TOO Many Serious Vulnerabilities!! 18-02-2008
The last couple of days have brought up multiple serious vulnerabilities in very commonly used client software:
- QuickTime 7.4.1 – Heap buffer overflow that may cause arbitrary remote code execution.
- Adobe Reader 8.1.2 – It turns out that the non-clearly defined security vulnerabilities in the release notes include a stack overflow that can lead to remote code execution, as analyzed by Kostya Kortchinsky from Inmunity. PoC is already available.
- Firefox 220.127.116.11 – It fixes 10 security issues, some of them labelled as critical.
- … and be ready for the new twelve security bulletins Microsoft will release next Tuesday, 7 labelled as critical and 5 as important, affecting the OS, Office, IE and IIS.
As you already know, clients are one of the main targets for attacks nowadays. Ensure your automatic software update mechanisms are working properly or go back to the manual update process, but please, patch!
BTW, based on a quick test, at this time only some of the new updates already show up on the automatic update features of the affected products: Adobe Reader and Firefox do, while Quick Time does not.
A topic I have been researching a little bit about recently is “update tools for third-party client applications”. What tools do you use to manage updates on commonly used third-party client tools?
Threse are very simple programs that assist you to keep your system Patched. It is your choice when you patch it but it is best to do it at least one a week!
Realplayer finally MARKED BADWARE!!!
See these articles!!
“An internet security nonprofit has designated the two latest versions of the popular RealPlayer as “badware.”
Maxim Weinstein, manager of StopBadware.org, told SCMagazine.com today that versions 10.5 and 11 of the cross-platform audio and video player were… ”
“We find that RealPlayer 10.5 is badware because it fails….”
Holes in numerous ActiveX controls
Users of Yahoo’s Music Jukebox should consider uninstalling the software. Several security holes in two of its ActiveX controls allow attackers to manipulate a system and infect it with malware via a crafted web site visited using Internet Explorer.
Buffers in YMP DataGrid (datagrid.dll) and Yahoo! Mediagrid (mediagridax.dll), can be overflowed by passing excessively long parameters to the functions AddImage, AddButton and AddBitmap, allowing code to be written to the stack and executed. The errors have been confirmed in the current version 2.2.2.056 of Yahoo! Music Jukebox. Other versions are probably also affected. According to the vulnerability database at Securityfocus, the affected controls are also present in Yahoo! Instant Messenger 3.5, Yahoo! Instant Messenger 5.5, and subsequent versions.
There are no updates at the moment, but exploits taking advantage of the holes are already available at Milw0rm. To remedy the problem, the software can be uninstalled, ActiveX can be switched off, or the kill bit can be set for the controls. The MediaGrid control has the CLSID 22FD7C0A-850C-4A53-9821-0B0915C96139, and the ID for the DataGrid control is CLSID 5F810AFC-BB5F-4416-BE63-E01DD117BD6C2. The Internet Storm Center has published a tool for setting the kill bit very easily in order to prevent Internet Explorer loading the vulnerable controls.
The same tool can also set the kill bit for the Facebook Photo Uploader ActiveX control and the MySpace Uploader Control ActiveX control, which also display critical holes. Update 18.104.22.168 for the MySpace control is however available to close the gap.