Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
21 March 2005  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Specials

HMA Bankbiz

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Technology - Article

Updates

Vulnerabilities in RealPlayer

Two vulnerabilities have been reported in RealPlayer for Windows. Errors in processing of WAV files and SMIL (Synchronised Multimedia Integration Language) files can lead to a buffer overflow. Hackers can exploit this vulnerability using a compromised WAV or SMIL file. The successful exploitation of these vulnerabilities permits hackers to gain control of affected systems.

Patches are available for download at:service.real.com/help/faq/security/security022405.html

FireFox and Mozilla vulnerable

 

Malware - Top 10
1. HTML_NETSKY.P
2. WORM_NETSKY.P
3. JAVA_BYTEVER.A
4. COOKIE_1020
5. COOKIE_45
6. COOKIE_1802
7. COOKIE_281
8. TROJ_SMALL.SN
9. TROJ_AGENT.AAB
10. TROJ_BAGLE.BE

Source : Trend Micro (from February 25 to March 3, 2005)

Several vulnerabilities have been reported in FireFox and Mozilla. These can be exploited by local users to gain escalated privileges. In both browsers, a temporary plugin directory is created that can be exploited to delete directories with the privileges of the user running these browsers. Further, an inactive tab can be exploited to launch an HTTP authentication prompt. This vulnerability can be used by hackers to trick users into entering sensitive information. A memory handling error in the Mozilla string class allows memory to be overwritten if the browser runs out of memory. This can be exploited to execute malicious code.

Patches are available at:www.mozilla.org/security/announce/mfsa2005-28.html

 

 

 

 

Flaw in Cisco ACNS

Vulnerabilities have been reported in devices running Cisco Application and Content Networking System (ACNS) software. A vulnerability in the way TCP connections are processed lets a hacker restart the ACNS cache process. Errors in network packet processing can be exploited to consume 100 percent of CPU resources, even causing a device to continuously forward copies of a specially-crafted packet. These vulnerabilities can be used to launch denial of service attacks.

Cisco has released updated versions for addressing these vulnerabilities. More information is available at : www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml

Image worm

A new mass mailing worm, W32 / Wurmark-F disguises itself as a .jpg file to trick the users into installing it. After installation, the worm drops a zip file along with the .jpg file and sends itself as a zip attachment to e-mail addresses found on the infected computer. Most security firms have released patches for this worm.

 

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.