ep's blog

Integer overflow in gpdf could allow for malicious code execution in PDFs

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 - gpdf is used in various programs including (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS and (6) tetex, and others. This vulnerability is in gpdf prior to version 2.8.2. Please check with your OS provider for updates of any programs with the ability to read PDFs.

Microsoft Word Three Code Execution Vulnerabilities

http://secunia.com/advisories/24122 - There is a vulnerability in versions of Microsoft Word from Office 2000, 2003, 2004 (Mac) and Microsoft Works that could allow for remote exploitation. This would require the user to open a crafted Word document. This vulnerability was reported in February 2007, and Microsoft just verified the problem and released patches.

Apple Updates for Multiple Vulnerabilities 2007-004

http://docs.info.apple.com/article.html?artnum=305391 - This is the second security update in as many months from Apple targetting Mac OS 10.3.9 through 10.4.9. This update fixes various vulnerabilities in the Macintosh operating system and related applications. There has been one IAS related report of difficulty with this update that required multiple reboots to resolve. It is recommended that this patch be tested and your users updated about the issues.