Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
07 February 2005  
Untitled Document
Sections

Market
Management
Value-Added
Technology
Technology Life

Columns

Between The Bytes

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Technology - Article

Updates

A compilation of the latest information about Virus, Security and Patches which could be vital for your system

Oracle releases critical patch

Oracle has released a critical patch that fixes 23 vulnerabilities in the Oracle Database, Oracle Application Server and Oracle E-Business Suite. These vulnerabilities range from buffer overflows to denial-of-service attacks. As these vulnerabilities are high risk, security firms have warned that organisations should apply the patches at the earliest.

For downloading patches, see Oracle Metalink Note 293953.1 for patch information

Buffer overflow flaw in Internet Explorer

UK-based firm, NGS Software has sounded an alert about a buffer overflow in Internet Explorer. Currently, all versions of the Explorer come packaged with the Microsoft Active Setup/Install engine components. These components support scripting and they can be invoked from any Web page. This install engine control has been found to be vulnerable to an integer overflow letting an attacker run code on a system through a specially created Web page. Microsoft has already released an update for Internet Explorer that can be downloaded from

www.microsoft.com/technet/security/bulletin/MS04-038.mspx

Trojan monitors websites

Trojan.Tannick.B sends a list of websites visited to a remote attacker. Once installed on the host computer, it first sets the Internet Explorer start page to “about blank” and then creates a file %System%\kwui.dll which monitors all websites visited from that moment on. This information on websites is then saved in a file called _pass.log. The file can be remotely transmitted via FTP. Most security firms have released security updates to remove this Trojan.

New mobile phone virus, Lasco.A, discovered

After the Cabir cellular phone virus, a new virus targeting mobile phones has been found. This virus, Lasco.A, is capable of spreading via Bluetooth and by attaching itself to files. Lasco.A affects mobile phone users running the Symbian operating system with Nokia’s Series 60 interface. The virus copies itself inside all Symbian Installation files, which are then used to install applications such as games. Similar to Cabir, the virus is capable of spreading by Bluetooth arriving in a phone’s inbox as velasco.sis. Security firm, F-secure has recommended operating a Bluetooth-enabled phone in hidden mode in place of discoverable mode to avoid being infected. Users can also watch out for signs such as shortened battery life to detect the virus.

Buffer overflow vulnerability in Xpdf viewer

A buffer overflow vulnerability in the Xpdf viewer included in various Unix and Linux distributions may allow remote code execution when you view a PDF file using this software. Xpdf is an open source viewer for PDF files. Many popular Linux distributions are affected by this vulnerability. However, the exploit can succeed if a user opens a malicious PDF file. A patch to address this issue is available at ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.