STEAM-CIRT Summary & Trends for December 2007

Monthly Summary and Trends

The STEAM-CIRT observed the expected drop in total reports for December due to the Winter holidays. Overall, the total number of reports dropped by 51% compared to November. Investigable events also experienced a significant drop of 32%. Classified incidents also fell, but only by 24%. These numbers are slightly higher compared to December 2006, but within an expected range.
December saw several notifications to the STEAM handler’s log at

http://www.purdue.edu/securepurdue/steam/.

A summary of these entries follows:

Adobe Flash Player update fixes multiple vulnerabilities
http://www.purdue.edu/securepurdue/steam/newsDetail.cfm?NewsID=185

Samba send_mailslot() Buffer Overflow Vulnerability
http://www.purdue.edu/securepurdue/steam/newsDetail.cfm?NewsID=183

WordPress Charset SQL Injection Vulnerability
http://www.purdue.edu/securepurdue/steam/newsDetail.cfm?NewsID=182

Apple Quicktime RTSP buffer overflow vulnerability
http://www.purdue.edu/securepurdue/steam/newsDetail.cfm?NewsID=181

Posted by William Harshbarger on March 12, 2008, in Handlers Log.