STEAM

Advisory Alerts

• Java Zero-Day Patched

  Sun Java vulnerability caused by an input handling error that can be exploited to execute Java based programs has been reported. NOTE: Patch Available

  Posted by Brad Graves on April 16, 2010.

• Microsoft Server Message Block (SMB) Vulnerability allows for Remote Code Execution

  Update 2: Microsoft has released a "Fix-it" tool to automatically disable the SMBv2 service, which is presently the only known mitigation technique other than implementing firewall rules to block SMB traffic.

  Posted by William Harshbarger on October 02, 2009.

• Microsoft Office Web Components ActiveX Remote Code Execution Vulnerability

  The Microsoft Office Web Components ActiveX control used by Internet Explorer contains a vulnerability that when exploited will allow an attacker to gain rights of the local user and allow remote code execution.

  Posted by William Harshbarger on July 13, 2009.

• Critical Unpatched Internet Explorer Issue

  An unpatched vulnerability exists in Internet Explorer 7 which may allow an attacker to compromise a user's system simply by having the user browse to a specially crafted web page. User's should be EXTREMELY cautious while browsing the web with IE7 before a patch is released and downloaded, and it is suggested that an alternate web browser be used. This exploit has already been seen in active use in the the wild.

  Posted by William Davis on December 12, 2008.

• Phishing Emails Threatening Internet Service Disconnection Carry Virus

  This email has been reported by numerous users of Purdue email systems. In some cases it has been reported that the .exe file contained in the zip file attachment named "user-EA49943X-activities.zip" has propagated automatically to c:\temp\escan\user-EA49943X-activities.zip\user-EA49943X-activities.exe where a virus scanner had flagged its presence. It is unknown by what mechanism this file was unzipped as none of the users reported clicking on or opening the email.

  Posted by Brett Davis on September 17, 2008.

• Critical SSH Issue Involving Education and Research Institutions

  Starting in March of this year, a large number of research and education systems have been compromised using stolen SSH keys. The keys are used to gain system access as an unprivileged user, and then local kernel exploits are used to gain administrative access and install a rootkit and gather more SSH keys.

  Posted by William Davis on August 26, 2008.

• Multiple reports of attempted and successful SQL injection attacks against campus web sites.

  Multiple reports of attempted and successful SQL injection attacks against campus web sites.

  Posted by Kitch Spicer on July 18, 2008.

• Adobe Acrobat and Reader Vulnerability affects Windows and Macs

  Adobe has reported a critical vulnerability in Acrobat and Reader. The vulnerability could allow a malicious user to crash an affected machine to gain full access. Most versions are affected.

  Posted by Douglas Couch on June 30, 2008.

• Multiple Xserver and XInput Vulnerabilities

  Multiple vulnerabilities have been discovered in the server code of the X window system, which can cause an assortment of overflows. Local exploitation of these overflows cause the X server to crash or allow the execution of arbitrary code in certain situations.

  Posted by Kitch Spicer on January 23, 2008.

• Critical Vulnerabilities In Adobe Flash Content May Lead to Cross-Site Scripting (XSS) Attacks

  Critical vulnerabilities in Adobe Flash content have been found which leave potentially hundreds of thousands of websites and a considerable percentage of major Internet sites susceptible to Cross-Site Scripting (XSS) attacks that would allow malicious individuals to steal personal details of visitors.

  Posted by Nathan Heck on January 14, 2008.

• Adobe Flash Player: Multiple Vulnerabilities

  Adobe Flash Player and Flash Plugin have been found to have multiple vulnerabilities which could allow an attacker to remotely execute code on a vulnerable system, obtain sensitive information via browser keystrokes, and allow cross-site request forgery. These vulnerabilities affect all users of Adobe Flash Player regardless of platform (Win, Mac, Solaris, and Linux). A new version that addresses the security issues has been released by Adobe.

  Posted by Douglas Couch on July 17, 2007.

Handlers Log

• Mac OS X FileVault Plain Text Password Security Issue

  A security issue has been reported in the Mac OS X that can be exploited to bypass certain security restrictions.

  Posted by Tony Kasyan on May 07, 2012.

• OSX Flashback Trojan - Detecting and Removing

  Detecting and removing the Flashback Trojan from your Mac

  Posted by Tony Kasyan on April 10, 2012.

• Phishing Email - allegedly from Purdue help desk blocked

  Phishing attempt allegedly from Purdue help-desk blocked.

  Posted by Curt Jansen on March 28, 2012.

• 11-9-2011 Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability

  A TrueType Font Parsing vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

  Posted by Curt Jansen on November 04, 2011.

• Multiple Vulnerabilities in Adobe ColdFusion

  Multiple vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), and compromise a vulnerable system.

  Posted by Anthony Paladino on June 15, 2011.

• Bug in Blackberry causes Vulnerability

  Bug in BlackBerry Browser exposes vulnerability.

  Posted by Tony Kasyan on March 17, 2011.

• Vulnerability in MHTML Could Allow Information Disclosure

  There is a reported vulnerability in Windows that could allow for information disclosure via malicious scripts in MHTML pages.

  Posted by Anthony Paladino on January 31, 2011.

• Firesheep will steal your passwords!

  A new firefox add-on will allow novice computer users to steal your Facebook, Twitter and other login information when using open Wi-Fi spots.

  Posted by Tony Kasyan on October 27, 2010.

• MPlayer FLIC Processing Multiple Array Indexing Vulnerabilities

  MPlayer FLIC Processing Multiple Array Indexing Vulnerabilities

  Posted by Tony Kasyan on October 01, 2010.

• Security News and Info for 9/03/2010

  Security News and Info for 9/03/2010

  Posted by Tony Kasyan on September 03, 2010.

• Security News for 9/02/2010

  Security News and Info

  Posted by Tony Kasyan on September 03, 2010.

• Security Issues for 9/01/2010

  Latest Security Issuses for a wired world

  Posted by Tony Kasyan on September 02, 2010.

• Toy Story 3 Facebook Scam

  When clicking on a message that appears to come from one of your friends, if it insists that you click "Like" before viewing the page, it will send a rude hidden message to all of your facebook friends.

  Posted by Walter Kasyan on August 03, 2010.

• KOOBFACE bot via fake YouTube pages

  Fake YouTube pages are being used by the Koobface Bot to insert JavaScript Code.

  Posted by Walter Kasyan on August 03, 2010.

• iPhone JailBreak Trojan

  An email campaign is targeting iPhone users who might want to jailbreak their phones has been reported by BitDefender.

  Posted by Walter Kasyan on August 03, 2010.

• Apple iOS Security Bypass and PDF Processing Vulnerability

  Two vulnerabilities have been reported in Apple iOS, version 4.0.1 which may be exploited to compromise a user's system.

  Posted by Walter Kasyan on August 03, 2010.

• Apple Mac OS X Vulnerability

  A vulnerability in Apple Mac OS X due to the "webdav_mount()" function of the WebDAV kernel extension can be exploited by malicious, local users to cause a DoS (Denial of Service).

  Posted by Walter Kasyan on August 03, 2010.

• Quicktime Player Allows Movies To Trigger Malware Downloads

  Trend Micro is reporting that Quicktime Player can be used by maliscious people to deploy malware to users' systems using specially crafted movie files. When a user plays one of the files, their system is redirected to download a malware payload.

  Posted by Anthony Paladino on August 02, 2010.

• Wireshark Vulnerabilities

  There were multiple vulnerabilities reported in Wireshark with an available update.

  Posted by Walter Kasyan on July 30, 2010.

• Cisco Multiple Products TLS Session Renegotiation Plaintext Injection

  Cisco has acknowledged a vulnerability in multiple Cisco products

  Posted by Cynthia Welch on July 29, 2010.

• APPLE-SA-2010-07-28-1 Safari 5.0.1 and Safari 4.1.1

  Apple released this advisory addressing vulnerabilities (15 unique CVEs) in the Safari browser for Windows and Mac platforms.

  Posted by Cynthia Welch on July 29, 2010.

• Security Issues 7-27-2010

  Security Issues 7-27-2010

  Posted by Cynthia Welch on July 27, 2010.

• Plug-in Security Checker

  Ever wonder if all your browser plug-ins are up-to-date and secure? Well Windows users now can check IE, Firefox and Chrome simply by going to a website and running a scan.

  Posted by Brad Graves on July 20, 2010.

• Windows Shortcut Parsing Vulnerability

  A vulnerability in Windows versions including XP, Vista, 7, Server 2003 and Server 2008 which can be utilized by maliscious parties to compromise a user's system using specially crafted shortcuts (.lnk and .pif files).

  Posted by Anthony Paladino on July 19, 2010.

• Security Issues 7-2-2010

  Security Issues 7-2-2010

  Posted by Cynthia Welch on July 02, 2010.

• Security Issues 7/1

  Opera browser users will want to upgrade to the latest patch level 10.60.

  Posted by Brad Graves on July 01, 2010.

• Adobe Updates and PCI Expectancies

  Adobe has released update 9.3.3 for Acrobat and Reader. Users are suggested to upgrade as soon as possible to patch vulnerabilities that could allow for denial-of-service.

  Posted by Brad Graves on June 30, 2010.

• Security Issues 6-29-2010

  Security Issues 6-29-2010

  Posted by Cynthia Welch on June 29, 2010.

• Mozilla Thunderbird Multiple Vulnerabilities

  Per Secunia, some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system.

  Posted by Cynthia Welch on June 28, 2010.

• Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

  Per Secunia, Apple has issued security updates for Mac OS X, which fixes multiple vulnerabilities.

  Posted by Cynthia Welch on June 28, 2010.

• Security Issues 6/16

  Microsoft Windows XP & 2003 Help and Support Center has been found to be vulnerable to a recent attack. Users who visit a compromised site can be affected by malicious malware being downloaded to the hosts machine.

  Posted by Brad Graves on June 16, 2010.

• End of Windows 2000 & XP SP 2 Support

  The end is finally here for support on Windows 2000 & XP SP 2. Microsoft plans on expire support on July 13th.

  Posted by Brad Graves on June 15, 2010.

• Description of the Microsoft Office 2008 for Mac 12.2.5 Update

  Security Updates have been released for OpenOffice and MS Office 2008 for Mac.

  Posted by Cynthia Welch on June 11, 2010.

• Adobe AIR Multiple Vulnerabilities

  Vulnerabilities have been reported in Adobe AIR. Malicious individuals can exploit these vulnerabilities to conduct cross-site scripting attacks or compromise a user's system. The vulnerabilities are reported in Adobe AIR versions 1.5.3.9130 and prior.

  Posted by Cynthia Welch on June 11, 2010.

• Microsoft Cumulative Security Update for Internet Explorer

  While Microsoft recently patched the Vulnerability in Internet Explore which could allow for information disclosure, they have expressed concern now that the patch is public that malicious people could be reversed engineered the flaw more easily -- and that additional public exploits may begin. Therefore, the most recent round of Windows updates has become very important to circumvent this and should be applied as soon as possible.

  Posted by Cynthia Welch on June 10, 2010.

• Microsoft Windows Help and Support Center URL Processing Vulnerability

  A vulnerability has been discovered in Microsoft Windows. From Secunia as sited below: "The vulnerability is caused due to an error when processing escaped URLs through Microsoft Windows Help and Support Center (helpctr.exe). This can be exploited to bypass restrictions normally imposed by the "-FromHCP" command-line argument and pass arbitrary parameters to local help documents.

  Posted by Cynthia Welch on June 10, 2010.

• Apple Safari Multiple Vulnerabilities

  Per Secunia: "Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system."

  Posted by Cynthia Welch on June 09, 2010.

• FYI: Browser Plugin Check Site (Neat!)

  Browser Plugin Check Site (works with Firefox 3.6+, Opera 10.5,Safari 4, Chrome 4, or IE 8)

  Posted by Cynthia Welch on May 19, 2010.

• Windows SMB Remote Exploit

  Vulnerability has been discovered in Microsoft Windows 7 & Sever 2008. This is a 0-day vulnerability that can be exploited from remote by a malicious user.

  Posted by Brad Graves on November 13, 2009.

• Goodbye to Thawte, Huge Patch Tuesday, and More Adobe Vulnerabilities

  Thawte email services will be discontinued as of November 16th, 2009. Current customers will receive a free year of VeriSign service. Microsoft has posted that this months patch Tuesday will be its largest ever. Adobe has posted vulnerabilities found in Reader and Acrobat.

  Posted by Brad Graves on October 09, 2009.

• Hotmail Passwords Posted, New OpenSSH Version Released & Samba Vulnerabilities Fixed

  Hotmail, Live, and MSN users are advised to change their passwords after it was found that usernames and passwords for 10,000 users were posted online.

  Posted by Brad Graves on October 06, 2009.

• Microsoft IIS FTP Vulnerability

  Vulnerability has been found in Microsoft Internet Information Services FTP server that can allow a remote attacker to potentially execute arbitrary code. IIS FTP servers that allow anonymous users write access can potentially be affected due to a boundary error when the server processes NLST commands.

  Posted by Brad Graves on September 01, 2009.

• Linux 2.4 and 2.6 kernel vulnerability

  A recently discovered vulnerability in the Linux 2.4 and 2.6 kernels can allow an attacker with local user privileges to gain root access using a widely distributed exploit for a NULL pointer reference caused by incorrect proto_ops initializations. As of August 17th, the issue is still unpatched and the vulnerability affects basically all distributions of Linux running on the 2.4 or 2.6 kernels.

  Posted by Brett Davis on August 17, 2009.

• Mac and Windows Updates

  This week saw a surge of new security updates for both Mac and Windows computers, partially due to Patch Tuesday.

  Posted by Brett Davis on August 14, 2009.

• Vulnerabilities in Mozilla Products

  Mozilla Firefox, Thunderbird and SeaMonkey have been found to be vulnerable to an issue in which domain name certificates are dealt with between client browsers and CA servers. The issue is currently unpatched for all products except for users of Firefox 3.5. It is suggested to not browse untrusted sites or open emails from untrusted sources.

  Posted by Brad Graves on August 05, 2009.

• Squid 3.x Multiple Denial of Service Vulnerabilities

  Multiple vulnerabilities exist in Squid 3.x that can allow a malicious remote user to cause a denial of service (DoS) attack.

  Posted by Brad Graves on July 29, 2009.

• July 14 Unpatched Firefox Vulnerability

  A new vulnerability has been discovered in the latest version of Mozilla Firefox that can cause memory corruption and may be exploited by malicious people to compromise a user's system.

  Posted by Brett Davis on July 14, 2009.

• Vulnerability updates: MS Office, Tomcat, and Internet Explorer

  Vulnerability updates: MS Office, Tomcat, and Internet Explorer

  Posted by Brett Davis on July 13, 2009.

• Shockwave Vulnerability and Tbird update

  A new vulnerability has been discovered in Adobe Shockwave player which could allow for arbitrary code execution on a machine which attempts to play a specially crafted malicious Shockwave player 10 content. Also, a new round of Thunderbird updates have been released addressing a number of security issues.

  Posted by Brett Davis on June 24, 2009.

• Adobe Updates

  Critical vulnerabilities are found in Adobe Reader/Acrobat 9.1.1 and earlier.

  Posted by Brad Graves on June 11, 2009.

• IIS 6.0, ntpd, and new netbooks coming preloaded with malware

  New vulnerabilities have been reported for IIS 6.0 users who have WebDAV enabled. The vulnerability allows escalation of privileges if a specially crafted HTTP GET request is made to the vulnerable server.

  Posted by Brett Davis on May 21, 2009.

• Firefox, Thunderbird, and Seamonkey Vulns

  New as of today (April 22nd, 09) there are a fresh batch of vulnerabilities that have been discovered in Mozilla products Firefox, Thunderbird, and Seamonkey.

  Posted by Brett Davis on April 22, 2009.

• MS and Oracle Patches

  On Tuesday, Microsoft and Oracle released critical patches that affect multiple products.

  Posted by Brad Graves on April 16, 2009.

• SAP/Java/VMware

  Critical updates for SAP, Java and VMware are now available.

  Posted by Brad Graves on April 14, 2009.

• Highly Critical Vulnerability in MS Powerpoint

  A newly released vulnerability in MS PowerPoint versions 2000 through 2004 for Mac and PC could allow a maliciously crafted PowerPoint file to compromise a user's system and run arbitrary code with permissions of the user.

  Posted by Brett Davis on April 03, 2009.

• Import notice for Mac users connected to Active Directory

  The security department has recently seen some cases where Active Directory accounts have been locked out due to excessive failed login attempts when a Mac that is synced to Active Directory is also listening for inbound SSH connections.

  Posted by Brett Davis on March 30, 2009.

• Critical Adobe Reader/Acrobat Vulnerability

  Unpatched Vulnerability in Adobe Reader and Acrobat may allow attacker to take control of users system via specially crafted document. Affected versions include Adobe Reader/Acrobat 9 and earlier.

  Posted by Brad Graves on February 24, 2009.

• Firefox/Thunderbird/IE 7 issues

  An out of band patch is being released by Microsoft today for the infamous IE 7 0-day vulnerability discovered last week.

  Posted by Brett Davis on December 17, 2008.

• Critical MS Word and Excel Patches released Tuesday

  Both MS Word and Excel had some major vulnerabilities that were patched in the most recent patch release from Microsoft. Versions affected go all the way back to MS Office 2000.

  Posted by Brett Davis on December 10, 2008.

• Fraudulent CNN emails contain links to Trojan

  Malicious emails purporting to contain personalized news links from CNN are being reported by campus users as well as across the Internet. These unsolicited emails contain links to supposed videos of recent or false news stories. Additionally, the emails use graphics from legitimate CNN pages to further make the messages appear genuine. When clicked, the links take the user to a fraudulent copy of the CNN video player site which is hosted on a malicious site. Instead of playing a video, the site prompts the user to download a Flash player update. This executable is a Trojan and contains code designed to compromise a user's computer.

  Posted by William Harshbarger on August 08, 2008.

• Java updates galore

  Java updates galore

  Posted by Brett Davis on July 09, 2008.

• STEAM-CIRT Summary & Trends for April 2008

  Monthly Summary and Trends

  Posted by Kitch Spicer on May 15, 2008.

• STEAM-CIRT Summary & Trends for March 2008

  Monthly Summary and Trends

  Posted by William Harshbarger on April 30, 2008.

• New Phishing Exploit Doesn't Ask for Credentials

  Over the past few days, there has been a new type of phishing e-mail spotted. This new phishing method no longer asks for credentials and other personal information. The new tactic is to pose as a company and ask for the end user to "renew" their digital certificate. A link is presented in the e-mail, which when clicked on will download a keylogging Trojan onto the computer. The Trojan is then used to steal information and/or credentials from the victim's computer. Currently the most commonly used companies to pose as include Comerica Bank and Colonial Bank.

  Posted by Kitch Spicer on April 29, 2008.

• Archive Format Vulnerabilities

  Programs that handle archive formats ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO could potentially be affected by newly discovered vulnerabilities. Various types of programs that could be affected include: anti-virus, firewalls (software-based), encryption products (VPN, PGP), backup software, office programs, operating systems and libraries.

  Posted by Kitch Spicer on March 20, 2008.

• New Buffer Overflow Vulnerability in CUPS CGI

  CUPS (Common UNIX Printing System), which provides a standard printer interface for various Unix based operating systems, has a new vulnerability. An unspecified error within the CUPS CGI backend, if exploited by an attacker, could cause a heap-based buffer overflow by sending a specially crafted IPP request.

  Posted by Kitch Spicer on March 20, 2008.

• STEAM-CIRT Summary & Trends for February 2008

  Monthly Summary and Trends February 2008

  Posted by William Harshbarger on March 12, 2008.

• STEAM-CIRT Summary & Trends for January 2008

  Monthly Summary and Trends

  Posted by William Harshbarger on March 12, 2008.

• STEAM-CIRT Summary & Trends for December 2007

  Monthly Summary and Trends

  Posted by William Harshbarger on March 12, 2008.

• Symantec Backup Exec calendar control vulnerabilities discovered

  "Secunia Research has discovered some vulnerabilities in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to overwrite arbitrary files or compromise a vulnerable system."

  Posted by Nathan Heck on February 29, 2008.

• New unpatched vulnerability in VMware products found

  A new unpatched vulnerability has been found in several VMware products that would allow a user (or malicious individual) to "break out" of the guest OS/VM and read/write to the host file system.

  Posted by Nathan Heck on February 29, 2008.

• Beware Fraudulent Microsoft Security Updates

  Purdue University cautions users to be skeptical of email messages claiming to be from Microsoft and requesting that users download a critical update. These emails appear to be fraudulent and users should NOT follow the links in the email. Users are requested to ignore the email and delete it.

  Posted by William Harshbarger on February 06, 2008.

• Phishing reminder and a new UPnP attack vector

  Phishing reminder and a new UPnP attack vector

  Posted by Douglas Couch on January 16, 2008.

• More Phishing, Quicktime, and remote controlled Trains

  You've probably all seen the notifications that there is a current Phishing attack targeting Purdue accounts. Over the weekend we saw some minor modifications to the message which mostly just includes changes to the address it seemed to be coming from.

  Posted by Douglas Couch on January 14, 2008.

• RealPlayer Unspecified Buffer Overflow Vulnerability

  A recently found unpatched flaw in RealPlayer 11 may lead to execution of arbitrary code.

  Posted by Nathan Heck on January 03, 2008.

• Storm Worm Changes Its Campaign In Time For The Holidays

  Arbornetworks.com is reporting about active Storm Worm domains that are currently being used with the latest round of Storm Worm emails attempting to take advantage of the holidays.

  Posted by Nathan Heck on January 03, 2008.

• STEAM-CIRT Summary & Trends for November 2007

  November 2007 Summary and Trends

  Posted by Kitch Spicer on December 20, 2007.

• Adobe Flash Player update fixes multiple vulnerabilities

  Adobe Flash Player update fixes multiple vulnerabilities

  Posted by William Harshbarger on December 20, 2007.

• WordPress Charset SQL Injection Vulnerability

  Details are emerging about a new vulnerability in WordPress. An unpatched flaw in WordPress may lead to SQL injection.

  Posted by Nathan Heck on December 14, 2007.

• Samba send_mailslot() Buffer Overflow Vulnerability

  Details are emerging about a moderately critical vulnerability in Samba. A flaw in Samba may lead to a buffer overflow resulting in execution of arbitrary code.

  Posted by Nathan Heck on December 14, 2007.

• Apple Quicktime RTSP buffer overflow vulnerability

  Details are emerging about a critical exploit vulnerability in Apple's Quicktime product. An unpatched flaw in the RTSP (real-time streaming protocol) may allow remote attackers to compromise a system.

  Posted by William Harshbarger on December 03, 2007.

• STEAM-CIRT Summary & Trends for October 2007

  October 2007 Summary and Trends

  Posted by William Harshbarger on November 19, 2007.

• STEAM-CIRT Summary & Trends for September 2007

  STEAM-CIRT Summary & Trends for September 2007

  Posted by Kitch Spicer on October 26, 2007.

• Multiple Vulnerabilities in Firefox Prompts Mozilla to Provide Version Update

  A variety of vulnerabilities in the popular web browser Firefox have been reported. When exploited, these vulnerabilities can lead to: disclosure of sensitive information, phishing attacks, data manipulation, and/or system compromise.

  Posted by Kitch Spicer on October 19, 2007.

• STEAM-CIRT Summary & Trends for August 2007

  August 2007 Summary and Trends

  Posted by Kitch Spicer on September 21, 2007.

• Firefox "-chrome" Parameter Vulnerability

  A vulnerability affecting Firefox versions previous to 2.0.0.7 is caused by the "-chrome" parameter allowing remote attackers to run code with the current user's privileges. When exploited, the remote attacker can install malware, steal data, or simply corrupt the user's system.

  Posted by Kitch Spicer on September 19, 2007.

• Subversion overwrites arbitrary files

  For our campus users of Subversion and TortoiseSVN version control systems it is time to update. Versions prior to the recently released 1.4.5 version have a bug that allows a directory-traversal attack on a windows system using the "..\" syntax. This would allow a client user with write access to overwrite arbitrary system files for which he has write access privileges.

  Posted by Douglas Couch on August 30, 2007.

• Media Player Classic .FLI File Processing Buffer Overflow Vulnerability

  A highly critical vulnerability has been discovered in the open source media player Media Player Classic (MPC), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error processing .FLI files (an old animation compression format).

  Posted by Nathan Heck on August 29, 2007.

• New Storm Worm Variant

  The newest method that is being highly utilized to trick people into becoming storm worm infected is by sending out e-mails regarding various "club" memberships.

  Posted by Kitch Spicer on August 23, 2007.

• STEAM-CIRT Summary & Trends for July 2007

  July 2007 Summary and Trends

  Posted by Kitch Spicer on August 22, 2007.

• STEAM-CIRT Summary & Trends for February 2007

  February 2007 Summary and Trends

  Posted by William Harshbarger on August 22, 2007.

• STEAM-CIRT Summary & Trends for March 2007

  March 2007 Summary and Trends

  Posted by William Harshbarger on August 22, 2007.

• STEAM-CIRT Summary & Trends for April 2007

  April 2007 Summary and Trends

  Posted by William Harshbarger on August 22, 2007.

• STEAM-CIRT Summary & Trends for May 2007

  May 2007 Summary and Trends

  Posted by William Harshbarger on August 22, 2007.

• STEAM-CIRT Summary & Trends for June 2007

  June 2007 Summary and Trends

  Posted by William Harshbarger on August 22, 2007.

• Highly critical vulnerability found in component of Microsoft’s DirectX Media SDK

  A highly critical vulnerability has been found in the Live Picture Corporation DirectTransform FlashPix ActiveX control included in the Microsoft DirectX Media SDK, which can be exploited by malicious people to compromise a vulnerable system.

  Posted by Nathan Heck on August 15, 2007.

• Firefox Used as an Attack Vector via URI Filtering Vulnerability

  Exploitation is as simple as using Firefox to visit a malicious website with a specially crafted URI (such as "mailto") containing a "%" character and ends with a specific extension, such as ".bat" or ".cmd".

  Posted by Kitch Spicer on July 30, 2007.

• Java Runtime Environment Vulnerabilities Lead to Remote Compromise

  Sun Java Runtime Environment (JRE) has a buffer overflow vulnerability in its image parsing code which could allow an untrusted applet or application to escalate its privileges. If this happens, the applet or application could provide itself permissions to read and write local files or execute local applications which are available to the user who is running the untrusted applet or application. All systems running Windows, Linux variants, and Solaris are considered vulnerable.

  Posted by Kitch Spicer on July 17, 2007.

• Mozilla Firefox "OnKeyDown" Event Focus Vulnerability

  A new Firefox vulnerability is caused by a design flaw within the focus handling method of form fields.

  Posted by Kitch Spicer on July 05, 2007.

• Xvid Library version 1.1.2 Vulnerability

  The Xvid library version 1.1.2 has a newly discovered vulnerability in the get_intra_block, get_inter_h263, and get_inter_block_mpeg functions. This vulnerability could allow a remote attacker to execute arbitrary code on the victim's computer.

  Posted by Kitch Spicer on June 29, 2007.

• Security Hole in Java Web Start Could Provide Privilege Escalation

  If you use Java Web Start on your computer, now is the time to update to JRE 5.0 Update 12 or later (JDK) or JRE 1.4.2_14 or later (SDK). An unspecified error in Java Web Start allows an untrusted application to escalate its own privileges in order to overwrite any file that is "writable" by the current user running the application. Even further, the user's ".java.policy" file can be overwritten which allows the application to summon applets or other Java Web Start applications which could execute arbitrary code with the same privilege level as the user running the application.

  Posted by Kitch Spicer on June 29, 2007.

• PHP coders take a look at Pixy!

  The application, called Pixy, can automatically scan your PHP source code for Cross-site scripting and SQL injection vulnerabilities. Pixy takes a PHP program as input, and creates a report that lists possible vulnerable points in the program, together with additional information for understanding the vulnerability.

  Posted by Douglas Couch on June 22, 2007.

• 'Zlob' Trojan Finds YouTube

  If you ever browse through YouTube videos, you might want to be extra cautious. Why? Because attackers are infecting victims with a trojan using fake video links on the YouTube website. The trojan initially floods victims with pornographic adware, then installs data-stealing code on the victim's computer.

  Posted by Kitch Spicer on June 22, 2007.

• Mozilla Firefox File Type Check Vulnerability

  Mozilla Firefox, a popular web browser, has a new vulnerability that is exploitable in versions 0.10 to 2.0.0.4.

  Posted by Kitch Spicer on June 21, 2007.

• Safari Beta Vulnerabilities for Windows

  The Safari v3.0 Public Beta web browser for Windows was released on 06/11/07. Within the first 24 hours multiple exploits were released.

  Posted by Kitch Spicer on June 18, 2007.

• Microsoft Out of Cycle Patch Coming

  This is just an FYI for those who may not be following the latest Windows 0-day vulnerability and an upcoming out of cycle patch. Last Thursday, Microsoft published a Security Advisory (935423) describing a vulnerability in Animated Cursor Handling affecting a range of Windows OS versions. The result is that a user that visits a malicious website or reads a specially crafted HTML e-mail may automatically trigger the vulnerability and executing arbitrary code running as that user.

  Posted by Addam Schroll on April 02, 2007.

• Detecting Windows Intruders

  CERT/CC and AUSCERT provide a thorough checklist for investigating a Windows based system for signs of intruders.

  Posted by Addam Schroll on February 27, 2007.

• STEAM-CIRT Summary & Trends for January 2007

  January 2007 Summary & Trends

  Posted by Addam Schroll on February 22, 2007.

• STEAM-CIRT Summary & Trends for December 2006

  December 2006 Summary & Trends

  Posted by Addam Schroll on January 17, 2007.

• STEAM-CIRT Summary & Trends for November 2006

  November 2006 Summary & Trends

  Posted by Addam Schroll on December 15, 2006.

• STEAM-CIRT Summary and Trends for October 2006

  October 2006 Summary & Trends

  Posted by Addam Schroll on November 15, 2006.

• ADODB Vulnerability and MS Security Intelligence Report

  The Microsoft Response Center posted a note about a new DoS proof of concept against the ADODB.connection ActiveX control. Right now, that just makes it annoying, but it could also allow execution of remote code. US-CERT has the best summary of information about it at the moment. You can either disable ActiveX entirely or set the kill bit for this control as a workaround for now.

  Posted by Addam Schroll on October 30, 2006.

• STEAM-CIRT Summary, Trends for September 2006

  September 2006 Summary & Trends

  Posted by Addam Schroll on October 20, 2006.

• Newest Symantec Threat Report Published

  Symantec just released their Internet Security Threat Report which can be thought (at least by me) as a larger version of the STEAM Reports we publish. The report notes trends and shifts in the threat landscape as reported by Symantec clients.

  Posted by Addam Schroll on September 26, 2006.

• MS VML Exploits in the Wild

  On September 19th, Microsoft issued an advisory about a new vulnerability in their Vector Markup Language (VML) implementation.

  Posted by Addam Schroll on September 25, 2006.

• STEAM-CIRT Summary, Trends for July 2006

  July 2006 Summary & Trends

  Posted by Addam Schroll on September 22, 2006.

• STEAM-CIRT Summary, Trends for August 2006

  August 2006 Summary & Trends

  Posted by Addam Schroll on September 22, 2006.

• STEAM-CIRT Summary, Trends for June 2006

  June 2006 Summary & Trends

  Posted by Addam Schroll on July 25, 2006.

• Internet Explorer Twofer

  The ISC is reporting on two vulnerabilities found in Internet Explorer.

  Posted by Matthew Wirges on June 29, 2006.

• STEAM-CIRT Summary, Trends for May 2006

  May 2006 Summary & Trends

  Posted by Matthew Wirges on June 28, 2006.

• Top 100 Security Tools

  Fyodor, author of Nmap has revised his top 100 security tools list.

  Posted by Matthew Wirges on June 22, 2006.

• STEAM-CIRT Summary and Trends for April, 2006

  STEAM-CIRT Summary and Trends for April, 2006

  Posted by Matthew Wirges on May 16, 2006.

• SANS Spring 2006 Top 20 released

  SANS Spring 2006 Top 20 released

  Posted by Matthew Wirges on May 02, 2006.

• Super Tuesday Updates, Hybrid Viruses, PeteAuth?

  Super Tuesday Updates, Hybrid Viruses, PeteAuth?

  Posted by Matthew Wirges on April 11, 2006.

• STEAM-CIRT Observations and Trends Summary for March 2006

  STEAM-CIRT Observations and Trends Summary for March 2006

  Posted by Matthew Wirges on April 06, 2006.

• New vulnerabilities, new rootkit

  New vulnerabilities, new rootkit...

  Posted by Matthew Wirges on March 22, 2006.

• IE zero-day, phpBB troubles looming?

  IE zero-day, phpBB troubles looming?

  Posted by Matthew Wirges on March 19, 2006.

• Want to know more about botnets?

  The Worm Blog posted this article about a paper on botnets from researchers at the University of Wisconsin. If you're unfamiliar with botnets and their uses, this is a good read for you.

  Posted by Matthew Wirges on March 16, 2006.