mark-s-blog-post.aspx, (Wed, Sep 1st) -- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. VMWARE releases 2 security advisories for ESX Service Console: http://lists.vmware.com/pipermail/security-announce/2010/000103.html and http://lists.vmware.com/pipermail/security-announce/2010/000104.html, (Wed, Sep 1st) -- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. Interesting PHP injection, (Tue, Aug 31st) PHP injection attacks have become increasingly popular lately. If you look at your web server logs Im pretty sure that you will find dozens of requests for PHP injection, usually by bots that are simply trying some well known (and less known) vulnerabilities. One of our readers, Blake, managed to capture some interesting attempts to exploit various PHP injection vulnerabilities on his web site, thanks to installation of mod_security. Contrary to popular PHP injection attempts, where the attacker tries to exploit a variable to get the PHP interpreter to retrieve a remote PHP script, Blake noticed that the attacker tried to exploit a vulnerability in a PHP script through POST request. The attacker submitted a malicious PHP script (with other data) hoping that the PHP interpreter will execute it this vulnerability also exist, although not that common. Here is what the attack looked like in log files: POST http://www.hostname.somewhere en-US) AppleWebKit/133.7 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4 Host: www.hostname.somewhere boundary=---------------------------phpsploit Content-Length: 46266 The POST request contained, besides data needed by the main script, an (of course) obfuscated PHP script that the attacker tried to execute. The deobfuscation part is shown in the picture below where I beautified it a bit and cut the long eval string. Now, the interesting part is that the script uses the User-Agent field as the deobfuscation key. If you carefully check the User-Agent shown in above you will see that, while it looks legitimate, it in fact isnt the combination of versions is not legitimate. But thats not all the injected PHP script contains multiple eval() calls of which every one uses a different deobfuscation key. This allows the attacker to test only parts of the script and never reveal its true side unless the attack works the part that I was able to deobfuscate is shown below and it just tries to connect to a well known (public and legitimate) IRC server. Very clever, especially if we know that PHP will nicely eat any garbage that it cant parse so the attacker doesnt have to worry about only one eval() call working. This attack demonstrated how important it is to use all available protection layers not only Blakes scripts where not vulnerable, but he also ran mod_security which successfully blocked this attack and he was checking his logs, something that a lot of administrators underestimate. What do your logs look like? If you find similar attacks or something else that looks interesting, let us know through our contact form available here. -- Bojan INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. Abandoned free email accounts, (Sun, Aug 29th) Mark wrote in with an observation that abandoned free email accounts (such as those of hotmail, yahoo and the like)are being abused by spammers to send messages at a very slow rate to the contacts in those accounts. As Mark noted himself, there's an obvious privacy issue if your contacts leak, and that some of the former users have not only abandoned the service, but actually assumed the service would have been terminated due to no activity on the account anymore. If you have observed the same thing, we're interested in hearing from you. But it might be a good idea to verify the status of your former mailboxes you have around the globe and make sure there's nothing left of them of value to you or your attackers before you do abandon them. Better yet, those really old ones, should we not delete them properly? UPDATE: A reader pointed out it might not always be easy for users to deleted unwanted accounts judging from the support fora at e.g. hotmail, and hence it would be quite understandable that they just abandon the accounts instead of cleaning them up properly. UPDATE: Andy, Andrew and others wrote in corroborating the story from experience with Yahoo, Gmail and Hotmail addresses that used to belong to friends and family starting to spam.Andy also noted another concern:the recipient might place more trust in known addresses from the past (think e.g. whitelisting in anti-spam filters and also might lead to trust in the person allowing for lesser guards in beign social engineered into a click or other form of trust. A number of readers pointed out they have seen it happen on active accounts just as well as on the abandoned accounts. Some also pointed out it is very difficult to regain control of the account as the spammers changed the password they had on it. An anonymous reader had lost control of his gmail account and didn't realize his address book got populated automatically due to sending and receiving email -even when just sending/receiving email from a smartphone without using the web interfaces-. Carol also pointed out that loosing control of an account can be frustrating to allow one to regain control by the legitimate user. -- Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. Apple QuickTime potential vulnerability/backdoor, (Mon, Aug 30th) A vulnerability/backdoor in Apple Quicktime has been announced, and we are keeping an eye on it. Cheers, Adrien de Beaupr EWA-Canada.com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. New poll on mobile device security http://isc.sans.edu/poll.html, (Mon, Aug 30th) (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. Cisco IOS XR Software Border Gateway Protocol Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4411f.shtml, (Mon, Aug 30th) (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License. |
 |
| Free content directory of security related articles. All items are available for publication and can be reprinted free of charge as long as the author box remains intact. Build content for your website quickly and easily! Webmasters can take the articles included in this section and incorporate them on their website at no charge whatsoever, as long as the about the author box remains intact. |
| Avira - Latest Security News |
|---|
| Last updated: Tue, 27 Jul 2010 12:03:27 +0300 |
| XML Avira warns of Windows vulnerability 21 July 2010 – Cyber criminals abuse an open security vulnerability in all Windows versions to inject malware into PCs Complete Article - Avira warns of Windows vulnerability Published:Wed, 21 Jul 2010 00:00 +0300 Spam mails lure with domain password reset warning 1 July 2010 – A wave of spam mails lures recipients with fake warning of domain password reset; links lead to a fake Canadian Online Pharmacy Complete Article - Spam mails lure with domain password reset warning Published:Thu, 01 Jul 2010 00:00 +0300 Botnet Toolkit for Twitter 20 May 2010 – The IT security experts at Avira have analyzed a toolkit for a Twitter-based botnet and ensure protection against it Complete Article - Botnet Toolkit for Twitter Published:Thu, 20 May 2010 00:00 +0300 Ransomware threatens with official complaint of piracy 14 April 2010 – Currently active blackmail Trojans are using a new scam, as the IT security specialist Avira informs. In order to avoid a complaint because of downloading illegal copies of copyrighted files, the victims of the ransomware should pay about 400 USD to an alleged copyright organization. Complete Article - Ransomware threatens with official complaint of piracy Published:Wed, 14 Apr 2010 00:00 +0300 Avira protects from PDF Exploit 9 March 2010 - Malicious PDF files abuse a vulnerability in Adobe Reader and Acrobat which was recently fixed by Adobe Complete Article - Avira protects from PDF Exploit Published:Tue, 09 Mar 2010 00:00 +0200 |
 |
| Use Avira's Latest Threats RSS to keep track of the newest multi-language malware descriptions posted on our website automatically. For details, plese visit our website: www.avira.com. |
| Avira - Latest Threats Descriptions |
|---|
| Last updated: Wed, 01 Sep 2010 15:41:51 +0200 |
| XML TR/Agent2.loa Danger Level: Low to Medium Threat VDF version: 7.10.11.62 Published date: Wed, 01 Sep 2010 13:56 +0200 Complete description for this threat can be found here. Published:Wed, 01 Sep 2010 13:56 +0200 TR/Agent.axg Danger Level: Low to Medium Threat VDF version: 7.10.11.28 Published date: Mon, 30 Aug 2010 11:42 +0200 Complete description for this threat can be found here. Published:Mon, 30 Aug 2010 11:42 +0200 TR/Agent.ATU.2 Danger Level: Low to Medium Threat VDF version: 7.10.11.18 Published date: Fri, 27 Aug 2010 12:11 +0200 Complete description for this threat can be found here. Published:Fri, 27 Aug 2010 12:11 +0200 Java/ClassLoader.AZ Danger Level: Medium Threat VDF version: 7.10.11.04 Published date: Thu, 26 Aug 2010 11:54 +0200 Complete description for this threat can be found here. Published:Thu, 26 Aug 2010 11:54 +0200 TR/Crypt.XPACK.Gen3 Danger Level: Low Threat Published date: Thu, 26 Aug 2010 09:53 +0200 Complete description for this threat can be found here. Published:Thu, 26 Aug 2010 09:53 +0200 |
 |
| SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs. |
| SecurityFocus Vulnerabilities |
|---|
| XML Vuln: Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities Wireshark 0.8.20 through 1.2.8 Multiple Vulnerabilities Vuln: Wireshark 0.10.8 to 1.0.14 and 1.2.0 to 1.2.9 Multiple Vulnerabilities Wireshark 0.10.8 to 1.0.14 and 1.2.0 to 1.2.9 Multiple Vulnerabilities Vuln: Fedora SSSD Kerberos Authentication Security Bypass Vulnerability Fedora SSSD Kerberos Authentication Security Bypass Vulnerability Vuln: Fedora SSSD LDAP Unauthenticated Bind Security Bypass Vulnerability Fedora SSSD LDAP Unauthenticated Bind Security Bypass Vulnerability Bugtraq: {PRL} Novell Netware OpenSSH Remote Stack Overflow {PRL} Novell Netware OpenSSH Remote Stack Overflow Bugtraq: Vulnerabilities in CMS WebManager-Pro Vulnerabilities in CMS WebManager-Pro Bugtraq: [ MDVSA-2010:169 ] mozilla-thunderbird [ MDVSA-2010:169 ] mozilla-thunderbird Bugtraq: [USN-982-1] Wget vulnerability [USN-982-1] Wget vulnerability More rss feeds from SecurityFocus News, Infocus, Columns, Vulnerabilities, Bugtraq ... |
