A new vulnerability has been discovered in Adobe Shockwave player which could allow for arbitrary code execution on a machine which attempts to play a specially crafted malicious Shockwave player 10 content. A vendor patch exists, and any systems with Shockwave versions prior to 18.104.22.168 installed should be immediately updated to the latest version. A STEAM advisory on this vulnerability will be released later in the week containing more details.
More information can be found on Secunia's web page at:
Also, a new round of Thunderbird updates have been released addressing a number of security issues. Thunderbird, like Firefox, has an auto update feature but it's a good idea to double check to make sure any systems that you are running have been updated to version 22.214.171.124. More information on the update can be found at Mozilla's security advisories page: http://www.mozilla.org/security/known-vulnerabilities/thunderbird20.html#thunderbird 126.96.36.199Finally, a new vulnerability has been discovered in Google Chrome, which can potentially lead to a buffer overflow and arbitrary code execution of the user visits a malicious site. The vulnerability is related to the way in which Google Chrome handles unspecified HTTP response headers. The vulnerability is patched, and like Firefox, Chrome has an auto update feature, but user's should still verify that they have been updated to the latest version. Details can be found here: http://secunia.com/advisories/35548/
Posted by Brett Davis on June 24, 2009, in Handlers Log.