securityadmin's blog

Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability

http://www.securityfocus.com/bid/34671/info

An exploit concerning various versions of SAV is in the wild. It allows
for remote exploitation of machines with SYSTEM privileges.

Symantec has released updates and patches to fix the issue.

Please read their release notes for further information.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

Two Adobe Reader 0-day vulnerabilities

http://isc.sans.org/diary.html?storyid=6286&rss

It appears that two new vulnerabilities in Adobe Reader 9.1, 8.1.4 and
7.1.1 are being used today. These are more buffer overflows in the
Javascript interpreter that could lead to remote code execution by
reading malicious PDF files.

The exploit currently being seen targets Linux computers running Adobe's
software, but other platforms are susceptible to the same vulnerability.

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution 969136

http://www.microsoft.com/technet/security/advisory/969136.mspx

Microsoft Security Advisory (969136)

"An attacker who successfully exploited this vulnerability could gain
the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less
affected than users who operate with administrative user rights."

Oracle Java SE Critical Patch Update (CPU) Advisory

Oracle released a CPU advisory addressing 17 security
vulnerabilities in Java SE. Nine of the vulnerabilities were rated at
10.0 on the CVSS scale (10.0 being the most severe scoring). Only one of
the remaining vulnerabilities was rated below 5.0.

Java users are recommended to upgrade to Java 6 Update 26 (v1.6.0.26)
as soon as possible.

Adobe Reader 7, 8 and 9 code execution through buffer overflow

http://www.adobe.com/support/security/advisories/apsa09-01.html

A buffer overflow in Adobe Reader allows for code execution when a user
opens a malicious PDF file.

Adobe will be releasing updates to v9 on March 11, 2009. Version 8 and
7 patches will follow soon after.

The exploit is currently active and uses Javascript embedded in the PDF
file to inject its payload into the heap.

Adobe Reader 7, 8 and 9 code execution through buffer overflow

http://www.adobe.com/support/security/advisories/apsa09-01.html

A buffer overflow in Adobe Reader allows for code execution when a user
opens a malicious PDF file.

Adobe will be releasing updates to v9 on March 11, 2009. Version 8 and
7 patches will follow soon after.

The exploit is currently active and uses Javascript embedded in the PDF
file to inject its payload into the heap.

Possible Abuse due to Misconfigured DNS Servers

Priority: 2
Severity: 2

US-CERT CIIN-09-023-01 (U//FOUO) describes a DNS amplification attack
due to misconfigured DNS Servers. Several attacks have been
orchestrated over the past weeks bringing this issue to light.

A DNS server that is vulnerable to this attack will respond to a root NS
query (".") by returning the list of root servers.

Pages