Updates

A compilation of the latest information about viruses and worms, security issues and patches to rectify the same.

OpenOffice WMF/EMF Integer Overflow Vulnerability

A vulnerability has been reported in OpenOffice, which can be potentially exploited to compromise a user’s system. The vulnerability is caused due to integer overflows within the processor for WMF/EMF files. This can be exploited to cause a heap-based buffer overflow like tricking a user into opening a specially crafted WMF/EMF file. To solve the vulnerability one can apply fixes or update to version 2.1.

Multiple vulnerabilities in Adobe Reader

Some vulnerabilities have been discovered in Adobe Reader, which can be exploited to conduct cross-site scripting attacks, as a vector for conducting cross-site request forgery attacks.

1. Input passed to a hosted PDF file is not properly handled by the browser plug-in, which can be exploited to cause a memory corruption and potentially execute arbitrary code.
2. Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user’s browser session in the context of an affected site.
3. Input passed to a hosted PDF file is not properly sanitised by the browser plug-in and allows requesting arbitrary URLs, which provide a vector for performing a CSRF attack.

It is also possible to cause the browser to stop responding by passing many “#” characters. The vulnerabilities are confirmed in version 6.0.1 for Windows via Internet Explorer 6 and version 7.0.8 for Windows via Firefox 2.0.0.1. However, an upgrade to version 8.0.0 can solve the problem.

Apple Quicktime RTSP URL Handling Buffer Overflow Vulnerability

A vulnerability in Apple Quicktime has been reported. The vulnerability is caused due to a boundary error when handling RTSP URLs. This can be exploited to cause a stack-based buffer overflow via a specially crafted QTL file with an overly long (more than 256 bytes) “src” parameter.

The exploitation of the vulnerability allows execution of arbitrary code and requires that the user is tricked into opening a malicious QTL file or visits a malicious Web site.

The vulnerability is confirmed in version 7.1.3.100 (Windows version) and reportedly affects both Microsoft Windows and Mac OS X versions. To keep away from trouble you can avoid opening untrusted QTL files or visiting untrusted Web sites.

OpenBSD “vga” Privilege Escalation Vulnerability

A vulnerability has been reported in OpenBSD, which can be exploited by local users to gain escalated privileges. The vulnerability is caused due to an input validation error in sys/dev/pci/vga_pci.c of “vga” (VGA graphics driver for wscons), which can be exploited to gain escalated privileges.

Exploitation may allow an attacker to gain root privileges, but requires that the kernel is compiled with “option PCIAGP” (by default only available for i386) and that the device is not AGP compatible.

The vulnerability is reported in OpenBSD 3.9 and 4.0 and other versions may also be affected. Applying the patch will take care of the problem.

Opera browser vulnerabilities

Two vulnerabilities have been reported in Opera, which can be exploited to compromise a user’s system. They are:

1. An error within the processing of JPEG files can be exploited to cause a heap-based buffer overflow via a JPEG file with a specially crafted DHT marker.
2. An error within createSVGTransformFromMatrix() can be exploited by passing an incorrect object to the function.

Malicious users can exploit these vulnerabilities to execute arbitrary code. An update to version 9.10 will solve both the problems.

Mac OS X BOM Privilege Escalation Vulnerability

A vulnerability has been reported in Mac OS X, which can be exploited by local users to gain escalated
privileges.

The permissions in BOM files are not properly validated and can be exploited to create new permissions on specified files and directories, or gain root privileges by creating a specially crafted BOM file and then running “diskutil repairPermissions /”. The vulnerability is reported in version 10.4.8 and even other versions may be
affected.

phpMyFAQ SQL Injection and File Upload Vulnerability

Some vulnerabilities have been reported in phpMyFAQ, which can be exploited to conduct SQL injection attacks and compromise a vulnerable system.

1. Input passed to unspecified parameters is not properly sanitised before being used in a SQL query. This can be exploited to modify SQL queries by injecting arbitrary SQL code.
2. An unspecified error can be exploited to upload arbitrary files and potentially execute arbitrary PHP code. The vulnerabilities are reported in versions prior to 1.6.8 can thus can be removed through an update to version 1.6.8.

Sun Java System Content Delivery Server Vulnerability

A vulnerability has been reported in the Sun Java System Content Delivery Server, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an unspecified error and can be exploited to disclose the details of protected contents. The vulnerability is reported in version 5.0 and 5.0 PU1 (for Solaris 9 and 10) without patch 5.0_2005Q4_IR3_P5. Other versions may also be affected. However, Sun Java System Content Delivery Server version 4.0 and 4.1 are reportedly not affected. The affected systems can be secured by applying the 5.0_2005Q4_IR3_P6 patch.

Novell Access Manager Identity Server “IssueInstant” Vulnerability

Novell Access Manager Identity Server has been reported to have a vulnerability which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the “IssueInstant” parameter in /nidp/idff/sso is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. While the vulnerability is reported only in version 3, other versions may also be affected. Applying a patch will take care of the problem.

OmniWeb “alert()” Format String Vulnerability

A vulnerability in OmniWeb has been reported which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a format string error when handling the “alert()” Javascript function and may allow execution of arbitrary code via a specially crafted web page. Though the vulnerability is reported in version 5.5.1 (v607.5) running on Mac OS X 10.4.8, prior versions may also be affected. Upgrading to version 5.5.2 overcomes the vulnerability.